Blog
Users Searching Google for Support Numbers May Be Walking Into a Trap
Scammers take out Google ads impersonating legitimate companies offering support numbers. Victims that clicked on the link are taken to the company’s legitimate URL with a hacker-controlled phone number inserted in the site search bar.
Insurance Companies the New Focus for “Scattered Spider” Hacking Team
Scattered Spider now has a long history of focusing on particular industries and regions for weeks at a time before pivoting somewhere else, and the Google Threat Intelligence Group is warning that their attention has now shifted to US insurance companies.
16 Billion Leaked Login Credentials Just Dropped; How Great Is the Risk?
Formatting of the login credentials makes clear that this collection was largely put together by way of infostealer malware. Most entries have the URL of the applicable service paired with the username and password, but some include further information such as cookies or access tokens.
Highlights of Trump’s New Cybersecurity Executive Order: AI Security, Quantum Cryptography and a Blow to Digital IDs
Trump’s new cybersecurity executive order reflects both ongoing political tensions and necessary cybersecurity realities, ranging from discouraging adoption of mobile driver’s licenses to reframing AI and automation defense approaches to address new developments.
2026 Budget Cuts to CISA Could Reshape the Organization
The 2026 budget cuts are broad, and it is unclear if curtailing anti-disinformation activities are the only impact they will have. The total removal of $495 million from CISA’s coffers would drop its budget by about 16.5%, and much of that would come from removal of 1,083 of its 3,292 employees.
Cyber Scams Backed by Infrastructure Provider Based in Phillippines Pose Major Security Challenge
The illicit infrastructure provider has been in business since at least late 2023 and is one of the bigger ones of its type, but far from the only one. The FBI says that it has located over 332,000 unique domain names owned by the group and that the cyber scams it facilitates have taken in at least $200 million altogether.”
Microsoft OneDrive File Picker Security Flaw Exposes Shocking Amount of User Data
New research demonstrates that apps receive expansive permission to access cloud storage whenever File Picker is used to upload something, far beyond what the average user would expect. Microsoft says it is not really a security flaw, however, since the user is providing their consent.
Federal AI Data Security Guidance Sounds Warnings About Data Drift, Well Poisoning
New joint guidance issued by US government agencies addresses the assortment of threats to AI data security that firms need to be aware of as they tie models into their systems. These include the ways in which stored data can “drift” out of alignment, and the approaches that active threat actors will take to intentionally introduce malicious elements or commands.
World’s Largest Infostealer Malware Operation Suffers Major Blow With Law Enforcement Raid
The infostealer malware operation lost its control panel to the law enforcement raid, severing it from clients and its central marketplace of stolen data, as well as some 2,300 domains belonging to the group, which has infected over 394,000 Windows computers globally.
Fake KeePass Password Manager, Distributed Via Bing Ads, Leads to Rash of Ransomware Attacks
A new report from WithSecure documents a recent rash of ransomware attacks, spanning at least eight months, initiated by a fake version of the KeePass password manager that was spread through Microsoft ads.