Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials. Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exp.

#Infosec2025: Know Your Audience to Make an Impact, CISOs Tell Their Peers. A panel of CISOs at Infosecurity Europe urged their peers to use risk management and clear communication to tame a chaotic cyber landscapeA panel of CISOs at Infosecurity Europe urged their peers to us.

Cellebrite to acquire mobile testing firm Corellium in $200 million deal. Security technology company Cellebrite has announced plans to acquire Florida-based mobile testing startup Corellium for $170 million in cash, with an additional $20 million converted to equity at closin.

#Infosec2025: Threat Actors Weaponizing Hardware Devices to Exploit Fortified Environments. Sophisticated nation-state and cybercriminal groups are using insiders to infect targets via hardware devices, despite a lack of reporting of this threatSophisticated nation-state and c.

Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands. The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the India.

U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm.

US offers $15 million reward for info on North Korean nationals involved in global criminal network

BlackSuit Ransomware Group’s Dark Web Sites Seized in Operation Checkmate

Backdoored Open Source Malware Repositories Target Novice Cybercriminals. A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters. The post Backdoored Open Source Malware Repositories Target Novice Cybercri.

Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor.

In Other News: $30k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth

Mitel Patches Critical Flaw in Enterprise Communication Platform

#Infosec2025: Defenders and Attackers are Locked in an AI Arms Race. Malicious actors are making more use of AI in attacks, even as governments look to boost AI investmentsMalicious actors are making more use of AI in attacks, even as governments look to boost AI investments  .

Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks.

Prolonged Chinese Cyber Espionage Campaign Targets VMware Appliances

UK Student Sentenced to Prison for Selling Phishing Kits

New Chaos Ransomware Emerges, Launches Wave of Attacks

Carding Marketplace BidenCash Shut Down by Authorities . Authorities seized 145 domains associated with BidenCash, a marketplace for stolen credit cards and personal information. The post Carding Marketplace BidenCash Shut Down by Authorities  appeared first on SecurityWeek. ​.

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing.

Malware Campaign Masquerades as Dating Apps to Steal Data