Major Security Flaw Exposed 3.5 Billion WhatsApp Phone Numbers

WhatsApp had a massive security flaw that put phone numbers of 3.5 billion users at risk

A significant security vulnerability has recently been uncovered in WhatsApp's contact discovery feature, allowing researchers to scrape and identify a massive database of users. This incident highlights a major oversight in the platform's design and rate-limiting protocols.

RBI Mandates '.bank.in': Securing India's Digital Banking Ecosystem

 

RBI Mandates '.bank.in': A New Era for Secure Digital Banking

Key Takeaways:

• The Reserve Bank of India (RBI) has made the '.bank.in' domain mandatory for all licensed banks in India.

• This exclusive domain acts as a critical security filter to prevent banking fraud, especially phishing.

• Only RBI-regulated institutions can register for the '.bank.in' domain, guaranteeing website authenticity.

• Customers must now verify the URL ending to ensure they are on a legitimate bank portal.

VanHelsing Unleashed: The RaaS That Targets Windows, Linux, BSD, ARM and VMware ESXi

 

VanHelsing RaaS: a cross-platform ransomware that weaponizes affiliates to hit Windows, Linux, BSD, ARM and ESXi

VanHelsing has emerged as a sophisticated ransomware-as-a-service (RaaS) operation that changes the rules for cross-platform attackers. First observed on March 7, 2025, VanHelsing provides a fully packaged service to criminal affiliates: a $5,000 deposit to join, an 80% cut of ransom payments for affiliates, and a user-friendly control panel to orchestrate attacks across heterogeneous environments.

Hackers Abuse Cloudflare and Zendesk Pages in Sophisticated Phishing Campaign

 

Hackers Exploit Cloudflare and Zendesk Pages in Sophisticated Phishing Campaign to Steal User Credentials

A new wave of phishing attacks is exploiting the credibility of trusted cloud platforms like Cloudflare Pages and Zendesk to execute large-scale credential theft operations. Security researchers have uncovered an elaborate infrastructure of malicious domains designed to impersonate legitimate customer support portals, revealing an alarming escalation in the use of reputable cloud services for social engineering.

Hackers Exploit Claude AI APIs with Indirect Prompts to Steal User Data

 

Hackers Can Manipulate Claude AI APIs with Indirect Prompts to Steal User Data

Anthropic’s Claude AI — with its new network-enabled Code Interpreter — can be manipulated to siphon private information from users by way of cleverly hidden, indirect prompts. A proof-of-concept disclosed by Johann Rehberger (October 2025) shows how attackers can trick the model into retrieving chat histories and uploading them to the attacker’s account, exposing a new class of risks that come with connecting large language models to external services.

Russian Ransomware Gangs Turn Open-Source AdaptixC2 Into a Potent Attack Platform

 

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

The open-source command-and-control (C2) framework AdaptixC2 has rapidly gained attention — not just among ethical hackers, but increasingly among Russian-linked ransomware operators exploiting it for sophisticated cyberattacks.

AI’s Double-Edged Sword: Security Flaws Undermine Half of Enterprises

 

Half of All Organizations Hit by AI Security Flaws, EY Warns

A new report from EY reveals a troubling trend: half of all organizations have been negatively impacted by security vulnerabilities in their AI systems, exposing critical weaknesses in how enterprises deploy and secure artificial intelligence.