Microsoft is alerting Windows users to a new cryptocurrency clipper malware spread via USB drives. It steals clipboard data, replaces wallet addresses, and uses the Tor network for communication, posing a significant threat to digital assets.
Cyber extortion group FulcrumSec claims to have stolen over 1TB of sensitive data from Novo Nordisk, including source code, drug information, and clinical trial data. The group allegedly demanded $25 million, which Novo Nordisk reportedly refused to pay. FulcrumSec is now reportedly exploring selling the stolen data.
Researchers revealed how a vulnerability in Microsoft's M365 Copilot could be exploited to steal 2FA codes and sensitive data by tricking the AI into sending requests to attacker-controlled servers. Microsoft has patched the specific exploit, named SearchLeak, but the underlying issue of AI distinguishing user commands from malicious instructions remains.
Google's cybersecurity teams expose UNC3753's financially motivated data theft campaign targeting US professional, legal, and financial services via vishing and social engineering, with a 3-day ransom deadline.
Silent Ransom Group, a cybercrime gang, has been targeting law firms with a novel approach, sending fake IT workers in person to steal data via USB drives or remote access, alongside traditional phishing and social engineering tactics.
GitHub confirmed a hack affecting 3,800 internal code repositories. Attackers used a poisoned VS Code extension to compromise an employee device. The group TeamPCP claimed responsibility and is selling the data.
UNC6671, also known as BlackFile, has intensified its vishing attacks since early 2026, targeting organizations in North America, the UK, and Australia. The group uses fake login pages and social engineering to steal credentials and exfiltrate data, demanding millions in ransom.
