GhostPoster Campaign Exploits Firefox Add-Ons to Spread Malware
A newly uncovered campaign dubbed GhostPoster has weaponized logo files in 17 Mozilla Firefox add-ons to deliver malicious JavaScript, according to researchers at Koi Security. The extensions, collectively downloaded more than 50,000 times, have since been removed from the platform.
SoundCloud Breach Exposes Millions of User Emails Amid Follow-Up Attacks
Audio streaming platform SoundCloud has confirmed a significant security breach affecting an estimated 20 percent of its global user base. The company disclosed that hackers gained access to limited account information, including email addresses, through an internal service dashboard. The announcement comes after weeks of service disruptions that left many users unable to connect, particularly those relying on VPNs in restricted regions.
Microsoft Ends 2025 with 56 Security Fixes, Including Actively Exploited Flaw
Microsoft closed out 2025 by releasing patches for 56 security vulnerabilities across its Windows platform, including one flaw already being exploited in the wild. Of the total, three were rated Critical and 53 Important, with two publicly known at the time of disclosure.
Banks Face Urgent Call to Upgrade IT Systems for Customer Vulnerability Standards
Financial services firms are being urged to urgently review their IT systems and processes after new independent guidance on managing customer vulnerability was formally adopted by the Financial Ombudsman Service (FOS).
Researchers Warn of Four Sophisticated Phishing Kits Targeting Global Users
Cybersecurity experts have uncovered four new phishing kits—BlackForce, GhostFrame, InboxPrime AI, and Spiderman—capable of large-scale credential theft and bypassing security defenses.
CommBank launches national AI and cybersecurity programme for SMEs
Commonwealth Bank of Australia (CommBank) today announced a national technology skills initiative to help Australia’s small businesses build AI, cybersecurity and digital capabilities to lift productivity and drive growth.
The WebXR Leak: A Hidden Browser Flaw Exposed Millions to Risk
A serious security vulnerability has recently been uncovered in the underlying technology powering most of the world’s web browsers, placing over four billion devices at risk of a data leak. The flaw was discovered by autonomous security specialist AISLE, which rated the issue as Medium severity (4.3). Despite its rating, the scale of exposure was enormous, as it affected all major browsers built on the Chromium code base—including Google Chrome, Microsoft Edge, Brave, and Opera.
U.S. Warns of Brickstorm Backdoor Malware Targeting U.S. Infrastructure
Federal cybersecurity officials have issued a warning about a stealthy backdoor known as Brickstorm, which Chinese state-sponsored hackers are deploying across critical infrastructure environments in the United States and Canada.
NEWS & PR
