China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known...

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The U.S. Department of Justice DoJ on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the...

IBM WebSphere Application Server (WAS) security vulnerabilities

IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications, and it also forms the foundation of the IBM WebSphere software platform. Both versions of IBM WebSphere Application Server WAS, 9.0 and 8.5, ha...

Secure Identity at the Edge: Akamai Partners with Auth0

The Akamai and Auth0 partnership secures identity at the edge by combining edge intelligence and adaptive authentication to stop fraud and enhance user trust...

Innovations in Cardless Artificial Intelligence Banking: A Comprehensive Framework for Cyber Secure and Fraud Mitigation Using Machine Learning Algorithms

The advent of cardless artificial intelligence AI banking heralds a paradigm shift in the financial landscape, offering users unprecedented security and convenience. This paper outlines a comprehensive framework designed to enhance cybersecurity, introduce auto-generated virtual cards, and mitiga...

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign

A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences...

Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks

Banana RAT malware hidden in fake invoices and security update screens targets customers at 16 Brazilian banks stealing data with QR fraud...

Malicious code in @tailwind-core/webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7955094460738dc65288f88a3bb990c7d3ff52ed3683f11265b7072bd80aa4e3 Package @tailwind-core/webpack impersonates the legitimate Tailwind v4 webpack loader @tailwindcss/webpack. The README copies Tailwind Labs branding ...

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-contr...

Biometrics, diagnoses, and bank details exposed in major healthcare breach

NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...

Facebook scam promises cheap Aldi meat boxes, steals payment info instead

Sometimes you spot posts on social media that make you wonder if any moderation takes place at all. Which is concerning, because two- thirds of all online shopping scams now start on Facebook and Instagram. Online shopping scams are alarmingly common and have become one of the most frequently...

SAGE: Scalable Automatic Gating Ensemble for Confident Negative Harvesting in Fraud Detection

Music streaming fraud, where bad actors artificially inflate stream counts to manipulate chart rankings and royalty payments, poses a significant threat to streaming services and legitimate content creators. Traditional fraud detection approaches struggle with a critical challenge: many legitimat...

CKAN 信任管理问题漏洞

CKAN is an open-source data management system developed by CKAN contributors. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained a trust management vulnerability. This vulnerability stemmed from the possibility that the configured SMTP server...

Romanian Man Faces Up to 30 Years in US Prison Over Vishing Scams

Romanian national Gavril Sandu faces up to 30 years in a US prison after extradition over a VOIP vishing and fake debit card fraud scheme...

Liberapay: another liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link

Hello again i discovered that there is another Liberapay profile of Liberapay team member at liberapay.com/mdvhimself contains a link to an expired Twitter account, creating a Broken Link Hijacking BLH vulnerability. An attacker could register the expired handle and control what appears to be an...

CVE-2026-41432 New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without...

CVE-2026-41432

CVE-2026-41432 affects New API versions prior to 0.12.10. The Stripe webhook endpoint is exposed at /api/stripe/webhook and is vulnerable when StripeWebhookSecret is empty, enabling an unauthenticated attacker to forge webhook events and fraudulently credit quota. Root causes listed across source...

CVE-2026-41432 New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without...

Thousands of Facebook accounts stolen by phishing emails sent through Google

Researchers have uncovered a long-running phishing operation that abuses trusted Google services to hijack tens of thousands of Facebook accounts. The compromised Facebook accounts are mainly business and advertiser profiles, which criminals can monetize after gaining access and control. The...

Cyber-Secure Philanthropy: Tech Infrastructure for Global Donations

Secure philanthropy needs hardened payments, API security, and compliance controls to protect global donations from fraud and attacks...