Small world: The revitalization of small AI models for cybersecurity

A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud. “The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a…

Brace yourselves… and consider reading your email in plaintext for now

Tampa, Florida – United States Attorney Gregory W. Kehoe announces the extradition of Liridon Masurica (33, Gjilan, Kosovo), also known as “@blackdb.” Masurica is charged with one count of conspiracy to commit access device fraud and five substantive counts of fraudulent use of 15 or more unauthorized access devices. If convicted on all counts, Masurica faces…

The advice didn’t change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on password length, rather than complexity. Length is the more important security factor, and passphrases are…

Admire Moyo reports on an insider wrongdoing case in South Africa: In a landmark case, a man was last week sentenced to eight years in jail for contravening South Africa’s Cyber Crimes Act. Lucky Majangandile Erasmus (36), a former employee of Ecentric Payment Systems, was sentenced by the Specialised Commercial Crimes Court after entering into…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote