SK Telecom warns customer USIM data exposed in malware attack
SkyNet Automation South Korea’s largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access…
April 2025
Ripple’s recommended XRP library xrpl.js hacked to steal wallets
The recommended Ripple cryptocurrency NPM JavaScript library named “xrpl.js” was compromised to steal XRP wallet seeds and private…
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID…
Microsoft Entra account lockouts caused by user token logging mishap
Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens…
WordPress ad-fraud plugins generated 1.4 billion ad requests per day
A large-scale ad fraud operation called ‘Scallywag’ is monetizing pirating and URL shortening sites through specially crafted WordPress…
Phishers abuse Google OAuth to spoof Google in DKIM replay attack
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that…
State-sponsored hackers embrace ClickFix social engineering tactic
ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced…
Widespread Microsoft Entra lockouts tied to new security feature rollout
Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a…
New Android malware steals your credit cards for NFC relay attacks
A new malware-as-a-service (MaaS) platform named ‘SuperCard X’ has emerged, targeting Android devices via NFC relay attacks that…
Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to…