Security researchers at Okta have uncovered a previously unknown phishing-as-a-service operation called VoidProxy that represents a significant escalation in cybercriminal capabilities targeting business email and cloud accounts. Unlike traditional phishing attacks that simply steal passwords, VoidProxy uses real-time “adversary-in-the-middle” techniques that can bypass common two-factor authentication methods including SMS codes and authenticator apps. The service

Continue Reading

A data security incident has affected Hello Gym, a communication platform serving fitness centers across North America. The breach involved an exposed database containing 1.6 million audio recordings, and sensitive customer and employee information. According to a report from Website Planet, the discovered database held five years’ worth of phone calls and voicemails spanning from

Continue Reading

Cybersecurity researchers at Mosyle, a device management and security provider, have discovered a new and highly stealthy malware strain, according to a report first shared with 9to5Mac. Called ModStealer that has been evading detection by all major antivirus tools for nearly a month. This discovery is particularly alarming for users on macOS, Linux and Windows

Continue Reading

Recently, a significant security flaw was identified in Adobe Commerce involving the Commerce REST API (CVE-2025-54236). This vulnerability could potentially allow attackers to take over customer accounts. While there are no reports of active exploitation at this time, it’s crucial to apply the hotfix to prevent any risks. The vulnerability affects how API requests are

Continue Reading

A recent report by security researchers at Bitdefender details a malicious campaign spreading through Facebook ads that promote fake “Meta Verified” browser extensions. The campaign targets Facebook users, especially content creators and small businesses, by offering tools that claim to unlock verification features, but in reality are designed to steal account credentials and session data.

Continue Reading

A new report from CyCognito, a cybersecurity exposure platform, has uncovered a significant blind spot in enterprise web security: more than half of internet-facing enterprise assets are not protected by Web Application Firewalls (WAFs) — including many that collect sensitive user data. The research analyzed over 500,000 external-facing assets from Fortune 2000 and Fortune 500

Continue Reading

Plex, a popular personal media server and streaming platform, has disclosed a recent security incident that exposed limited user account data. In an official announcement, the company stated that an unauthorized third party accessed one of its internal databases. While the breach was contained quickly, the affected data includes usernames, email addresses, hashed passwords, and

Continue Reading