TA416 resumed targeting EU and NATO diplomatic missions in mid-2025 after two years away, using OAuth redirect abuse, Cloudflare Turnstile pages, and MSBuild-based chains to deploy a constantly updated PlugX backdoor. The group's tooling and targeting both shift with geopolitical events.
Rep. Josh Gottheimer pressed Anthropic's CEO on repeated Claude Code leaks, citing national security risks. Anthropic called it a packaging error, not a breach, with no customer data exposed.
Two poisoned Axios versions injected a fake dependency that silently installed a cross-platform remote access trojan on macOS, Windows, and Linux within 39 minutes of each other.
macOS Tahoe 26.4 now delays the execution of pasted Terminal commands, issuing a warning to protect users from ClickFix social engineering attacks that trick them into running malware.
The new FBI chief’s private inbox wasn’t on a government server — it was on whatever email service he used in 2010. Iran’s Handala Hack Team turned that decade-old account into a geopolitical trophy.
A missing authentication check in TP-Link’s Archer NX series allows unprivileged attackers to upload firmware. The update lands as the company defends a Texas lawsuit alleging deceptive security claims.
Firefox 149’s built-in VPN hands Mozilla-account holders 50 GB of proxy traffic a month—no system-wide cover, no global rollout, and a five-site whitelist to keep usage down.
Boston prosecutors seized $3.44M in USDt after scammers used fake 'wrong number' texts to groom victims into transferring ETH — no exploits, no phishing, just patience
Russian phishers steal Signal & WhatsApp accounts with fake support chats no code crack needed, just human trust.
Apple confirms active Coruna & DarkSword web attacks—update iOS 15/16 now or lock your phone down.
Aura says a vishing trick on a 2021-acquired marketing server exposed 900,000 contacts—no SSNs, but plenty of ammo for future scams.
Free VPNs sell your browsing habits. Compare the 500 MB cap and logging fine print to Bitdefender’s unlimited, no-log plan at $2.92/mo.
