Author: Vasilis Katos

From Cyber Security News

A new malware campaign targeting Brazilian users has emerged, using WhatsApp as its primary distribution channel to spread banking trojans and harvest sensitive information.

This sophisticated attack leverages social engineering by exploiting the trust victims place in their existing contacts, making the malicious files appear legitimate.

The campaign begins with phishing emails containing archived VBS scripts that employ advanced obfuscation techniques to evade detection by security software.

Read more…

From cybersecuritynews.com

A critical security flaw in WhatsApp has allowed researchers to expose the phone numbers of 3.5 billion users, marking one of the most significant data leaks ever documented.

This vulnerability, rooted in the app’s contact discovery feature, persisted despite warnings to Meta dating back to 2017, raising serious concerns about user privacy on the world’s most popular messaging platform.​

The exploit relies on WhatsApp’s built-in mechanism for finding contacts, which reveals whether a user is on the service and public details like profile pictures and status texts when a phone number is entered.

Security researchers from the University of Vienna demonstrated the flaw by systematically querying billions of potential numbers, confirming active accounts at a rate of over 100 million per hour without any restrictions from WhatsApp.

Read more…

From: independent.co.uk

Flights have been delayed and cancelled at several European airports after a cyber attack targeting a service provider for check-in and boarding systems.

The attack has rendered automated systems inoperable, allowing only manual check-in and boarding procedures, according to Brussels Airport.

London Heathrow and Berlin airport also said the attack was disrupting its flights, with passengers advised to confirm their travel with airlines before heading to the airport on Saturday.

Read more (& live updates)…

From cyberdaily.au

Hacker targets art commissioning site Artists&Clients and threatens to share artworks in AI training datasets: “[….]Additionally, we will submit all artwork to AI companies to be added to training datasets,” LunaLock said.

Read more…

From welivesecurity.com

ESET researchers have discovered what they called “the first known AI-powered ransomware”. The malware, which ESET has named PromptLock, has the ability to exfiltrate, encrypt and possibly even destroy data, though this last functionality appears not to have been implemented in the malware yet.

While PromptLock was not spotted in actual attacks and is instead thought to be a proof-of-concept (PoC) or a work in progress, ESET’s discovery shows how malicious use of publicly-available AI tools could supercharge ransomware and other pervasive cyberthreats.

Read more…

From securityaffairs.com

FBI seizes multiple piracy sites for Nintendo Switch and PlayStation 4 games, dismantling their infrastructure.

The FBI, with the help of the Dutch FIOD, seized multiple piracy sites distributing pirated video games, including nsw2u.com, ps4pkg.com, and mgnetu.com, dismantling their infrastructure. These sites, active for over four years, offered early access to popular game titles and logged 3.2 million downloads between February and May 2025, causing an estimated $170 million in losses.

Read more…

From interestingengineering.com

Dylan has filed over 20 vulnerabilities, earned a top-three finish at Zero Day Quest, and changed Microsoft’s security policy.

Bug bounty programs attract some of the most skilled engineers in cybersecurity. These are professionals who find their way through enterprise-level software in search of vulnerabilities for recognition, impact, or high payouts.

But Dylan, a high school junior, entered that world at just 13. His first major find, a critical Microsoft Teams vulnerability, didn’t just earn him accolades. It led Microsoft to rewrite the rules of its bug bounty program to allow teenage researchers.

Read more…