A major malvertising operation known as TamperedChef is tricking users worldwide into installing malware disguised as legitimate software installers. According to Acronis Threat Research Unit (TRU), attackers are deploying fake versions of common tools to establish persistent access and deliver a JavaScript-based backdoor for remote control. The campaign remains active, supported by search engine manipulation, fake ads, and abused digital certificates—all intended to boost credibility and evade security detection.

Cybercriminals have allegedly targeted almost 30 organizations in a coordinated campaign exploiting Oracle’s E-Business Suite (EBS) enterprise resource planning software. The operation, which began in late September, involved extortion emails sent to senior executives and is believed to be the work of the financially motivated threat group known as FIN11.

Cybercriminals are increasingly targeting trucking and logistics companies with remote monitoring and management (RMM) software to infiltrate systems, gain control, and ultimately steal physical freight, according to Proofpoint. The threat group, active since mid-2025, appears to be working with organized crime networks to bid on and divert legitimate shipments—most often food and beverage cargo that is later sold online or shipped overseas.

A global Cloudflare outage briefly impacted access to major websites and online services on Tuesday, causing intermittent failures across platforms including OpenAI, Spotify, X (formerly Twitter), and numerous telecom and media sites. Users reported that pages either would not load or lacked key content, and even Downdetector—which tracks service disruptions—became temporarily unavailable. Cloudflare acknowledged the issue and began gradually restoring service approximately three hours after the problem began.

Cybersecurity researchers at Tenable have uncovered seven vulnerabilities in OpenAI’s ChatGPT, specifically affecting its GPT-4o and GPT-5 models. These flaws could allow attackers to steal personal data from users’ memories and chat histories without their knowledge. OpenAI has since patched several of the issues, which were found to make the chatbot susceptible to indirect prompt injection attacks—a manipulation technique that tricks large language models into executing hidden or malicious commands.

Cybersecurity firm LayerX Security has discovered a serious vulnerability in OpenAI’s new ChatGPT Atlas browser that could allow attackers to inject malicious instructions directly into a user’s ChatGPT memory. Dubbed “ChatGPT Tainted Memories,” the flaw enables remote code execution and account compromise without user awareness.

In mid-September 2025, state-sponsored cyber actors from China exploited Anthropic’s AI technology, specifically Claude Code, to orchestrate automated attacks on roughly 30 high-value global targets, including tech firms, financial institutions, chemical manufacturers, and government agencies.

A major international investigation led by Eurojust, the European Union’s judicial cooperation agency, has resulted in the arrest of nine individuals accused of running a large-scale cryptocurrency investment scam. The operation, supported by prosecutors from France, Belgium, Spain, Germany, and Cyprus, targeted a network allegedly behind a series of fake crypto investment websites.

Security researchers say a North Korea–linked Lazarus sub-group (known as BlueNoroff and by multiple APT aliases) is running twin campaigns — GhostCall and GhostHire — aimed at the Web3 and blockchain ecosystem.

Running a business today can be likened to trying to navigate a digital minefield. You know there are dangers all around, but knowing where they are and how to avoid them is rarely an easy task.

Kaspersky researchers have exposed Operation ForumTroll, a cyber-espionage campaign using “Dante,” a new spyware tool developed by Memento Labs, the rebranded successor of the infamous Hacking Team.

Cybercriminals are increasingly abusing internal OAuth-based applications to gain long-term access to enterprise cloud environments, according to new research from Proofpoint. These malicious applications can remain undetected for extended periods, allowing attackers to retain access to high-privileged accounts even after password resets or multi-factor authentication (MFA) enforcement. Because OAuth tokens authorize access without requiring credentials, they offer a covert way for attackers to persist inside compromised systems.