General

Summery: Researchers studied 2,800 ransomware attacks and found that about 80% involved artificial intelligence. Attackers are using AI in many ways: generating phishing content, creating malware, driving deepfake-based social engineering, cracking passwords, and bypassing CAPTCHA systems. The paper argues that just having AI tools for defense isn’t enough. Effective cybersecurity requires three defense layers: Automated hygiene (self-patching, zero-trust architecture, ....

The Wired video “Following Your Stolen Data Through The Dark Web” explains what happens to personal and corporate information after a cyberattack. It describes how state-sponsored hackers, hacktivists, and criminal groups steal data for different purposes, from espionage to profit. The piece explores how stolen information flows through private networks and dark web marketplaces, where it is sold for ....

A new Android malware called NGate steals card details and PINs by abusing NFC features on infected phones. It tricks victims into tapping their physical card against the compromised device, capturing data and one-time codes used for instant ATM withdrawals. Criminals can then clone the card virtually and withdraw cash without needing physical access. The malware spreads through fake ....

Google Chrome now lets users store driver’s licenses and passports in its autofill feature, promising encryption and permission-based access. While the data is protected within the browser, experts warn that storing such sensitive details in Chrome increases risk if your Google account is hacked or malware gains access. Chrome’s large market share makes it a tempting target for attackers. ....

In mid-November 2025, the report notes that Anthropic detected what appears to be one of the first autonomous AI-driven cyber-espionage campaigns, in which an AI agent (built using Claude Code) carried out most of a multi-stage attack with minimal human oversight. The document argues this marks a major shift: attackers may now scale operations across numerous targets at high ....

Researchers from the University of Vienna found a major flaw in WhatsApp’s contact-discovery feature that let them check tens of billions of phone numbers and extract about 3.5 billion registered user numbers, along with many users’ profile pictures and “about” texts. The weakness stemmed from minimal rate-limiting: they could probe roughly 100 million numbers per hour with no meaningful ....

The article reveals a surge in fake calendar invites used as phishing attacks, where scammers send events that can’t easily be deleted and often reappear through synced devices, aiming to trick users into calling a number, clicking a link, or attending a fraudulent meeting. It explains how to remove these from platforms like Outlook, Gmail, Android, iPhone, and Mac ....

According to Axios, executives at major companies (including many in the Fortune 500) are scrambling after Anthropic warned that a Chinese state-sponsored hacker group used its AI agent tools (notably Claude Code) to automate parts of cyber-espionage campaigns.  The incident signals a shift in cyber threat landscape, where malicious actors are increasingly harnessing AI agency and automation to scale ....

The article reveals a surge in fake calendar invites used as phishing attacks, where scammers send events that can’t easily be deleted and often reappear through synced devices, aiming to trick users into calling a number, clicking a link, or attending a fraudulent meeting. It explains how to remove these from platforms like Outlook, Gmail, Android, iPhone, and Mac ....

Scammers are ramping up their attacks this holiday season, with FBI and Amazon warning of a surge in “account takeover” (ATO) fraud targeting shoppers. According to data from TransUnion, ATO incidents rose 21% from the first half of 2024 to the first half of 2025, and by 141% since the first half of 2021, while the FBI has logged ....

A ransomware attack on the CodeRED emergency alert system caused a nationwide outage and exposed personal data for millions of users, putting many communities at risk just as they rely on the service for urgent public warnings. The attackers stole customer information, including email addresses and passwords, which raised concerns about account security for anyone who reused those credentials ....

Researchers have uncovered a new wave of ClickFix attacks that trick Windows users into installing malware by faking legitimate system update screens and hiding malicious code in images. The scam begins with a full-screen browser page styled to look like the official “Windows Update” interface, prompting users to press Win+R, paste a command, and run it — a command ....

The article warns about a new strain of Android malware that gives criminals full control of an infected phone and direct access to a victim’s bank accounts. It spreads through fake apps and phishing messages that trick users into granting permissions, after which the malware can read texts, capture screen activity, steal login codes, and bypass security features. Once ....

Cloudflare reported that a brief but widespread outage interrupted access to major services like Zoom and LinkedIn after a faulty configuration change disrupted its firewall and related systems. The issue was quickly identified and resolved, with the company confirming it was not the result of a cyberattack. Even though the downtime lasted only minutes, it caused noticeable disruptions because ....

The article reports that Google has released fixes for 13 security flaws that affect billions of users across Android, Chrome, and other widely used services. Several of the vulnerabilities were serious enough to allow attackers to gain elevated permissions, compromise data, or execute harmful code if a user opened a malicious file or link. Google credited external researchers for ....

he Axios sponsored article explains how Mastercard uses large-scale threat intelligence to fight fraud across the global payments ecosystem. By analyzing vast volumes of real-time transaction data and signals from banks, merchants, and networks, Mastercard can detect suspicious behavior patterns and stop fraud before it spreads. The approach relies on advanced analytics and AI to adapt quickly as criminals ....

The article explains how attackers increasingly use legitimate IT tools to take over computers, making their intrusions harder to detect because the activity looks like normal system administration. Criminals often begin by stealing credentials through phishing or exploiting weak passwords, then use trusted remote management software to move through a network, install backdoors, and collect data. Since these tools ....

The FBI has issued a warning that criminals are harvesting publicly available photos from social media like Facebook, LinkedIn, and X and then manipulating them to create fake “proof of life” images for virtual kidnapping scams, where they contact victims’ friends or family to demand ransom for a loved one who is actually safe. Scammers may use simple editing ....

Malwarebytes reports that a new Android malware called DroidLock has been discovered actively targeting users, particularly Spanish-speaking ones, by tricking them into installing a malicious app from phishing sites that impersonate legitimate services; once installed with Device Administrator and Accessibility permissions, DroidLock takes full control of the device, uses overlays to capture unlock patterns, can change PINs, access messages ....

Cybersecurity has become so complex and fast moving that it is nearly impossible to manage unless responsibility is shared across an entire organization, according to Wiz cofounder and CTO Ami Luttwak. He argues that modern cloud environments change constantly, making traditional security models that rely on a small central team ineffective at catching risks in time. Instead, security needs ....