Trust Wallet has issued an urgent advisory asking users to update its Google Chrome browser extension after confirming a security incident that resulted in cryptocurrency losses totaling approximately $7 million. The breach specifically affected Trust Wallet Chrome Extension version 2.68, while users who upgraded to version 2.69 are no longer at risk. According to the […]
A China-linked advanced persistent threat group has been linked to a sophisticated cyber espionage campaign that relied on Domain Name System (DNS) poisoning to distribute the MgBot backdoor. The attacks targeted selected victims across Türkiye, China, and India, according to new findings from Kaspersky. Kaspersky researchers observed the activity between November 2022 and November 2024
China Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware Read More »
Fortinet has reported active abuse of a long-standing security vulnerability in FortiOS SSL VPN that allows bypassing two-factor authentication (2FA) under specific configurations. The flaw, tracked as CVE-2020-12812 with a CVSS score of 5.2, arises due to improper authentication handling that lets users log in without being prompted for the second authentication factor if the
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active attacks. The flaw, identified as CVE-2023-52163 with a CVSS score of 8.8, allows post-authentication remote code execution through a command injection vulnerability.
CISA Flags Actively Exploited Digiever NVR Vulnerability Enabling RCE Read More »
Cybersecurity experts have identified a new variant of the MacSync macOS information stealer that uses a digitally signed and notarized Swift application to bypass Apple’s Gatekeeper protections. The malware is disguised as a messaging app installer, fooling users into installing it. According to Jamf researcher Thijs Xhaflaire, unlike earlier MacSync variants that relied on drag-to-terminal
New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper Read More »
The fraudulent investment scheme known as Nomani has surged by 62%, as cyber researchers from ESET report, with campaigns spreading beyond Facebook to platforms like YouTube.Slovak cybersecurity firm ESET revealed that it blocked over 64,000 unique URLs linked to this scam in 2025. Most of the detections came from countries including Czechia, Japan, Slovakia, Spain,
Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media Read More »
The U.S. Securities and Exchange Commission (SEC) has brought charges against several companies accused of running a large scale cryptocurrency investment scam that defrauded retail investors of more than 14 million dollars by promoting fake artificial intelligence based trading strategies. According to the SEC’s complaint, the alleged fraud involved crypto trading platforms Morocoin Tech Corp.,
SEC Files Charges Over $14 Million Crypto Scam Using Fake AI Themed Investment Tips Read More »
Cybersecurity researchers have uncovered two malicious Google Chrome extensions operating under the same name and published by the same developer, both designed to secretly intercept web traffic and steal user credentials on a massive scale. The extensions are promoted as a “multi location network speed test plug in” aimed at developers and professionals working in
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Websites Read More »
A large scale law enforcement operation led by INTERPOL has resulted in the arrest of 574 suspects across Africa and the recovery of approximately three million dollars, marking a significant step in the global fight against cybercrime. The month long initiative, known as Operation Sentinel, was carried out between October 27 and November 27, 2025. The
INTERPOL Arrests 574 Across Africa as Ukrainian Ransomware Affiliate Pleads Guilty Read More »
The U.S. Department of Justice (DoJ) has announced the seizure of a fraudulent web domain and its associated database that were used to support a large scale bank account takeover operation targeting American victims. According to officials, the seized domain web3adspanels[.]org functioned as a backend control panel where cybercriminals stored and managed stolen online banking credentials. Visitors
U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme Read More »