Kaspersky researchers have exposed Operation ForumTroll, a cyber-espionage campaign using “Dante,” a new spyware tool developed by Memento Labs, the rebranded successor of the infamous Hacking Team.

Security researchers say a North Korea–linked Lazarus sub-group (known as BlueNoroff and by multiple APT aliases) is running twin campaigns — GhostCall and GhostHire — aimed at the Web3 and blockchain ecosystem.

Cybersecurity firm LayerX Security has discovered a serious vulnerability in OpenAI’s new ChatGPT Atlas browser that could allow attackers to inject malicious instructions directly into a user’s ChatGPT memory. Dubbed “ChatGPT Tainted Memories,” the flaw enables remote code execution and account compromise without user awareness.

The New York State Department of Financial Services (NYDFS) has released updated cybersecurity guidance outlining how financial services firms should manage risks associated with third-party service providers (TPSPs).

Cybercriminals are increasingly abusing internal OAuth-based applications to gain long-term access to enterprise cloud environments, according to new research from Proofpoint. These malicious applications can remain undetected for extended periods, allowing attackers to retain access to high-privileged accounts even after password resets or multi-factor authentication (MFA) enforcement. Because OAuth tokens authorize access without requiring credentials, they offer a covert way for attackers to persist inside compromised systems.

A large-scale disruption at Amazon Web Services (AWS) earlier this week caused major outages across websites and apps worldwide, affecting users from the Americas to Europe and Asia. The company later confirmed that the issue has been mitigated, with most services restored by Monday afternoon.

A significant Amazon Web Services (AWS) outage on October 20, 2025, disrupted numerous online platforms worldwide, highlighting the internet's reliance on centralized cloud infrastructure.