Cyber Updates

Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks. …

Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users. …

Raksha Bandhan – a beautiful celebration of the unbreakable bond between siblings – is all about love, laughter, and, let’s be honest, some pretty thoughtful gifts. Whether you’re picking out a sleek smartwatch for your brother or a lovely skincare set for your sister, online shopping makes it a breeze to choose, click, and send everything right from your cozy couch. But here’s the thing: scammers are just as excited about the festive season as we are – not for the joy, but for the chance to ensnare unsuspecting shoppers. With the rise of digital payments and online shopping, Raksha Bandhan has turned into a prime target for cyber fraud.   The Problem: Festive Vibes, Fraudulent Baits When festivals like…

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients. …

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle “Toha.” Here’s a deep dive on what’s knowable about Toha, and a short stab at who got nabbed. …

A Day to Celebrate the Power of the Web Imagine a world where everything you need—answers, entertainment, services, and even people—are just a click away. That’s the wonder of the World Wide Web, a digital realm that has completely changed the way we live, work, and connect with one another. World Wide Web Day, celebrated on August 1st, serves as a global reminder of this revolutionary invention that puts the world right at your fingertips. From video calls and online shopping to digital payments and remote work, the web has become an essential part of our everyday lives. However, with every tap and scroll, there’s an underlying risk—cyber threats that are escalating quickly, particularly in countries like India.   So,…

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites. …

“Was this you? Please confirm your identity. Someone just requested a password reset. CREATE A PASSWORD You’ll use it to log into: XXXXXXX Didn’t make this request? Click here for help.” Sound familiar? Chances are, you’ve seen emails like this—ones that demand quick action and spark a bit of panic. If your response was to ignore or delete it, great! You’re one step ahead in keeping yourself secure. But if you’ve ever clicked without thinking, you already know how risky that one action can be. When it comes to cybersecurity, two age-old sayings come to mind: “Prevention is better than cure” and “Your safety starts with you.” And they couldn’t be more accurate. Whether it’s emails, messages, or phone calls,…

KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime group that is actively targeting established companies in the transportation and aviation industries. …

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies. …