Kaspersky Lab researchers have discovered advertisements on the darknet offering the ability to create video and audio deepfakes in real time . The price of this service depends on the complexity and length of the fake content, starting at $50 for videos and $30 for voice deepfakes. Researchers had previously discovered offers for creating deepfakes on the darknet. However, attackers are now offering the ability to generate fake voice and visual content in real time, and the cost of such services has decreased: in 2023 alone, the cost of creating a single minute of deepfake video reached $20,000. “On darknet platforms, we’re

Cybercriminals have launched a large-scale campaign against macOS users, disguising malware as popular programs. LastPass reported this, having discovered that its product had also been spoofed . The malware is being distributed via fake GitHub repositories optimized for search engines, allowing it to appear at the top of Google and Bing search results. The attack uses the ClickFix scheme: the victim is asked to enter a command into the terminal, supposedly to install an application. In reality, the victim executes a curl request to an encrypted URL and downloads the install.sh script to the /tmp directory . This file installs the Atomic

Cloudflare has announced that it independently managed an unprecedented Distributed Denial-of-Service (DDoS) attack, the largest ever seen. The hypervolumetric attack reached an unprecedented peak of 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps ), setting an alarming new benchmark for the scale of cyber threats. This attack signals a significant escalation in the capabilities of malicious actors and the botnets they control . The previous record was an 11.5 terabit per second UDP flood attack. This attack lasted 35 seconds. The record-breaking attack was notable not only for its size but also for its brevity. The entire event

The Warlock group, also known as Storm-2603 and GOLD SALEM , has gone from being a newcomer to a major player in the ransomware market in just a few months. Sophos researchers report that the group began its activity in March 2025 and that by September it had already created its own data leak portal, “Warlock Client Data Leak Show,” where 60 victims were published. The attackers operate worldwide, targeting small government agencies and commercial companies as well as multinational corporations in North and South America and Europe. Warlock received particular attention after the August incidents: the criminals boasted of having compromised

The FBI has issued a warning : scammers are impersonating the Internet Fraud Complaint Center (IC3) website to commit financial fraud or steal visitors’ personal information. “Attackers create fake websites, often by slightly altering the domains of legitimate resources, to collect personal information users enter on the site (including their name, home address, phone number, email address, and banking information),” the FBI reports. “For example, fake website domains may contain alternate spellings of words or use a different top-level domain to impersonate a legitimate resource.” Bleeping Computer reporters found several sites such as icc3[.]live, practicelawyer[.]net, and ic3a[.]com. The former site even displays

Apple has issued a stern warning: stop using Google Chrome. The world’s most popular browser is competing with both desktops and smartphones, gradually taking market share from Apple. But the company has decided not to back down and is responding with a direct attack. “Switch to a browser that truly protects your privacy,” Apple says in its announcement. According to the company, Safari offers advanced protection against cross-site tracking, hides your IP address from known trackers, and much more. Unlike Chrome, Safari, Apple emphasizes, actually helps preserve your privacy. Microsoft is using a similar tactic, warning Windows users about the dangers of

In recent months, during my research and studies, I have come across a reality as surprising as it is worrying: how easily it is possible to identify exposed systems on the network, even those belonging to organizations that—by mission or sector—should have a particularly solid security posture. We’re not talking about movie-like techniques or sophisticated attacks: in many cases, a boring Saturday night while the rest of the family is asleep, a specialized search engine, or a targeted scan are all it takes to discover accessible management interfaces, misconfigured servers, default credentials that have never been changed, or critical services without any