Friday , July 10 2026

Cyber Attack

CastleLoader Malware To Attack US Government Agencies and Critical Infra

CastleLoader

A dangerous malware loader dubbed CastleLoader poses a serious risk to US government agencies and critical infrastructure. First detected in early 2025, it has been used to gain initial access in coordinated attacks on federal agencies, IT firms, logistics companies, and essential infrastructure in North America and Europe. Security researchers …

Read More »

Instagram data leak reveals sensitive info of 17.5M accounts

Instagram

A major security breach has affected about 17.5 million Instagram accounts, revealing private information now found on the dark web. The recent incident reported by Malwarebytes has raised severe concerns about user privacy and account security. The breach involves significant personal information that poses risks to users. Affected data includes …

Read More »

Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

ESXi

Hackers reportedly used a compromised SonicWall VPN appliance to gain access and deploy a VMware ESXi exploit, possibly created as early as February 2024. Huntress, a cybersecurity firm, detected activity in December 2025 and halted it before it escalated into a ransomware attack. The attack likely took advantage of three …

Read More »

BlueDelta Target Sophos VPN, Google, Microsoft OWA to Steal Credentials

BlueDelta

BlueDelta conducted a complex credential-harvesting operation targeting critical infrastructure and research institutions in 2025, as revealed by an investigation from Recorded Future’s Insikt Group. The campaigns leveraged legitimate PDF documents as bait, including publications from the Gulf Research Center titled “Strategic and Political Implications for Israel and Iran: The Day …

Read More »

BTRC NEIR face 2.4 million bot traffic in a minute

NEIR

BTRC’s National equipment identity register (NEIR) Citizen Portal is under attack by 2.4 million bot traffic in a minute. The attackers have been carrying out this attack intermittently since Friday morning. Aminul Bari Shuvro, Chief Solution Officer of Synesis IT (responsible for NEIR) said that forty thousand bot traffic hit …

Read More »

2025: Top cybersecurity and cyberattack stories

The cybersecurity landscape in 2025 saw an increase in the scale and sophistication of cyber threats. Nation-states, organized crime, and hybrid groups blurred the lines between espionage and financial crime, while supply chain weaknesses and social engineering became major attack methods. Massive data theft targeting cloud platforms like Salesforce exposed …

Read More »

RondoDox botnet uses React2Shell flaw to breach Next.js servers

RondoDox

The RondoDox botnet is using the serious React2Shell vulnerability (CVE-2025-55182) to infect unprotected Next.js servers with malware and cryptominers. RondoDox, a large-scale botnet first reported by Fortinet in July 2025, targets various n-day vulnerabilities in global attacks. In November, VulnCheck discovered new variants of RondoDox that exploit the critical remote …

Read More »

Korean Air thousands of employees’ personal info leaked

Korean

Employee data at Korean Air, South Korea’s largest airline, was leaked following a cyberattack on a partner firm that provides in-flight meals and onboard services, industry sources reported on Monday. According to the sources, Korean Air issued an internal notice earlier in the day informing employees that KC&D, the airline’s …

Read More »

Hacker offers to sell 60 million France mobile number dataset

60 million

Threat actor dubbed “D3f4c3rX” offers to sell a huge amount (60 million) of mobile number dataset from France in a forum. The mammoth dataset contains 160,000,000+ “verified mobile numbers, professionally processed and categorized by network operator.” According to the claim of the threat actor’s post, the database includes: Total Records: …

Read More »

70,000 bank customer info exposed via vendor attack

vendor

Two new banks reported a data breach that revealed customer information due to a hack of their third-party vendor, Marquis Software Solutions. VeraBank in Texas reported that a data breach affected 37,318 clients, revealing their names and some personal information. The bank didn’t detail which personal information was stolen, but …

Read More »