​Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. “The threat actor hides each malware… Read More »Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites

​This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back… Read More »⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists

​In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.  After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the… Read More »The New Ransomware Groups Shaking Up 2025

​Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of… Read More »Vo1d Botnet’s Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

​Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to… Read More »Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

​A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. “The… Read More »Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone

​Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow’s content delivery network (CDN) to deliver the Lumma stealer malware.… Read More »5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs

​Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you… Read More »RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable

​Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in… Read More »Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

​The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of… Read More »Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus