November 10, 2025

BlackFog's state of ransomware 2025 report measures publicly disclosed and non-disclosed attacks globally.

the STRIDE Threat Modeling Framework - A Complete Guide provides a robust, systematic approach for identifying, analyzing, and addressing

CTA works to improve the cybersecurity of our global digital ecosystem by sharing real-time, high-quality cyber threat information.

Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends.

Key findings Proofpoint created a new open-source tool for creating threat detection rules based on unique characteristics in PDFs called “PDF Object Hashing”.  This technique can

The Seattle-based company disclosed the incident Wednesday in an SEC filing and a customer memo, saying the attacker maintained “long-term, persistent access” to some of its product development and en...

0 likes, 0 comments - wroykommutr on October 18, 2025: "Check out the new video for The Ratterbum".

Poland said that the country's critical infrastructure is experiencing an increasing number of cyberattacks from Russia, according to Minister of Digitalization.

As the world becomes more and more connected, and digital technologies continue to evolve, email remains a critical tool for communications both for individuals and for commercial use. Email security ...

BleepingComputer reports that the BBC had one of its correspondents attempted to be enticed by alleged Medusa ransomware hackers into becoming an insider to breach the British public service…

A minor misconfiguration led to a massive data breach at British Airways, emphasizing the importance of proactive cybersecurity & supply chain vigilance...

 A new cyber threat known as the FileFix attack is gaining traction, using deceptive tactics to trick users into downloading malware. According to Acronis, which first identified the campaign, hackers are sending fake Meta account suspension notices to lure victims into installing the StealC infostealer. Reported by Bleeping Computer, the attack relies on social engineering techniques that exploit urgency and fear to convince targets to act quickly without suspicion.  The StealC malware is designed to extract sensitive information from multiple sources, including cloud-stored credentials, browser cookies, authentication tokens, messaging platforms, cryptocurrency wallets, VPNs, and gaming accounts. It can also capture desktop screenshots. Victims are directed to a fake Meta support webpage available in multiple languages, warning them of imminent account suspension. The page urges users to review an “incident report,” which is disguised as a PowerShell command. Once executed, the command installs StealC on the victim’s device.  To execute the attack, users are instructed to copy a path that appears legitimate but contains hidden malicious code and subtle formatting tricks, such as extra spaces, making it harder to detect. Unlike traditional ClickFix attacks, which use the Windows Run dialog box, FileFix leverages the Windows File Explorer address bar to execute malicious commands. This method, attributed to a researcher known as mr.fox, makes the attack harder for casual users to recognize.  Acronis has emphasized the importance of user awareness and training, particularly educating people on the risks of copying commands or paths from suspicious websites into system interfaces. Recognizing common phishing red flags—such as urgent language, unexpected warnings, and suspicious links—remains critical. Security experts recommend that users verify account issues by directly visiting official websites rather than following embedded links in unsolicited emails.  Additional protective measures include enabling two-factor authentication (2FA), which provides an extra security layer even if login credentials are stolen, and ensuring that devices are protected with up-to-date antivirus solutions. Advanced features such as VPNs and hardened browsers can also reduce exposure to such threats.  Cybersecurity researchers warn that both FileFix and its predecessor ClickFix are likely to remain popular among attackers until awareness becomes widespread. As these techniques evolve, sharing knowledge within organizations and communities is seen as a key defense. At the same time, maintaining strong cyber hygiene and securing personal devices are essential to reduce the risk of falling victim to these increasingly sophisticated phishing campaigns.