Lumma Stealer, coming and going

In their newest escalation of activities since saying “goodbye” and then determinedly trying to create more chaos on Telegram. the Scattered LAPSUS$ Hunters collective (for lack of a better word right now), has opened up a leak site in both clear net and onion versions. In its debut, the group has targeted Salesforce, and is……

Analysis of the tradecraft evolution across 6 months and 11 incidents

Aurora Munteanu reports: The Leipzig District Court has awarded Facebook users EUR 5000 in compensation for data protection violations from Meta’s Business Tools. This marks a significant precedent in European privacy enforcement. The German court offered the judgment on July 4th, 2025, finding that Meta Platforms Ireland Limited breached the General Data Protection Regulation through its extensive tracking…

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. “The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor’s browser,” c/side security analyst Himanshu

Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. “These vulnerabilities can be chained by

On September 17, the Pennsylvania Attorney General’s Office posted the following update to a ransomware attack it initially disclosed on August 11. HARRISBURG — The Office of Attorney General is providing an update regarding the cyber incident last month that impacted our agency. As previously reported, the incident was the result of a malicious actor……