Hackers Abuse Cloudflare and Zendesk Pages in Sophisticated Phishing Campaign

 

Hackers Exploit Cloudflare and Zendesk Pages in Sophisticated Phishing Campaign to Steal User Credentials

A new wave of phishing attacks is exploiting the credibility of trusted cloud platforms like Cloudflare Pages and Zendesk to execute large-scale credential theft operations. Security researchers have uncovered an elaborate infrastructure of malicious domains designed to impersonate legitimate customer support portals, revealing an alarming escalation in the use of reputable cloud services for social engineering.

Hackers Exploit Claude AI APIs with Indirect Prompts to Steal User Data

 

Hackers Can Manipulate Claude AI APIs with Indirect Prompts to Steal User Data

Anthropic’s Claude AI — with its new network-enabled Code Interpreter — can be manipulated to siphon private information from users by way of cleverly hidden, indirect prompts. A proof-of-concept disclosed by Johann Rehberger (October 2025) shows how attackers can trick the model into retrieving chat histories and uploading them to the attacker’s account, exposing a new class of risks that come with connecting large language models to external services.

Russian Ransomware Gangs Turn Open-Source AdaptixC2 Into a Potent Attack Platform

 

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

The open-source command-and-control (C2) framework AdaptixC2 has rapidly gained attention — not just among ethical hackers, but increasingly among Russian-linked ransomware operators exploiting it for sophisticated cyberattacks.

AI’s Double-Edged Sword: Security Flaws Undermine Half of Enterprises

 

Half of All Organizations Hit by AI Security Flaws, EY Warns

A new report from EY reveals a troubling trend: half of all organizations have been negatively impacted by security vulnerabilities in their AI systems, exposing critical weaknesses in how enterprises deploy and secure artificial intelligence.

New RaaS Operation ‘Gentlemen’s’ Surfaces, Expanding Attacks to Windows, Linux, and ESXi Systems

 

Gentlemen’s” RaaS: a new cross-platform ransomware service advertised on hacking forums

 A new affiliate-style ransomware-as-a-service called Gentlemen’s, promoted by actor zeta88, brings purpose-built lockers for Windows, Linux, ESXi and more — and a generous 90/10 revenue split that could accelerate adoption.

Pwn2Own Ireland 2025 Concludes with Record $1M+ in Bug Bounties and Summoning Team's Master of Pwn Victory

 

Pwn2Own Ireland 2025 has officially wrapped up, marking a highly successful hacking competition that rewarded **73 unique zero-day vulnerabilities** with a total of **$1,024,750**. The three-day event showcased exceptional security research across consumer devices, IoT systems, surveillance equipment, and more—ultimately crowning the **Summoning Team** as this year's Master of Pwn champions.

## Record-Breaking Numbers and Impressive Participation

The competition lived up to its reputation as the premier platform for vulnerability researchers to demonstrate cutting-edge exploit techniques. Over the course of the event, security professionals attempted 17 different exploits on day three alone, building on the 56 unique zero-day bugs and $792,750 awarded in the first two days.

The event's success wouldn't have been possible without significant support from key partners. **Meta** served as the primary partner, while **Synology** and **QNAP** provided crucial co-sponsorship that strengthened the competition's scope and credibility.

Swedish Banks and Government Unite to Strengthen National Cybersecurity

 

Swedish Banks and State Unite to Strengthen Cybersecurity Resilience

Sweden’s central bank, Riksbank, together with national security organisations and the financial sector, has launched a strategic initiative to deepen cooperation between state-operated cyber defence centres and the IT security teams of banks, insurers, and other financial players.