InfoSecBulletin Cybersecurity for mankind
Hacker specially target on the 2025 holiday season and that has seen a surge in cyber threats, as attackers utilize advanced infrastructure to take advantage of increased online shopping. This year, criminals are using automated tools to expand their deceptive digital operations across various merchant categories.
These campaigns mainly use fake websites that imitate real retailers to collect sensitive consumer information during busy shopping times. Over 18,000 holiday-themed domains have been registered in the last three months, highlighting a major sign of the pre-holiday push.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Targeting high-traffic keywords such as “Christmas,” “Black Friday,” and “Flash Sale,” these domains serve as the backbone for phishing schemes and fraudulent storefronts.
Many of these sites resemble well-known brands with small URL changes, making them hard to tell apart for busy shoppers. Many of these domains are inactive to avoid detection, but hundreds are already used for gift card scams and payment theft.
Fortinet analysts discovered a vast network of malicious infrastructure that enables successful SEO poisoning. Attackers boost the rankings of harmful URLs to make their fake sites show up with real results during busy times.
Researchers reported a concerning increase in credential theft, with over 1.57 million login accounts from major e-commerce sites being sold on underground markets.
These “stealer logs” contain browser-stored passwords, cookies, and session tokens, enabling rapid account takeovers that bypass traditional login defenses .
