Enterprise Security Tech

A Russian-linked hacking group notorious for espionage against Western governments has returned with a faster, stealthier, and more aggressive malware campaign—this time disguised as a simple “I’m not a robot” CAPTCHA. Google’s Threat Intelligence Group (GTIG) has identified a new, modular malware suite developed by ColdRiver —also tracked as Star Blizzard , Callisto , and UNC4057 —that replaces the group’s previous toolset known as LostKeys . According to GTIG’s October 20 r

The public sector’s digital ramparts are buckling under the pressure of increasingly sophisticated ransomware — and 2025 is proving to be a watershed year. According to fresh intelligence gathered by the cyber-defence unit of Trustwave SpiderLabs (a division of Trustwave, now under LevelBlue), nearly 200 government or public-service entities around the globe have already been hit by ransomware so far this year. These attacks aren’t isolated incidents of data theft —they’re o

In what security researchers are describing as a watershed moment for developer supply-chain attacks, a new malware campaign dubbed GlassWorm  has begun spreading through extensions for Visual Studio Code (VS Code) and its open-source alternative, OpenVSX. The worm-like code has been installed on an estimated 35,800 developer machines so far. What happened: A stealthy worm enters the IDE According to analysts at Koi Security, the campaign first surfaced on October 17, 2025 wh

Microsoft’s support for Windows 10 officially ended last week on October 14 , but for millions of systems worldwide, that deadline has come and gone with business still as usual — and that’s the problem. Nearly a decade after its 2015 debut, Windows 10 has finally entered the post-support void. Microsoft is no longer issuing free updates, security patches, or bug fixes, and that has left an estimated 5.25 percent of all workloads  still running the operating system exposed, a

According to new research from Comparitech , ransomware attacks on government organizations jumped sharply in 2025 — even as quarterly totals showed signs of decline. The firm’s latest analysis recorded 276 attacks on government entities  worldwide between January and September 2025, marking a 41 percent increase  from the same period in 2024 (196). Of those, 147 attacks have been confirmed  by the victims themselves — nearly identical to last year’s confirmed total (146). Co

SocGholish, the insidious “fake update” scheme that lures users into installing malicious code masquerading as browser or plugin patches — has quietly evolved into a full-blown Malware-as-a-Service ecosystem. New technical analysis from threat researchers at Trustwave SpiderLabs , a LevelBlue company, shows the operation now functions less like a single campaign and more like an industrial distribution layer that any criminal buyer can plug into. The result: access-for-hire