A newly identified Android banking trojan, known as Mirax, is spreading across Europe and combines remote access features with residential proxy capabilities to broaden its impact. According to an advisory published by Cleafy, the malware has been observed targeting Spanish-speaking users,… Read More "Mirax Android Trojan Turns Devices Into Residential Proxy Nodes"
Ravie LakshmananMay 31, 2026IoT Security / Network Security Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the… Read More "Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices"
Security researchers have identified a surge in the misuse of mailbox rules within Microsoft 365 environments, with attackers increasingly relying on native email features to maintain access, exfiltrate data and manipulate communications after account compromise. The Proofpoint findings, published earlier… Read More "Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat"
One-in-four (24%) healthcare organizations (HCOs) experienced cyber-attacks impacting medical devices over the past year, causing potentially significant disruption to patient care, according to RunSafe Security. The security vendor polled 551 healthcare professionals across the US, UK and Germany to produce… Read More "A Quarter of Healthcare Organizations Report Medical Device Attacks"
Vect 2.0 ransomware has been found to wipes large, compromised files instead of merely encrypting them, making recovery impossible – even for the attackers. This is due to a critical flaw in the encryption implementation. The bug, likely an unintended… Read More "Critical Flaw Turns Vect Ransomware into Data Destroying Wiper"
The threat landscape in 2025 was characterized by a surge in compromised credentials, extortion and vulnerability exploitation, according to a new report from KELA. The threat intelligence firm tracked nearly 2.9 billion compromised credentials last year globally, it said… Read More "Researchers Track 2.9 Billion Compromised Credentials"
A malicious npm dependency linked to an AI-assisted code commit has been found stealing sensitive data and exposing crypto wallets. According to researchers at ReversingLabs, the package, disguised as a validation tool, enabled attackers to exfiltrate secrets from infected environments… Read More "Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto W"
A high-severity vulnerability in the AI-powered development tool Cursor allows installed extensions to access sensitive credentials, exposing API keys and session tokens without any user interaction. According to research by LayerX, the issue stems from how Cursor stores secrets locally,… Read More "Cursor Extension Flaw Exposes Developer API Keys"
An undocumented malware implant suspected to be associated with a China-linked actor has been identified by researchers at Cato Networks’ Cyber Threats Research Lab (CTRL). Their discovery was made when they responded to an intrusion attempt affecting the Indian branch… Read More "China-Linked Hackers Deploy New TencShell Malware Against Manufacturer"
Cybersecurity report creation is essential for keeping stakeholders informed of your risk management progress, especially within Third-Party Risk Management, which focuses on a risk domain with the most significant potential of causing a data breach. What is a cybersecurity report?… Read More "Ultimate Guide to Cybersecurity Reports in 2026"
