Google security researchers recently uncovered a sophisticated criminal operation called “Lighthouse” that has victimized over one million people across more than 120 countries. This phishing-as-a-service platform represents one of the most damaging SMS-based scam networks in recent years, prompting Google to file litigation aimed at dismantling the entire operation. The attack’s scale reveals how well-organized […] The post Google Sues ‘Lighthouse’ Phishing-as-a-service Kit Behind Massive Phishing Attacks appeared first on Cyber Security News.

A newly documented malware campaign demonstrates how attackers are leveraging Windows LNK shortcuts to deliver the MastaStealer infostealer. The attack begins with spear-phishing emails containing ZIP archives with a single LNK file that executes a multi-stage infection process. When victims click the malicious shortcut, it launches Microsoft Edge while opening the AnyDesk website in the […] The post MastaStealer Weaponizes Windows LNK Files, Executes PowerShell Command, and Evades Defender appeared first on Cyber Security News.

Reports of a possible law enforcement operation against Rhadamanthys Stealer infrastructure have created waves in the cybersecurity community. The information stealer, which has been active in the threat landscape for several months, appears to have suffered a major disruption to its command and control servers. Users of the malware-as-a-service platform have reported difficulties accessing their […] The post Rhadamanthys Stealer Servers Possibly Seized – Admin Urges to Reinstall Servers appeared first on Cyber Security News.

The English-speaking cybercriminal ecosystem, commonly known as “The COM,” has transformed from a niche community of social media account traders into a sophisticated, organized operation fueling some of the world’s most damaging cyberattacks. What started as simple forums for trading rare social media handles has evolved into a professional, service-driven criminal marketplace targeting multinational corporations, […] The post English-Speaking Cybercriminal Ecosystem ‘The COM’ Drives a Wide Spectrum of Cyberattacks appeared first on Cyber Security News.

Microsoft has released security updates to fix a serious vulnerability in SQL Server that allows attackers to gain higher system privileges. The flaw, tracked as CVE-2025-59499, was disclosed on November 11, 2025, and affects multiple versions including SQL Server 2016, 2017, 2019, and 2022. This vulnerability stems from improper handling of special characters in SQL […] The post Microsoft SQL Server Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

A new phishing campaign is targeting iPhone owners who have lost their devices, exploiting their hope of recovery to steal Apple ID credentials. The National Cyber Security Centre (NCSC) has received multiple reports of cases where victims received text messages claiming their lost or stolen iPhones had been found abroad, sometimes months after the devices […] The post New Phishing Attack Targeting iPhone Owners Who’ve Lost Their Devices appeared first on Cyber Security News.

A Chinese national has been sentenced to over 11 years in prison following one of the most significant cryptocurrency fraud investigations in history. Zhimin Qian, 47, received an 11-year and eight-month sentence for possessing and transferring criminal property under the Proceeds of Crime Act 2002. The case marks the culmination of a seven-year investigation by […] The post Chinese National Jailed for Laundering Over £5 Billion by Defrauding Over 128,000 Victims appeared first on Cyber Security News.

A large phishing campaign has been targeting travelers worldwide, using more than 4,300 fake domains to steal payment card information. The operation focuses on people planning vacations or about to check into hotels by sending fake booking confirmation emails that appear to come from trusted travel companies. The attackers have created a network of websites […] The post Massive Phishing Attack Impersonate as Travel Brands Attacking Users with 4,300 Malicious Domains appeared first on Cyber Security News.