Charming Kitten: Iran-linked group increasingly employs social engineering in cyber espionage
Charming Kitten, associated with Iran's security apparatus, targets officials, researchers, and corporate employees by impersonating trusted contacts.
SC Media
20 articles
How phishing changed in 2025 and what to expect in 2026 and beyond
Phishing evolves into AI-driven, multi-channel scams abusing trusted platforms.
North Korea recruits Iranian workers for IT job fraud
Internal records reveal how North Korean facilitators scout and coach workers.
AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377
Audit finds governance, cybersecurity weaknesses in FAA systems
FedScoop reports that the Federal Aviation Administration was discovered by the Department of Transportation's Office of the Inspector General to have multip...
CISA to get significant budget cuts under Trump's fiscal 2027 budget
Funding for the Cybersecurity and Infrastructure Security Agency is set to be reduced by a total of $707 million in President Donald Trumps proposed budget f...
Thousands of European tourist sites impacted by ticketing platform breach
Nearly 3,500 museums, monuments, and cultural sites across Europe had their online reservations disrupted following a cyberattack against online ticketing pl...
Cyber incident disrupts Massachusetts' emergency communications center
Massachusetts' Patriot Regional Emergency Communications Center disclosed that a cyberattack on a system linked to the emergency notification system CodeRED ...
Alleged Adobe helpdesk system breach reported
Cybernews reports that Adobe was noted by International Cyber Digest analysts to have had 13 million support tickets with personal information and 15,000 emp...
Data breach notice clarified by T-Mobile
T-Mobile has explained that only a single account had been compromised in a recent insider breach amid uncertainty that the '1' individual noted to be affect...
Total takeover of Nvidia GPU-based devices possible with novel Rowhammer attacks
Machines running high-performance Nvidia GPU cards, which are prevalent in cloud environments, could be completely hijacked through three new Rowhammer intru...
Extensive compromise facilitated by dozens of illicit npm packages
Thirty-six malicious npm packages masquerading as Strapi CMS plugins have been spreading multiple payloads enabling Redis and PostgreSQL abuse, reverse shell...
Upswell of device code phishing intrusions reported
BleepingComputer reports that device code phishing intrusions have increased by 37.5 times so far this year.
Evolving Russian cyberattacks against Ukraine detailed
Attacks launched by Russian threat actors against Ukraine were noted by Ukraine's Computer Emergency Response Team to have been evolving during the past year...
1Kosmos achieves DoD Impact Level 4 authorization for identity platform
1Kosmos has secured U.S.
Identity, access controls central to modern protection, execs say
As World Cloud Security Day highlights cloud-related risks, executives from Docusign, BeyondTrust, and Saviynt argue that identity, data sovereignty, and bas...
Fortinet issues Easter weekend hotfix for FortiClient EMS
Experts warn to apply hotfix right away for critical bug exploited in the wild.
MCP isn't a protocol problem. It's an identity crisis nobody is treating.
MCP’s real risk isn’t protocol flaws — it’s missing identity, leaving AI actions untraceable.
German authorities identify alleged leader of GandCrab and REvil ransomware gangs
Daniil Maksimovich Shchukin, also known online as UNKN or UNKNOWN, allegedly headed GandCrab and REvil, pioneering the double extortion tactic.
Scammers use fake traffic violation texts with QR codes for phishing
This latest scam is a variation of previous toll and parking ticket scams, but instead of links, it features an image of a fake court notice with an embedded...