Cloudflare’s Q4 2025 report shows that Bangladesh has become the largest source of DDoS attacks, moving up two spots from the previous quarter. The report indicates a trend of increased DDoS traffic originating from Asia and South America, primarily due to compromised infrastructure, not the location of the attackers. After …
Read More »Cloudflare Report
Attackers Hijack Canadian Digital Services, Threatening Millions
Canadian citizens are increasingly targeted by phishing scams that prey on their use of digital services for taxes, travel, packages, and fines. CloudSek researchers found fraud networks imitating government websites like the CRA, Canada Post, Air Canada, and PayBC. These campaigns collect personal data and credentials on a large scale, …
Read More »US indicts 31 in major ATM malware heist draining bank funds
A federal grand jury in Nebraska has indicted 31 individuals for their involvement in a Ploutus malware scheme that resulted in the theft of millions from ATMs throughout the United States. This sophisticated “ATM jackpotting” operation is connected to the Tren de Aragua (TdA) gang, classified as a foreign terrorist …
Read More »WinRAR Vuln Exploited in the wild to Gain Control Over Windows System
A serious security flaw in WinRAR, a popular file compression tool for Windows, is being exploited by attackers to gain unauthorized access to systems. CVE-2025-8088 is a vulnerability that lets attackers insert harmful files into sensitive system folders unnoticed, giving them control over Windows computers. The security flaw was first …
Read More »149M Data Exposed across Facebook, Gmail, Outlook and others
Cybersecurity researcher Jeremiah Fowler discovered a data leak containing 149 million logins and passwords. The database was publicly accessible without password protection or encryption, holding 149,404,754 unique credentials totaling 96 GB. The leaked records contained usernames and passwords from victims worldwide, covering various online services and accounts. These included social …
Read More »Hacker breach 76 zero-days for $1,047,000
Pwn2Own Automotive 2026 concluded with security researchers earning $1,047,000 for exploiting 76 zero-day vulnerabilities from January 21 to January 23. The Pwn2Own Automotive hacking competition focused on car technologies and occurred this week in Tokyo, Japan, during the Automotive World conference. Hackers focused on fully updated in-vehicle infotainment systems, electric …
Read More »Fake PNB MetLife Payment Gateway Stealing Customer Details:Direct to UPI Payments
Hackers are targeting PNB MetLife insurance customers by using fake payment gateways to steal personal information and redirect victims to fraudulent UPI transactions. The scam takes advantage of PNB MetLife’s trusted image by creating fake mobile payment sites that look like real premium payment services. Malicious pages collect policy numbers …
Read More »Fortinet admins report patched FortiGate firewalls getting hacked
Fortinet customers are observing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. One affected admins said that Fortinet has allegedly confirmed that the latest FortiOS version (7.4.10) didn’t fully address this authentication bypass vulnerability, which should’ve been patched in early …
Read More »AI-Powered Ransomware: Attacks Up by 60%: Check Point
Check Point data reveals a 60% increase in ransomware attacks, with North America and Europe being the primary targets. The rise in enterprise Gen AI use has also exposed sensitive data. In 2025, ransomware attacks stood out for their volume, scale, and damage. The December 2025 Global Cyber Attack Statistics …
Read More »Hackers to exploit critical Fortinet FortiSIEM flaw in attacks
A critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code is now being abused in attacks. Security researcher Zach Hanley from Horizon3.ai reported vulnerability CVE-2025-64155, which combines two issues that enable arbitrary writes with admin permissions and privilege escalation to root access. “An improper neutralization of special elements used …
Read More »
InfoSecBulletin Cybersecurity for mankind