Introduction Containerization using Docker has become firmly established in modern development standards, significantly increasing the speed and convenience of deploying various services. Developers often use ready-made Docker images, making only minimal changes. The largest repository of container images is the Docker Hub service. Container-hosted infrastructure is an attractive target for attackers. At a minimum, a […]

A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives.  The attack is initiated by a text message pretending to come from Signal Support. “Action Required: Data Recovery NeededYour Signal account data (message and media) Is at risk of permanent loss due to a […]

A convincing fake website is impersonating OpenAI’s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information. The site, openew[.]app, closely mimics OpenAI’s real ChatGPT download experience and offers what appear to be official desktop apps for both Windows and macOS. Instead, Windows users receive […]

A Secure Boot certificate refresh is rolling out across supported Windows devices through Windows Update. In June 2026, the Secure Boot certificates that have shipped inside Windows since 2011 begin to expire, and Microsoft is replacing them with new 2023-dated certificates. The good news: If you keep your PC updated, you probably won’t need to […]

Carnival Corporation, parent of Carnival Cruise Line, is sending out fresh “Notice of Cybersecurity Event” letters dated May 27, 2026. If you feel like you’ve read that sentence before, you’re not imagining things. Over the last decade, the world’s largest cruise operator has accumulated a worrying track record of breaches, ransomware incidents, and regulatory penalties, […]

Introduction In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user […]

Cybercriminals are abusing Adobe infrastructure in a LinkedIn phishing campaign that steals passwords and redirects victims to the legitimate LinkedIn site afterward. The phishing email masquerades as a business inquiry designed to look like it’s come via LinkedIn and includes a fake “contract” attachment. But it contains a number of red flags: The sender name, […]

A media company and two of its marketing partners have been fined for selling a service which, they said, listened in to people’s conversations through their phones. Actually they did nothing of the sort. Most people have worried at some point that their phone has been listening to them through the microphone. You know how […]

When the Federal Bureau of Investigation (FBI) publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to. The agency is now warning about “Kali365,” a phishing‑as‑a‑service (PhaaS) platform that helps even low‑skilled attackers hijack Microsoft 365 accounts by stealing access tokens instead of passwords. Although early reporting focuses on […]

A pop-up appears on your computer, warning of a virus. You call the “Microsoft technician” in the pop-up message, and they explain that they need remote access to fix it. Most of us know this script by now. It’s a scam, operated by people intent on siphoning money from your account. A court case last […]