The Oyster backdoor (also known as Broomstick) is targeting the financial world, using malicious search ads for PuTTY, Teams, and Google Meet.

Scale software teams fast with development team augmentation. Learn when it works best, key models, common mistakes, and how to choose the right partner.

A new malware called PyStoreRAT is being through fake OSINT tools on GitHub targeting IT and OSINT pros. Read Morphisec's report detailing how it uses AI and evades security.

Disclosure: This article was submitted by PDFAid for publication.

VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file.

Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC.

Road Town, British Virgin Islands, 11th December 2025, CyberNewsWire

Phishing campaign: Scammers sent over 40,000 spoofed SharePoint, DocuSign and e-sign emails to companies, hiding malicious links behind trusted redirect services.

Cary, North Carolina, USA, 11th December 2025, CyberNewsWire

Every business today has to deal with private information – whether it is about customers, employees, or financial…

Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory.

Bitdefender researchers warn that the torrent for Leonardo DiCaprio’s One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows users.

Sysdig discovered North Korea-linked EtherRAT, a stealthy new backdoor using Ethereum smart contracts for C2 after exploiting the critical React2Shell vulnerability (CVE-2025-55182).

Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty.

Portugal updates its cybercrime law (Decree Law 125/2025) to grant ethical hackers a 'safe harbour' from prosecution. Learn the strict rules researchers must follow, including immediate disclosure to the CNCS, and how other nations are following this trend.

Varonis threat analysts warn about Spiderman, a dangerous new kit that automates attacks against European banks and crypto customers, stealing a victim’s full identity profile.

Ad fraud networks use bots, deepfakes and spoofed traffic to drain PPC budgets. This report shows how fake clicks distort performance data.

Europol and Eurojust led a massive international police operation that successfully dismantled a crypto fraud network that laundered over €700M using deepfake ads.

Google AI systems (Gemini Enterprise) had a critical 'GeminiJack' security flaw allowing attackers to steal Gmail, Docs, and Calendar data with no clicks.

SimpleX Chat’s X account hacked to promote fake crypto site urging users to connect wallets. Site mimicked official design to steal funds.