Stay updated with the latest in cybersecurity threats, data privacy, and digital marketing trends. CyberPulse delivers breaking stories, expert analysis, and insights for today’s digital professionals
Members of the federal judiciary are increasingly concerned for their safety as they face heightened harassment and threats. Federal judges are contemplating the establishment of their own security detail to mitigate risks associated with potential withdrawal of U.S. marshals protection under the current administration.
An international law enforcement operation, dubbed **Operation Endgame**, has successfully disrupted a significant number of malware infrastructures globally. The operation targeted various notorious malware families, including IcedID, SystemBC, Pikabot, SmokeLoader, Bumblebee, and Trickbot. This operation, coordinated by Europol, aimed to take down over 100 servers and seize around 2,000 domains associated with these cybercriminal activities.
The recent takedown of the DanaBot malware operation has revealed significant details about the malware's capabilities and the extent of its impact. The operation involved a global collaboration between law enforcement and cybersecurity firms, resulting in the seizure of command and control servers used by DanaBot. The malware, initially developed as a banking trojan in 2018, evolved into a sophisticated information stealer and loader, impacting over 300,000 computers globally and causing damages estimated at $50 million.
Microsoft's Digital Crimes Unit (DCU) and international partners have successfully disrupted the Lumma Stealer, a prominent malware used to steal sensitive information and facilitate cybercrime. Legal actions were initiated on May 13, with the seizure of approximately 2,300 malicious domains that supported Lumma's operations. The Department of Justice (DOJ) also played a critical role in seizing Lumma's central command structure and disrupting online marketplaces selling this malware.
A recent incident highlighted by researchers at WithSecure involved a ransomware attack that originated from a fraudulent KeePass download site. This incident was categorized as a "textbook identity attack." Attackers lured victims to a malicious site designed to mimic the legitimate KeePass password manager, advertised through Bing. Once victims installed the compromised software, the malware utilized a Cobalt Strike tool for command-and-control operations and exported the KeePass password database in clear text, granting attackers access to networks and cloud services.
The attacker uses a Gmail account to send an email free of grammatical errors and with no malicious payloads to attempt payroll diversion. This likely AI-generated attack involves impersonating a recruitment coordinator, initiating a payroll diversion. The attacker registers a Gmail account, sets the display name to that of the impersonated employee, and emails the HR Director about updating direct deposit information. The initial email aims to build trust, leading to the next stage where the attacker provides fraudulent banking details for future direct deposits.
A critical security vulnerability in ChatGPT has been identified, enabling attackers to embed malicious SVG (Scalable Vector Graphics) and image files within shared conversations. This flaw, documented as CVE-2025-43714, is active until March 30, 2025. Researchers found that instead of treating SVG code as text, ChatGPT executes these elements when a chat is reopened or shared via links. This creates a stored cross-site scripting (XSS) vulnerability. The researcher, zer0dac, stated, “The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers.”
Security researchers displayed 28 zero-day vulnerabilities during the Pwn2Own contest held in Berlin, revealing critical flaws in widely used software and operating systems. Notable targets included Microsoft Windows 11, Red Hat Linux, Mozilla Firefox, VMware ESXi, and the NVIDIA Container Toolkit. The event, organized by Trend Micro’s Zero Day Initiative, saw participants earn a total payout of $1,078,750, highlighting the ongoing risks present in modern technology.
Identity-based attacks are the leading cause of breaches, often exploiting weaknesses in traditional identity platforms. According to Forbes, 75% of cyberattacks leverage identity-based threats. Threat actors gain access using stolen credentials, compromised devices, and deepfake impersonation techniques, frequently bypassing traditional defenses undetected. Many identity platforms depend on MFA methods, such as push notifications and one-time passcodes (OTPs), which are now increasingly exploited through phishing and MFA fatigue tactics. The rise of generative AI has further amplified these threats.