Newsletters

Hackers activated secret backdoors they planted six years ago inside Magento plugins to hijack almost 1,000 Magento online stores.

The initial compromises took place in 2019 when the attackers allegedly gained access to the servers of three Magento software developers—Magesolution, Meetanshi, and Tigren.

According to security firm Sansec, the hackers modified the source code of 21 plugins. The backdoor was hidden in the License.php file, which is typically included in most plugins to check if the user holds a valid license.

Microsoft is making the passwordless login experience the default for all new user accounts, the company said in a blog post on World Password Day.

New users will have several passwordless options to choose from when creating their account, and they won't need to set up a password going forward.

Existing users also have a new option in their settings that will let them unlink and delete passwords from their accounts.

Security firm SentinelOne has published a new report that takes a deep dive into all the weird and wonderful ways threat actors are targeting it. Attacks against security vendors are nothing new, but they've scaled up and are now a constant threat. And as best we can remember, this is the first time a security company has publicly described the range of threats they're facing in detail. 

The report first looked at the North Korean (DPRK) IT worker threat, where North Koreans use fake identities to apply for legitimate remote jobs, is evolving and occurring at "staggering volume":

Instead of just deleting the applications and moving on, the company turned the tables on the North Korean applicants. In an effort to learn more about their fraudulent job application techniques, it strung them along in tailored recruitment processes. SentinelOne says it was able to make its detection processes more effective by bringing frontline teams such as recruiting and sales into the tent. By sharing potential threat information, recruiters were able to identify suspicious patterns. Those patterns were then used in automated systems to identify and even block dodgy applications. A kind of virtuous cross-team circle. 

After years and years of pretending like nothing serious happened, the French government has finally grown a spine and formally called out Russia for using military cyber units to meddle in its elections and to carry out destructive cyberattacks against French targets—a big no-no for countries not at war.

In a statement on Tuesday, the French Ministry of Foreign Affairs says that hackers linked to Russia's GRU military intelligence agency were behind some of the most notorious hacks in France's history, such as:

French officials blamed these attacks, and more, on a GRU hacking group known as APT28.

After a few years of stagnation and repetitive, copy-pasted malware strains, the Android banking malware scene is seeing a leap forward in innovation and tactics.

This new evolution is targeting contactless payments, a feature of modern banking that allows individuals to pay by using a smartphone or credit/debit card that has an NFC chip inside it. In 2025, the feature is ubiquitous, and very few banks don't support it.

For over a decade, it was believed that contactless payments were the future because nobody could clone or intercept NFC transactions.

There are a handful of seminal reports in the cybersecurity industry, and lo and behold, three of them were released on Wednesday.

Mandiant's team, now part of Google Cloud, released M-Trends, Verizon released its Data Breach Investigations Report (aka DBIR), and the FBI Internet Crime Complaint Center (IC3) released its yearly Internet Crime Report [PDF].

All put together, amount to an astounding 256 pages, or the equivalent of a damn book. But don't worry because we got you covered. Below are extracts of the most important conclusions, trends, and talking points from each report.

Southeast Asian organised crime groups operating cyber-enabled scam compounds are becoming more sophisticated and going global, according to a new report from the UN Office of Drugs and Crime (UNODC). This threat will need concerted and swift political action to counter it. 

We've written about the nexus of cyber-enabled scams, trafficked persons and forced labour, money laundering, and the rise of massive criminal service marketplaces since 2023. Governments are fighting back against the syndicates, so they're now expanding into new countries that lack the capacity to deal with transnational crime of this scale. Without decisive action these groups will be able to dig in and corrupt the countries they move into. 

The gangs in question run industrial-scale scam centres known as "boiler rooms" or "pig-butchering farms", typically using forced labour. This week's UN report estimates the workforce involved is "comprised of hundreds of thousands of trafficked victims and complicit individuals".

An unidentified threat actor is targeting Russian military personnel with spyware hidden in Android geo-mapping apps in what seems to be a campaign designed to spy on Russian military movements and positions.

The spyware is hidden inside legitimate versions of Alpine Quest, a mobile app used by Russian troops to coordinate operations in Ukraine.

According to Russian security firm Dr.Web, which spotted the campaign, the poisoned apps are spread via Telegram channels advertising a pirated PRO version of the app and even through some Russian Android app portals.

Hackers are abusing a little known Zoom feature to take control of their victims' computers to install malware and steal cryptocurrency.

The feature is named "Remote Control" and is part of Zoom's accessibility suite, where it was included for users with various disabilities to allow other users in the same meeting to control their PC.

Since at least this year, a cybercrime group named ELUSIVE COMET has incorporated this secret Zoom feature into their social engineering attacks and has successfully stolen millions of US dollars worth of crypto assets from their victims.

The Royal Thai Armed Forces and the Royal Thai Police ran an online harassment and doxing campaign against anti-government dissidents.

The campaign doxed victims and asked followers to report them to the police, which then happily launched investigations.

The secretive attacks came to light after Thai MP Chayaphon Satondee leaked confidential police documents online at the end of March.