An Iranian Ransomware-as-a-Service operation has reappeared, promising to target U.S. and Israeli entities.

An Iranian Ransomware-as-a-Service operation has reappeared, promising to target U.S. and Israeli entities.

An Iranian ransomware-as-a-service (RaaS) operation with direct ties to a government-backed cyber group has reemerged after nearly five years of inactivity, posing a renewed threat to organizations in the United States and Israel. The group, operating under the name Pay2Key.I2P, is actively recruiting cybercriminals and offering substantial financial incentives to affiliates who successfully compromise high-value targets.
Researchers discover 18 malicious browser extensions that remain accessible on Chrome and Edge web stores.

Researchers discover 18 malicious browser extensions that remain accessible on Chrome and Edge web stores.

A recent investigation by the security team at Koi Security has brought to light a significant threat affecting millions of internet users. The team identified a coordinated campaign involving 18 malicious browser extensions that remain accessible on both the Google Chrome and Microsoft Edge web stores. These extensions have collectively impacted over 2.3 million users, making this one of the most extensive browser hijacking operations in recent years.
Malware researchers – here’s how to download a browser extension without installing it.

Malware researchers – here’s how to download a browser extension without installing it.

Downloading a browser extension without immediately installing it can be useful for offline installation, security analysis, or archival purposes. While most users add extensions directly through their browser’s web store, there are several professional methods to obtain the extension package file—typically a .crx file for Chrome and Edge—without triggering installation. Below, we outline the most effective approaches.
The Anatsa banking trojan (aka TeaBot) has once again breached the security of the Google Play Store.

The Anatsa banking trojan (aka TeaBot) has once again breached the security of the Google Play Store.

The Anatsa banking trojan, also known as TeaBot, has once again breached the security of the Google Play Store, posing a significant threat to Android users—particularly those banking with US financial institutions. This sophisticated malware campaign underscores the evolving tactics of cybercriminals and the ongoing challenges facing mobile app marketplaces.
Sophisticated supply chain attack uncovered in popular VS Code extension “Ethcode.”

Sophisticated supply chain attack uncovered in popular VS Code extension “Ethcode.”

Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting the Microsoft Visual Studio Code (VS Code) extension “Ethcode,” a tool widely used by Ethereum smart contract developers. The malicious activity highlights the growing risks associated with third-party software components in modern development environments.
Computer hacker holding a large metal lock and key

Researchers reveal attack vectors, tools, and infrastructure used by the Gold Melody group, who are exploiting leaked cryptographic Machine Keys from ASP.NET web applications.

A recent threat intelligence report, TGR-CRI-0045, has shed light on the advanced tactics and infrastructure used by a sophisticated initial access broker (IAB) group. This group, tracked as TGR-CRI-0045 and linked to the threat actor known as Gold Melody (also called UNC961 or Prophet Spider), has been implicated in a series of attacks targeting organizations across Europe and the United States. The main sectors affected include financial services, manufacturing, wholesale and retail, high technology, and transportation and logistics.
Study reveals proliferation of Infostealers-as-a-Service (IaaS) is fueling dramatic increase in credential theft.

Study reveals proliferation of Infostealers-as-a-Service (IaaS) is fueling dramatic increase in credential theft.

The cyber threat landscape is undergoing a seismic shift, with identity-based attacks reaching unprecedented levels, according to a new report from cybersecurity firm eSentire. The study reveals that the proliferation of Infostealers-as-a-Service (IaaS) and Phishing-as-a-Service (PhaaS) platforms is fueling a dramatic increase in credential theft and subsequent cyber incidents across organizations of all sizes.
SAP releases 27 new security updates, including 6 that address critical vulnerabilities.

SAP releases 27 new security updates, including 6 that address critical vulnerabilities.

SAP announced the release of 27 new and four updated security notes as part of its July 2025 Security Patch Day on Tuesday, July 8, 2025. This comprehensive update addresses a range of vulnerabilities across SAP’s product portfolio, including six critical flaws that could have significant security implications for organizations worldwide.
Report finds sophisticated network of 17,000 fake news websites used to promote investment fraud.

Report finds sophisticated network of 17,000 fake news websites used to promote investment fraud.

A new report from cybersecurity firm CTM360 has uncovered a vast and sophisticated network of more than 17,000 fake news websites fueling investment fraud on a global scale. The findings, detailed in CTM360’s “BaitTrap” report, highlight the growing threat posed by these so-called Baiting News Sites (BNS), which have been identified in over 50 countries.