A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. […]
Researcher reveals evidence of Instagram private profiles leaking photos
A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. […]
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses.
The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It’s said to coincide with the nationwide unrest in Iran that began towards the end of 2025,
The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It’s said to coincide with the nationwide unrest in Iran that began towards the end of 2025,
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Google-owned Mandiant on Friday said it identified an “expansion in threat activity” that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters.
The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim
The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim
CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country.
The incident took place on December 29, 2025. The agency has attributed the attacks to
The incident took place on December 29, 2025. The agency has attributed the attacks to
Crypto wallets received a record $158 billion in illicit funds last year
Illegal cryptocurrency flows hit a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024. […]
In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
Other noteworthy stories that might have slipped under the radar: Apple updates platform security guide, LastPass detects new phishing wave, CISA withdraws from RSA Conference.
The post In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak appeared first on SecurityWeek.
Microsoft to disable NTLM by default in future Windows releases
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks. […]
Operation Switch Off dismantles major pirate TV streaming services
The latest phase of the global law enforcement action resulted in seizing three industrial-scale illegal IPTV services. […]
Aisy Launches Out of Stealth to Transform Vulnerability Management
Aisy has emerged from stealth mode with $2.3 million in seed funding for its AI-assisted platform.
The post Aisy Launches Out of Stealth to Transform Vulnerability Management appeared first on SecurityWeek.