Latest Cybersecurity News and Articles

---

INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming

---

UK and US investigations into harmful international cyber campaigns

NCSC re-issues advice on how to reduce your risk of becoming a victim of malware attacks

---

Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million

---

Nearly 400,000 WordPress credentials stolen

A threat actor labelled as MUT-1244 has stolen more than 390,000 WordPress credentials. 

---

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS

---

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a

---

Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack. "One of the

---

Even Great Companies Get Breached — Find Out Why and How to Stop It

Even the best companies with the most advanced tools can still get hacked. It’s a frustrating reality: you’ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what’s going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed—even in well-prepared organizations. The good

---

Joint Advisory: Exploitation of Accellion File Transfer Appliance

Cyber security organisations in the UK, USA, Australia, New Zealand, and Singapore publish advice to defend against malicious cyber actors.

---

Advisory: COVID-19 exploited by malicious cyber actors

Practical advice for individuals and organisations on how to deal with COVID-19 related malicious cyber activity.

---

NCSC consolidates advice on secure home learning

Three tailored blogs to help manage remote education technology safely.

---

NCSC lifts lid on three random words password logic

The logic of using three random words for strong passwords and why the NCSC advises the approach.

---

Big brands urged to 'scam-proof' messages to public

The NCSC launches new guidance for organisations on securely communicating with customers via SMS and phone calls.

---

Schoolgirls across the UK poised to battle for crown of cyber champions

The CyberFirst Girls Competition's finals will take place across the UK.

---

Tech-savvy schools gain recognition from UK experts for championing cyber skills

Eight more schools and colleges receive CyberFirst schools award for first-rate cyber security teaching.

---

Nation of digital defenders blow the whistle on over 10 million suspect emails

Milestone number of suspect emails reported by the British public marks launch of new Cyber Aware campaign.

---

Schools offered free cyber defence tools to help keep out attackers

UK education settings can sign up for the NCSC's Web Check and Mail Check services to protect their websites and email servers from cyber attacks.

---

NCSC joins industry to offer unprecedented protection for public from scams

Data sharing collaboration will allow ISPs to instantly block access to fraudulent sites.

---

Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint

---

5 Practical Techniques for Effective Cyber Threat Hunting

Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.  To avoid this, use these five battle-tested techniques that are