Fraud Tracker

  Threat actors are abusing the special-use “.arpa” domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation …

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and …

Microsoft will soon begin rolling out a significant upgrade to Microsoft 365 Backup to speed up recovery by allowing administrators to restore …

A Ghanaian national pleaded guilty to his role in a massive fraud ring that stole over $100 million from victims across the …

Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. …

The India-linked advanced persistent threat (APT) “Sloppy Lemming” has significantly increased its operational tempo over the past year, adopting more sophisticated tactics …

A new Qualcomm bug has been exploited in limited and targeted attacks against vulnerable Android devices.  Google published its monthly Android security …

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting …

A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake …

A yearlong Europol-coordinated operation dubbed “Project Compass” has led to 30 arrests and 179 suspects being tied to “The Com,” an online …

DIY store chain ManoMano is notifying customers of a data breach that was caused by hackers compromising a third-party service provider. The …

American manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data. UFP Technologies is …

The Larazus Group has a new partner in crime. The North Korean nation-state threat group dropped Medusa ransomware in a recent attack …

SolarWinds has released security updates to patch four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched …

Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. …

Article updated at the bottom with additional technical details about this campaign. Amazon is warning that a Russian-speaking hacker used multiple generative …

Texas Halts New H-1B Visa Applications at Public Universities and State Agencies Greg Abbott has ordered Texas public universities and state agencies …

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken …

A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them …

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse …

Flare researchers monitoring underground Telegram channels and cybercrime forums have observed threat actors rapidly sharing proof-of-concept exploits, offensive tools, and stolen administrator …

A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to …

The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. …

ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. …

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into …

The Russian government is trying to block WhatsApp in the country as its crackdown on communication platforms outside its control intensifies. WhatsApp …

South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security …

UPDATE A handful of European government agencies have been compromised by hackers in recent weeks, thanks to a new round of critical …

Recent research from Microsoft shows that AI assistants such as ChatGPT, Claude, Grok, and Microsoft 365 Copilot can be influenced to surface …

Two specific areas of cybersecurity — backups and identity and access management (IAM) — are responsible for nearly half (45%) of the …