The U.S. Department of Justice (DOJ) announced that it had obtained and acted on the two court-approved warrants authorizing the seizure of five internet domains linked to a global malware operation known as LummaC2. The domains were being used by cybercriminals to spread information-stealing malware and were taken down in…

A flaw has been discovered in OpenPGP.js, a widely used JavaScript library for OpenPGP encryption. Tracked as CVE-2025-47934, the vulnerability allows threat actors to spoof both signed and encrypted messages, effectively undermining the very foundation of trust in public key cryptography.  The vulnerability, rated 8.7 (High) on the CVSS scale,…

A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma (aka LummaC or LummaC2), seizing 2,300 domains that acted as the command-and-control (C2) backbone to commandeer infected Windows systems. “Malware…