attack
-
Blog
New FileFix attack weaponizes Windows File Explorer for stealthy commands
A cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows. FileFix, a variation of the social-engineering attack called ClickFix, allows threat actors to execute commands on the victim system through the File Explorer address bar in Windows. Cybersecurity researcher mr.d0x discovered…
Read More » -
Blog
Cloudflare blocks record 7.3 Tbps DDoS attack against hosting provider
Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack in May 2025 that peaked at 7.3 Tbps, targeting a hosting provider. DDoS attacks flood targets with massive amounts of traffic with the sole aim to overwhelm servers and create service slowdowns, disruptions, or outages. This new attack, which is 12% larger than the previous record, delivered a…
Read More » -
Blog
Personal data taken in Oxford City Council cyber attack
Oxford City Council has become the latest local authority to suffer a cyber attack, with the personal details of election workers stolen. The incident, which took place over the weekend of 7 and 8 June, saw the attackers accessing some historic data held on legacy systems. This included the personal information of people who worked on elections administered by the…
Read More » -
Blog
Hackers lean into social engineering to attack Apple security — Jamf – Computerworld
This has become such a pervasive problem that Apple in 2024 actually published a support document explaining what you should look for to avoid social engineering attacks. Attackers are increasingly creative, pose as trusted entities, and will use a combination of personal information and AI to create convincing attacks. They recognize, after all, that it is not the attack you spot…
Read More » -
Blog
First-ever zero-click attack targets Microsoft 365 Copilot
“This is sheer weaponization of AI’s core strength, contextual understanding, against itself,” said Abhishek Anant Garg, an analyst at QKS Group. “Enterprise security struggles because it’s built for malicious code, not language that looks harmless but acts like a weapon.” This kind of vulnerability represents a significant threat, warned Nader Henein, VP Analyst at Gartner. “Given the complexity of AI…
Read More » -
Blog
Everything we know so far about the United Natural Foods cyber attack
United Natural Foods – North America’s biggest wholesale food distributor and the main distributor for Amazon’s Whole Foods – has been hit by a cyber attack. The company operates 53 distribution centers and delivers to more than 30,000 locations across the US and Canada, including supermarket chains, e-commerce providers, natural product superstores, and independent retailers. The attack was revealed in…
Read More » -
Blog
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
A significant supply chain attack hit NPM after 16 popular Gluestack ‘react-native-aria’ packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). BleepingComputer determined that the compromise began on June 6 at 4:33 PM EST, when a new version of the react-native-aria/focus package was published to NPM. Since then, 16 of the 20…
Read More » -
Blog
Payne County, OK Sheriff confirms ransomware attack, tells residents to protect accounts
The Payne County Sherriff’s Office in Oklahoma this week confirmed it was hit by a ransomware attack last month. One June 3, 2025, the Sheriff’s Office announced that anyone who filed a report prior to May 15 should monitor their credit reports and bank accounts, issue fraud alerts, and change passwords. “The cyberattack has had no impact on the office’s…
Read More » -
Blog
North Face, Cartier among latest retail cyber attack victims – here’s what we know so far
Outdoor clothing company North Face and luxury jeweler Cartier are the latest retailers to be hit by cyber attacks following a spate of incidents across the industry. Cartier hasn’t specified when the attack took place, but told customers that it had contained the issue and ramped up protection of its systems and data. The luxury retailer has informed relevant authorities…
Read More » -
Blog
The North Face warns customers of April credential stuffing attack
Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company’s website in April. The North Face is a major American outdoor apparel and equipment brand owned by VF Corporation that also controls Vans, Timberland, and Dickies. The North Face generates over $3 billion in annual revenue, making it…
Read More »