Cybercriminals engaging in account takeover fraud schemes have caused over $262 million in losses since January 2025, the FBI reports. These digital tricksters impersonate financial institutions to dupe victims into sharing account access, then swiftly transfer funds to criminal-controlled accounts, making your money disappear faster than your last diet plan.

The co-founders of Samourai Wallet are trading their privacy-centric lives for prison cells. Convicted of money laundering, they turned their app into a Bitcoin blender. Now, they’re blending into jail jumpsuits. Who knew cryptocurrency could lead to such a hard crash landing?

Detection tools are like speedy sprinters, quick but lacking depth. Meanwhile, the SOC is the marathon runner, taking its time to see the big picture. If detection fails, SOC catches what slips through. So, investing in your SOC isn’t just smart—it’s the security secret sauce for those detection tools!

Cyber risk is now the modern soundtrack of business, with organizations facing nearly 2,000 attacks weekly. The rise in cyberattacks reflects both increased threats and improved detection. Leaders should view cybersecurity as a core business discipline, not just an IT concern, as resilience becomes key to navigating this evolving risk landscape.

The cyber-attack on Gainsight has impacted more Salesforce customers than initially thought. Gainsight has expanded its list of affected customers but keeps the exact number under wraps. Meanwhile, precautionary measures have temporarily cut off some Gainsight products from Salesforce, as the company works with Mandiant to investigate. Stay tuned for more updates!

A cyberattack on OnSolve CodeRED disrupted emergency alerts for U.S. agencies, causing quite the digital drama. While no financial data was affected, users’ contact info might be out in the wild. The City of University Park is now saying farewell to CodeRED and seeking a new, more secure alert system.

A ransomware attack on the OnSolve CodeRED alert system has thrown emergency notifications into chaos. Hackers breached user data, leaving cities across the US unable to send alerts about floods, fires, and more. The Inc Ransom group is behind the attack, with negotiations reportedly fizzling over a mere $100,000 ransom.

ASUS routers with AiCloud enabled are having a rough patch—literally! A critical authentication bypass flaw, CVE-2025-59366, and eight other vulnerabilities have prompted ASUS to release new firmware. Update your router ASAP to avoid turning it into an involuntary relay box in a cyber soap opera.

Beware of Crypto Copilot, a stealthy Chrome extension that secretly adds a Solana transfer during swaps, funneling funds to an attacker-controlled wallet. Marketed as a crypto trading tool, it slyly siphons fees while users remain blissfully unaware, thanks to its clever disguise and legitimate-looking facade. Always check the fine print—or risk losing your SOL!

Battlefield 6 hype is being exploited by cybercriminals using counterfeit games and malicious cheats. These fake downloads, disguised as pirated versions or trainers, steal private information and take over PCs. To stay safe, only download Battlefield 6 from official sources like EA App, Steam, or GOG. Avoid torrents and unknown programs.

London’s councils are in a bit of a digital pickle, investigating a cybersecurity incident that began Monday. The Royal Borough of Kensington and Chelsea and Westminster City Council are scrambling to sort out their shared IT services, with experts warning that a shared network can lead to double the trouble when things go awry.

Meet HashJack, the sneaky vulnerability that turns AI browsers into digital double agents. By hiding malicious prompts in URL fragments, it tricks even the most cautious users. Whether it’s data exfiltration or phishing, this threat exploits user trust faster than you can say “Hashtag what just happened?”

Malspam attacks are like that pesky fly that won’t leave your picnic alone. The latest cyber pest, the Purelogs infostealer, is buzzing through inboxes worldwide, proving that the only thing more annoying than spam is malspam. Stay alert, because this digital mosquito bites hard!

Israeli cybersecurity startup Opti, founded in 2023, has emerged from stealth mode with $20 million in seed funding. Opti’s AI-native identity and access management platform offers increased visibility and safety across environments. With backing from top investors, Opti aims to accelerate product expansion and fuel global growth.

London councils are facing a cybersecurity incident, with Kensington and Chelsea and Westminster City Council affected. Their phone lines are down, and the chaos is shared with Hammersmith and Fulham. Hackney Council is on high alert too, but don’t worry—local authorities are pulling all-nighters to save the day. Cybersecurity incident or just a bad Monday?

RomCom threat actors have a new partner in crime, SocGholish, to add some drama to their cyber exploits. Using fake browser updates, they aim to trick users into downloading malware. However, their Hollywood-worthy plot was thwarted in under 30 minutes, proving that even cybervillains can have a bad day.

Dartmouth College confirmed a data breach after cybercriminals targeted its Oracle E-Business Suite. The attack led to the exfiltration of personal and financial information, including Social Security numbers. Nearly 1,500 Maine residents are affected. Dartmouth joins a not-so-exclusive club with Harvard, Southern Illinois, and Tulane as victims of this Oracle EBS campaign.

Iranian advanced persistent threat (APT) groups are blending cyberattacks with military operations, using them for reconnaissance and damage assessment. Amazon’s analysis connects Iranian cyber efforts to real-world targets, such as ships and Israeli CCTV systems. It’s “cyber-enabled kinetic targeting,” but don’t worry, your smart fridge is probably safe… for now.

The FBI has issued a warning about cybercriminals impersonating financial institutions to execute account takeover fraud. These scams have resulted in over $262 million in losses this year alone. By using social engineering techniques, attackers manipulate victims into divulging their login credentials, ultimately seizing control of their accounts.

Hackers working for Russian intelligence targeted a U.S. engineering firm due to its link with a sister city in Ukraine. Arctic Wolf, the cybersecurity firm that detected the attack, noted Russia’s expanding list of cyber targets. The attack showcases Moscow’s persistent efforts to disrupt entities with even indirect ties to Ukraine.