This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely on can hide risky
Indian Stock Broker Angel One Discloses Data Breach
Indian stock broker Angel One says client information was compromised in a data breach involving its AWS account.
The post Indian Stock Broker Angel One Discloses Data Breach appeared first on SecurityWeek.
The New Ransomware Groups Shaking Up 2025
In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.
After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year’s total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%, from 68 in 2023 to 95
Black Basta Leak Offers Glimpse Into Group’s Inner Workings
A massive hoard of internal chats has been leaked from Black Basta, rivalling the Conti leaks of late February 2022.
The post Black Basta Leak Offers Glimpse Into Group’s Inner Workings appeared first on SecurityWeek.
Vo1d Botnet’s Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries
Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d.
The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries. As of February 25, 2025, India has experienced a
The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries. As of February 25, 2025, India has experienced a
Nearly 12,000 API keys and passwords found in AI training dataset
Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models. […]
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. […]
Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language
Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users.
The revised Terms of Use now states –
You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It
The revised Terms of Use now states –
You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It
U.S. recovers $31 million stolen in 2021 Uranium Finance hack
U.S. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, a Binance Smart Chain-based DeFi protocol. […]
Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist
Amnesty International publishes technical details on zero-day vulnerabilities exploited by Cellebrite’s mobile forensic tools to spy on a Serbian student activist.
The post Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist appeared first on SecurityWeek.