What's Hot
In late 2025, cybersecurity teams in Ukraine uncovered a highly targeted cyber-espionage campaign aimed at personnel connected to the country’s defense sector. The operation relied on a previously unseen malware strain known as PLUGGYAPE and marked a shift in how attackers deliver malicious software — by abusing trusted messaging platforms rather than traditional email. The campaign ran quietly for several weeks before being detected, and it was specifically designed to blend into normal daily communication patterns, making it extremely difficult for victims to identify the attack. How the Attack Worked Instead of using obvious phishing emails, the attackers reached out…
Artificial intelligence is not only being used for innovation — it is also being abused by cybercriminals to steal personal data at scale. In 2026, attackers no longer rely on basic phishing emails or malware alone. Instead, they use AI to automate, personalize, and scale attacks that trick people and systems into handing over sensitive information. This article explains how AI-powered data theft works and what individuals and businesses can do to reduce their risk. How AI Is Used to Steal Personal Data 1. AI-Generated Phishing That Looks Real Modern phishing is no longer poorly written or easy to detect.…
Security researchers have identified a new supply chain attack targeting the n8n workflow automation platform, where attackers uploaded multiple malicious packages to the npm registry disguised as legitimate community nodes. These packages were crafted to resemble official integrations, including connectors for Google Ads and performance monitoring services. Once installed, they presented standard configuration interfaces, encouraging users to authorize external accounts. The provided OAuth credentials were then covertly extracted and transmitted to attacker-controlled infrastructure. One of the malicious packages imitated a Google Ads connector and prompted users to link their advertising account through what appeared to be a genuine authorization form.…
In January 2026, cybersecurity researchers reported that personal data belonging to approximately 17.5 million Instagram users was being circulated and traded on underground cybercrime forums and illicit data marketplaces. The dataset was discovered on invitation-only forums and dark web platforms commonly used by cybercriminal groups to exchange stolen databases, phishing resources, and access credentials. According to researchers monitoring these forums, the dataset was advertised as an “Instagram user records dump” and was being shared either for direct sale, exchanged for other stolen data, or distributed to selected forum members to build reputation within cybercrime communities. The exposed data reportedly includes…
Kali Linux is often described as a “hacking OS,” but that description is incomplete and misleading.In reality, Kali Linux is a professional security testing and learning platform designed for penetration testers, SOC analysts, blue-team engineers, and cybersecurity students. It brings together hundreds of tools that support different parts of the security lifecycle — discovery, analysis, testing, and response. For beginners, this can feel overwhelming. This guide solves that problem by: No myths, no hype — only practical guidance. ⚠️ Ethical Reminder: Always test only systems you own or have explicit permission to test. 1. Nmap — Understanding What Exists on…
A sophisticated cyberattack campaign targeting VMware ESXi environments has been uncovered, in which Chinese-speaking threat actors exploited previously unknown vulnerabilities to escape from virtual machines and gain control of the underlying hypervisor. Cybersecurity researchers at Huntress detected the activity in December 2025 and stopped the intrusion before it could reach its final stage. Analysts believe the operation could have been used to deploy ransomware or maintain long-term access to enterprise infrastructure. The attackers initially gained access by compromising a SonicWall VPN appliance. After establishing a foothold, they deployed a custom exploit toolkit designed specifically to target VMware ESXi systems at…
Modern web browsers have become powerful platforms that host sensitive work, communication, and decision-making tools — especially artificial intelligence services such as ChatGPT and DeepSeek. As a result, browser activity now contains some of the most sensitive personal and business data users handle. This makes browsers, extensions, and AI tools attractive targets for data harvesting and surveillance. Protecting yourself requires understanding where risks come from and how to reduce exposure. Why Browser Extensions Are a Security Risk Browser extensions run with deep access inside the browser environment. Depending on permissions, an extension may be able to: Even extensions that appear…
Cybersecurity researchers have uncovered a coordinated abuse of the Google Chrome Web Store involving two browser extensions that were secretly designed to collect and exfiltrate user conversations from artificial intelligence platforms such as ChatGPT and DeepSeek, along with detailed browsing information. The extensions appeared as legitimate AI productivity tools and were marketed as helpers that integrate multiple AI models into the browser. However, behind the scenes, they operated as surveillance tools that quietly harvested sensitive data and transmitted it to servers controlled by unknown threat actors. Investigators confirmed that the two extensions together had been installed by more than 900,000…
The first days of 2026 have already shown that cyber threats didn’t reset with the new year. Instead of dramatic headline-grabbing attacks, most incidents this week followed a familiar pattern — quiet abuse of trusted systems that people use every day. Browser extensions, software updates, login notifications, and even AI tools were misused in ways that felt normal to users, but harmful in reality. That is what made these attacks effective. Below is a summary of the most important cybersecurity developments from this week, explained in simple terms. A Silent Botnet Campaign Is Still Growing Security researchers confirmed that a…
Leduc County, a local government authority in Alberta, Canada, has confirmed that it was the victim of a ransomware cyberattack that disrupted its internal IT systems. The incident was detected on December 25, 2025, when officials noticed unusual activity and partial system outages. A forensic investigation later confirmed that the disruption was caused by a malicious ransomware attack. What Happened? According to county officials, attackers attempted to compromise internal digital systems and restrict access to critical services. As a precaution, several systems were taken offline to prevent further damage and to secure sensitive information. The county immediately engaged a professional…