OnePlus phones are dealing with a bug that lets any app read SMS data without asking nicely. OxygenOS versions 12 to 15 are affected, and OnePlus has yet to patch this issue. Until they do, keep app installations low and stick to encrypted messaging apps for your secrets.

The ShadowV2 DDoS operation is the new cybercrime-as-a-service, attacking like a business with APIs and user interfaces. This malware operation cleverly combines traditional hacking with modern DevOps tools, using GitHub CodeSpaces, Docker, and Go-based trojans. It’s a digital crime buffet where specialization beats sprawl, making cybercrime look like a startup pitch.

Interpol’s Operation HAECHI VI seized over $439 million in cash and cryptocurrency linked to cyber-enabled financial crimes. The operation spanned five continents, involved 40 countries, and targeted scams from voice phishing to romance fraud. More than 68,000 bank accounts were blocked and 400 cryptocurrency wallets seized in this global crackdown on cybercrime.

The suspected China-nexus cyber espionage group has targeted U.S. companies with the BRICKSTORM backdoor, aiming for long-term stealthy access. Their ingenious methods, like exploiting zero-day vulnerabilities and using malicious Java Servlet filters, make them the ninjas of the cyber world. Organizations are urged to hunt for BRICKSTORM, the digital ghost haunting their systems.

Boyd Gaming announced a data breach after hackers infiltrated its IT systems. The company says its casino operations remain unaffected. While some data, including employee info, was stolen, Boyd Gaming assures that the incident won’t impact its financial health, thanks to a robust cybersecurity insurance policy.

Indirect prompt injection is like a sneaky ninja slipping hidden instructions into seemingly normal data, turning LLMs into unwitting accomplices. Meanwhile, RUG Pull attacks are the tech equivalent of replacing your morning coffee with decaf—trusted tools silently swapped for evil twins. In both cases, attackers don’t need to hack the model; they manipulate its environment.

The UK’s National Crime Agency nabbed a suspect linked to a ransomware attack causing chaos at European airports. The cyberattack hit Collins Aerospace’s passenger processing software, MUSE, leading to flight delays and cancellations. RTX Corporation confirmed the disruptions, while experts speculate on the ransomware variant used in this unusual large-scale incident.

When Obscura ransomware crashed the party, Huntress analysts were left scratching their heads at this unseen variant. Named after its ransom note, Obscura took center stage with its clever domain-blending tactics and cryptic demands. Despite its mysterious nature, Obscura is just one of many new ransomware variants causing chaos.

Chinese hackers have turned Brickstorm into the Swiss Army knife of malware, sneaking into U.S. tech and legal sectors. This Go-based backdoor waltzes past security like it’s on a stealth mission, siphoning data undetected for over a year. Clearly, Brickstorm isn’t just malware; it’s a master of disguise.

Wondershare RepairIt is facing a double whammy of critical vulnerabilities, thanks to Trend Micro’s findings. With CVE-2025-10643 and CVE-2025-10644 vulnerabilities, users might as well hang a ‘Welcome’ sign for cybercriminals. It’s a digital comedy of errors where the joke’s on them, and the punchline is their data exposure.

Chinese spies have made Ivanti gear their new best friend, exploiting zero-days and remaining undetected for ages. These cyber ninjas use BRICKSTORM backdoors, evading traditional endpoint detection and response tools. Google’s Mandiant team offers a free scanner to hunt this malware. It’s a cat-and-mouse game, but with fewer mice and more espionage.

Beware of phishing attacks using a fake Python Package Index website to reset credentials! The Python Software Foundation warns of emails prompting “email verification,” leading to a phishing page. Protect your PyPI account by avoiding email links, using password managers, and enabling two-factor authentication. Remember, not all packages are gifts!

GitHub users fell prey to a phishing campaign involving fake Y Combinator invitations and cryptocurrency drainers. The attacker cleverly used GitHub’s notification system, luring developers with a $15 million promise. However, instead of funding, victims found their crypto wallets drained. Developers, secure your wallets—YC isn’t offering a prize for that!

Cyberattack on Collins Aerospace caused chaos at major airports, leading to handwritten boarding passes and flight cancellations. The suspect, a 40-year-old man, was arrested but released on bail. Authorities say ransomware was involved, and investigations continue as airports scramble to restore systems. Stay tuned—cybercrime drama is more thrilling than Netflix!

The UK’s National Crime Agency has arrested a man linked to a ransomware attack that caused chaos at airports worldwide. The attack, targeting Collins Aerospace technology, disrupted traveler check-ins and baggage drops, leading to widespread delays. The investigation continues, highlighting the persistent threat of cybercrime to critical infrastructure systems.

The US cybersecurity agency CISA has identified a GeoServer vulnerability being exploited to compromise a federal agency. The bug, tracked as CVE-2024-36401, allowed attackers to drop web shells, escalate privileges, and remain undetected for weeks. It’s a reminder that sometimes the biggest threats aren’t exotic zero-days but rather the ones we overlook.

HardBit ransomware: the digital version of losing your luggage at the airport. Collins Aerospace struggles to boot out cybercriminals while major European airports face delays, cancellations, and an unintended game of hide-and-seek with hackers.

Cybersecurity researchers have discovered a new malware called YiBackdoor, with significant code overlaps with IcedID and Latrodectus. While its exact role is murky, it’s suspected to aid in ransomware attacks. YiBackdoor can execute commands, collect data, and expand its capabilities via plugins, making it a concerning development for cybersecurity experts.

Think payment iframes are secure? Think again. Attackers are using pixel-perfect overlays to skim credit card data, bypassing security measures designed to stop them. The Stripe skimmer campaign is a prime example, proving traditional iframe security is obsolete. An iframe’s security is only as strong as its host. Active monitoring is now essential.

KNP Logistics Group’s downfall shows that even a 158-year-old company can be undone by a single weak password. The Akira ransomware group seized on this vulnerability, sidelining 500 trucks and leaving 700 employees jobless. The lesson? When it comes to cybersecurity, “Password123” won’t cut it!