Brockton Hospital cyberattack: Anubis names victim publicly and launches countdown, new details emerge
Tax Refund Fraud in 2026: How Threat Actors Exploit Identity, Verification, and Cash-Out Channels
Threat actors are exploiting identity data, verification systems, and cash-out channels to execute tax refund fraud. Flashpoint analyzes how these schemes operate in 2026.
FCC proposes new rule to further crackdown on illegal robocalls
Healthcare IT solutions provider ChipSoft hit by ransomware attack
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers.
Google Chrome adds infostealer protection against session cookie theft
Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies.
The threat hunter’s gambit
Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors.
Treasury Department announces crypto industry cyber threat sharing initiative
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors.
Cosa impariamo dal Paese UE più massacrato dalla disinformazione russa
Le moderne campagne di disinformazione russa sono veloci, scalabili e difficilissime da arginare una volta diffuse. Ecco il caso più emblematico in Francia e come contrastare la disinformazione con un approccio integrato contro reti ibride che fungono da proxy, dove nel mirino è il ruolo di Macron come uno dei più accesi sostenitori dell'Ucraina in ambito europeo
L’hub cinese del supercomputing colpito da una massiccia violazione di dati: cosa sappiamo
Il National Supercomputing Center (NSCC) di Tianjin in Cina ha subito la sottrazione di oltre 10 petabyte di dati sensibili. L'esfiltrazione di dati nel settore della ricerca scientifica e militare pone interrogativi sulla sicurezza delle infrastrutture critiche di calcolo ad alte prestazioni. Ecco i quesiti aperti e le implicazioni geopolitiche di simili eventi
Russia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have found a huge ad fraud campaign with hundreds of malicious apps in the Google Play Store
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware.
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series.
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors.
The Scam That Won’t Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents
Bitdefender details fake Battlefield 6 pirated versions and fake game trainers found across torrent trackers and other easily found websites.
CVE-2025-55182 Exploitation Hits the Smart Home
Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors.
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
Bitdefender researchers investigate a complex infection chain embedded in a fake movie torrent for One Battle After Another.
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
Bitdefender researchers discovered an Android RAT campaign that combines social engineering, the resources of Hugging Face and permission abuse
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn’t realistic — especially when skills are designed to look helpful and familiar.
LummaStealer Is Getting a Second Life Alongside CastleLoader
Bitdefender researchers have discovered a surge in LummaStealer activity, showing how one of the world's most prolific information-stealing malware operations managed to survive despite being almost brought down by law enforcement less than a year ago.
Global Scam Machines: Inside a Meta-Powered Investment Fraud Ecosystem Spanning 25 Countries
Global investigation reveals investment scam network spanning 25 countries using fake news, public figures and paid ads on Meta.
Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads
Bitdefender has discovered a malicious Google Ads campaign targeting anyone searching for downloads related to Claude
Windsurf IDE Extension Drops Malware via Solana Blockchain
Bitdefender found a malicious Windsurf IDE extension that deploys a NodeJS stealer by using the Solana blockchain as the payload infrastructure.
Data breach cloud in Europa: TeamPCP svela la fragilità strutturale della sicurezza multi-tenant
L’incidente collegato al gruppo TeamPCP riaccende il dibattito sulla sicurezza del cloud. Dati europei sono esposti in un’infrastruttura cloud compromessa. Tra misconfigurazioni, credenziali deboli e responsabilità condivise, emerge un rischio sistemico
When attackers already have the keys, MFA is just another door to open
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass.
When attackers already have the keys, MFA is just another door to open
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass.
L’attacco invisibile a Axios: quando la sicurezza fallisce nella supply chain del software
L’attacco che ha coinvolto Axios rappresenta un cambiamento nel modo in cui le vulnerabilità vengono sfruttate e nel livello a cui gli attacchi si collocano. È quindi necessario ripensare il rapporto tra tecnologia, governance e regolazione, riconoscendo il ruolo centrale della supply chain software e dell’open source. Ecco perché