Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials. […]
WordPress Motors theme flaw mass-exploited to hijack admin accounts
Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme “Motors” to hijack administrator accounts and gain complete control of a targeted site. […]
Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages
The April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a “single combined cyber event.”
That’s according to an assessment from the Cyber Monitoring Centre (CMC), a U.K.-based independent, non-profit body set up by the insurance industry to categorize major cyber events.
“Given that one threat actor claimed responsibility for both M&S and
That’s according to an assessment from the Cyber Monitoring Centre (CMC), a U.K.-based independent, non-profit body set up by the insurance industry to categorize major cyber events.
“Given that one threat actor claimed responsibility for both M&S and
Aflac Finds Suspicious Activity on US Network That May Impact Social Security Numbers, Other Data
Aflac said that it’s in the early stages of a review of the incident, and so far is unable to determine the total number of affected individuals.
The post Aflac Finds Suspicious Activity on US Network That May Impact Social Security Numbers, Other Data appeared first on SecurityWeek.
BitoPro exchange links Lazarus hackers to $11 million crypto heist
The Taiwanese cryptocurrency exchange BitoPro claims the North Korean hacking group Lazarus is behind a cyberattack that led to the theft of $11,000,000 worth of cryptocurrency on May 8, 2025. […]
Microsoft investigates OneDrive bug that breaks file search
Microsoft is investigating a known OneDrive issue that is causing searches to appear blank for some users or return no results even when searching for files they know they’ve already uploaded. […]
Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals.
The new feature takes the form of a “Call Lawyer” feature on the affiliate panel, per Israeli cybersecurity company Cybereason.
The
The new feature takes the form of a “Call Lawyer” feature on the affiliate panel, per Israeli cybersecurity company Cybereason.
The
Cloudflare blocks record 7.3 Tbps DDoS attack against hosting provider
Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack in May 2025 that peaked at 7.3 Tbps, targeting a hosting provider. […]
Aflac discloses breach amidst Scattered Spider insurance attacks
On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information. […]
Can users reset their own passwords without sacrificing security?
Self-service password resets (SSPR) reduce helpdesk strain—but without strong security, they can open the door to attackers. Learn why phishing-resistant MFA, context-aware verification, and risk-based detection are critical to secure SSPR implementation. […]