Telegram Increasingly Used to Sell Access, Malware and Stolen Logs
Cybercriminals are now increasingly using Telegram to sell corporate access, malware subscriptions, and stealer logs, turning the messaging app into a fast cybercrime hub.
Hackers Abuse .arpa Top-Level Domain to Host Phishing Scams
Hackers abuse the .arpa Top-Level Domain to host phishing scams, using IPv6 tunnels, reverse DNS tricks, and shadow domains to bypass security checks.
Project Compass Targets 764 Network as 30 Arrested and Victims Rescued
Europol’s Project Compass targets The Com (aka 764 network), an online group exploiting minors. After 30 arrests, officials say the hunt for those involved is far from over.
Popular Iranian App BadeSaba was Hacked to Send “Help Is on the Way” Alerts
Hackers took over Iran’s BadeSaba Calendar prayer app, sending “Help Is on the Way” alerts and messages urging soldiers to lay down weapons.
ShinyHunters Leak 2M Records From Dutch Telecom Odido, Claim 21M Stolen
ShinyHunters hackers leak 2 million records from Dutch telecom Odido after ransom refusal, claiming up to 21 million customer records were stolen in the breach.
ClawJacked Vulnerability in OpenClaw Could Let Websites Hijack AI Agents
Is your AI assistant safe? Oasis Security researchers have found a critical ClawJacked vulnerability in OpenClaw that allows hackers to hijack AI agents through a simple browser tab.
Hackers Use 1Campaign to Hide Malicious Ads From Google Reviewers
Varonis Threat Labs reveals 1Campaign, a platform used to trick Google Ads and hide phishing pages. Learn how this cloaking tool targets real users while evading security.
New Aeternum C2 Botnet Evades Takedowns via Polygon Blockchain
Qrator Research Lab has identified Aeternum C2, a botnet that uses the Polygon blockchain for commands, making it nearly impossible to shut down.
Fake Avast Website Targets Users With €499 Phishing Refund Scam
Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data.
Entra ID OAuth Consent Can Grant ChatGPT Access to Emails
OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access.