Security

Cybersecurity experts reveal a significant supply chain attack affecting npm and PyPI ecosystems, compromising numerous packages and exposing millions of users to malware. Learn about the affected packages and how to protect yourself.

Luxury under threat: Cartier, the prestigious fashion house, has revealed a data breach following a cyberattack that compromised personal customer data. The breach is part of a broader wave of cyber threats hitting global fashion brands, raising concerns about how high-end retail is being exploited for customer data.

Google’s trusted scripting platform is the latest weapon in phishing arsenals, helping attackers craft convincing credential-stealing campaigns that evade traditional email filters. Cybercriminals are leveraging Google Apps Script, a legitimate tool in Google’s Workspace suite, to host phishing pages that appear trustworthy to both users and security systems. According to research by Cofense, attackers are disguising these pages as authentic login portals to trick users into submitting their credentials — all while operating under the umbrella of a trusted Google domain.

A major cyber intrusion has taken down the Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL) website, halting critical services like new electricity connections and online bill payments for thousands of consumers across the state. A targeted cyberattack on May 7, 2025, has paralyzed UHBVNL’s digital operations, leaving over 50,000 consumers unable to access vital power utility services. The breach marks yet another alarming example of the vulnerability of India's critical infrastructure to cyber threats.

A new phishing campaign weaponizes malformed URLs to bypass email filters and steal Microsoft 365 credentials—even bypassing two-factor authentication. Researchers have linked the attack to Tycoon2FA, a notorious Phishing-as-a-Service (PhaaS) operation that enables adversary-in-the-middle (AitM) interception of login sessions. The threat actors behind this campaign are using subtle but dangerous techniques to trick both users and security systems.

The latest variant of DarkCloud Stealer uses AutoIt scripting and advanced evasion techniques to target financial, healthcare, and e-commerce sectors. With over 120,000 accounts compromised since March 2025, this malware showcases a dangerous blend of legacy scripting abuse and stealthy credential theft.

A deeply embedded backdoor in Magento extensions has surfaced after six years, affecting 500 to 1,000 e-commerce websites—including a $40 billion multinational. The long-dormant malware has now been activated, compromising sensitive customer data in a widespread supply chain attack.

In a chilling example of cyber exploitation, threat actors are leveraging the tragic Pahalgam attack to deceive Indian government personnel into opening malicious documents. These phishing campaigns aim to install Remote Access Trojans (RATs) and extract sensitive intelligence data from highly sensitive departments.

An Indian Air Force (IAF) C-130J aircraft flying over Myanmar during the Operation Brahma relief mission was hit by a dangerous GPS-spoofing cyberattack. The attack could have misled the aircraft, but the pilots swiftly switched to an internal system to stay safe. Here's what happened and why GPS spoofing is a growing cyber threat.