Cybercriminals have launched a large-scale campaign against macOS users, disguising malware as popular programs. LastPass reported this, having discovered that its product had also been spoofed . The malware is being distributed via fake GitHub repositories optimized for search engines, allowing it to appear at the top of Google and Bing search results. The attack uses the ClickFix scheme: the victim is asked to enter a command into the terminal, supposedly to install an application. In reality, the victim executes a curl request to an encrypted URL and downloads the install.sh script to the /tmp directory . This file installs the Atomic

Cloudflare has announced that it independently managed an unprecedented Distributed Denial-of-Service (DDoS) attack, the largest ever seen. The hypervolumetric attack reached an unprecedented peak of 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps ), setting an alarming new benchmark for the scale of cyber threats. This attack signals a significant escalation in the capabilities of malicious actors and the botnets they control . The previous record was an 11.5 terabit per second UDP flood attack. This attack lasted 35 seconds. The record-breaking attack was notable not only for its size but also for its brevity. The entire event

The Warlock group, also known as Storm-2603 and GOLD SALEM , has gone from being a newcomer to a major player in the ransomware market in just a few months. Sophos researchers report that the group began its activity in March 2025 and that by September it had already created its own data leak portal, “Warlock Client Data Leak Show,” where 60 victims were published. The attackers operate worldwide, targeting small government agencies and commercial companies as well as multinational corporations in North and South America and Europe. Warlock received particular attention after the August incidents: the criminals boasted of having compromised

The FBI has issued a warning : scammers are impersonating the Internet Fraud Complaint Center (IC3) website to commit financial fraud or steal visitors’ personal information. “Attackers create fake websites, often by slightly altering the domains of legitimate resources, to collect personal information users enter on the site (including their name, home address, phone number, email address, and banking information),” the FBI reports. “For example, fake website domains may contain alternate spellings of words or use a different top-level domain to impersonate a legitimate resource.” Bleeping Computer reporters found several sites such as icc3[.]live, practicelawyer[.]net, and ic3a[.]com. The former site even displays

Apple has issued a stern warning: stop using Google Chrome. The world’s most popular browser is competing with both desktops and smartphones, gradually taking market share from Apple. But the company has decided not to back down and is responding with a direct attack. “Switch to a browser that truly protects your privacy,” Apple says in its announcement. According to the company, Safari offers advanced protection against cross-site tracking, hides your IP address from known trackers, and much more. Unlike Chrome, Safari, Apple emphasizes, actually helps preserve your privacy. Microsoft is using a similar tactic, warning Windows users about the dangers of

Envision’s Ally Solos AI glasses are a breath of fresh air for people with visual impairments, helping them read , orient themselves and understand their surroundings without the constant assistance of others. The built-in camera captures text and scenes around the user, and artificial intelligence instantly reads aloud menus, street signs, documents, and even handwritten notes. This allows you to independently familiarize yourself with bus schedules, choose dishes at a restaurant, or consult documents without needing external assistance. Ally Solos glasses can do much more than read. They can describe what’s happening nearby, identify objects by color, point out landmarks, and recognize

Attackers are increasingly using Microsoft Exchange inbox capabilities to ensure persistence and steal sensitive information within corporate networks. Inboxfuscation , developed by Permiso, is a framework that demonstrates how attackers can weaponize Exchange’s rules engine, creating stealthy persistence mechanisms that evade both human review and code-based detection. Inboxfuscation uses Unicode-based obfuscation techniques to generate malicious inbox rules that bypass traditional security systems. In the past, malicious inbox patterns were often easy to spot : obvious keywords paired with actions like deleting or forwarding messages to attacker-controlled inboxes. Traditional security tools relied on keyword- and regular expression-based detection, strategies that were effective against

A series of high-profile attacks on the Las Vegas gambling industry in 2023 has now reached its final phase. Several major casinos have been victims of sophisticated network intrusions. The group responsible was Scattered Spider (Octo Tempest, UNC3944, 0ktapus), which at the time actively used social engineering techniques and accessed internal company systems. The scope of the attacks was so serious that the investigation was immediately transferred to a joint FBI cyber team in Las Vegas and the Las Vegas Police Department’s cybercrime unit. After a lengthy investigation, detectives identified a specific suspect. It turned out he was a minor whose name