Blog #Cybersecurity Trends

Hellcat is a newly identified ransomware group using a Ransomware-as-a-Service (RaaS) model to target government, education, and energy sectors.

The "FlowerStorm" phishing framework has emerged as a sophisticated Phishing-as-a-Service (PhaaS) platform targeting multiple brands to steal login credentials.

A recent Netwrix report revealed that 84% of healthcare organizations experienced a cyberattack on their infrastructure in the past year, with phishing being the most common incident.

A vulnerability in Subaru's Starlink connected vehicle service allowed unauthorized access to customer accounts in the US, Canada, and Japan, according to security researcher Sam Curry.

The New York State Department of Financial Services (NYDFS) fined PayPal $2 million for failing to meet its cybersecurity standards, following a data breach in December 2022.

PowerSchool announced a data breach in December 2024, compromising personal information of students and educators. The breach, identified on December 28, affected only PowerSchool's Student Information System (SIS), accessed through its customer support portal, PowerSource.

CloudSEK researchers discovered a vulnerability in Zendesk's platform that allows cybercriminals to exploit subdomain registration for phishing and investment scams.

President Donald Trump pardoned Ross Ulbricht, the founder of the dark web marketplace Silk Road, calling his prosecution unfair and overly harsh.

On the first day of Pwn2Own Automotive 2025, $382,750 was awarded for 16 zero-day vulnerabilities in car infotainment systems, EV chargers, and automotive operating systems.

The Specops 2025 Breached Password Report reveals that over 1 billion passwords were stolen by malware in the past year, exposing persistent weaknesses in password security practices.

A security researcher, Jeremiah Fowler, discovered an unprotected database containing over 240,000 records belonging to Willow Pays, a US-based FinTech company specializing in bill payment services.

Hacker IntelBroker claims to have breached Hewlett Packard Enterprise (HPE), exposing sensitive data such as source code, certificates, and personal information (PII), now for sale on Breach Forums.