Chargebacks only capture a narrow slice of fraud losses, hiding bigger issues that affect revenue, customer experience, and long-term profitability.
Security researchers at Socket uncovered more than 100 malicious Chrome Web Store extensions operating as part of a coordinated campaign to steal Google OAuth2 Bearer tokens, hijack sessions, and commit ad fraud.
Microsoft's April 2026 Patch Tuesday addresses 167 security vulnerabilities, including an actively exploited SharePoint Server zero-day and the publicly disclosed BlueHammer flaw in Windows Defender. Google Chrome and Adobe Reader also received urgent security fixes this cycle.
Crypto exchange Kraken is being extorted by a criminal group threatening to release videos of its internal systems containing client data, following two insider access incidents affecting roughly 2,000 accounts.
Microsoft's April 2026 cumulative updates for Windows 10 and Windows 11 introduce new safeguards against phishing attacks that weaponize Remote Desktop Protocol (.rdp) files, including security warnings and disabled resource redirections by default.
CISA has notified CyberCorps: Scholarship for Service participants that summer 2025 internships are canceled due to a DHS funding lapse, leaving hundreds of cyber scholars in limbo for a second consecutive year.
A newly documented ransomware strain called JanaWare has been targeting Turkish home users and small businesses since 2020, demanding just $200–$400 per victim while deliberately evading international researcher scrutiny.
Microsoft has introduced a temporary accelerated process to help developers recover access to Windows Hardware Program accounts suspended over incomplete identity verification, following an outcry from high-profile open-source project maintainers.
Google has embedded a Rust-based DNS parser into the modem firmware of Pixel phones, starting with the Pixel 10 series, to eliminate an entire class of memory-safety vulnerabilities in a critical and remotely accessible attack surface.
The Triad Nexus cybercrime network has rebuilt its global fraud infrastructure despite US sanctions, shifting toward emerging markets while abusing cloud services from Amazon, Cloudflare, Google, and Microsoft.