Toronto Sextortionist Gets 33 Years for Targeting 145 Kids

Toronto Man Sentenced to 33 Years in U.S. for Sextortion Scheme Targeting 145 Children A sextortion scheme originating from Toronto has resulted in one of the most significant child exploitation sentences in recent North American legal history. Ramanan Pathmanathan, 40, was handed a 33-year federal prison term by a U.S. District Court in Washington, D.C. … Read more

Zero-Click WhatsApp Attack Hijacks iOS 16 Accounts Silently

Silent Threat: Zero-Click WhatsApp Attack Is Hijacking iOS 16 Accounts Without Warning A newly documented zero-click WhatsApp account takeover attack is compromising iPhones running iOS 16 without any interaction from the device owner. Victims have had unauthorized messages sent from their accounts, including fraudulent money transfer requests, while their WhatsApp app showed no sign of … Read more

GHOST STADIUM Phishing Targets FIFA World Cup Fans in Canada

GHOST STADIUM: Chinese-Linked Phishing Operation Deploys 300+ Fake FIFA Domains to Defraud World Cup Fans A large-scale, financially motivated phishing campaign has been uncovered targeting fans of the 2026 FIFA World Cup, with researchers identifying over 300 fraudulent domains engineered to steal credentials, payment information, and ticket access. The operation, attributed to a threat actor … Read more

Kali365 PhaaS (phishing-as-a-service) Bypasses MFA to Hijack Microsoft 365 Accounts

Kali365 PhaaS Platform Hijacks Microsoft 365 Accounts Without Stealing a Single Password A criminal subscription service called Kali365 is actively compromising Microsoft 365 accounts across North America and Europe, and it does so without ever needing a victim’s password or triggering a standard multi-factor authentication (MFA) prompt. The FBI issued a formal public service announcement … Read more

Claude Mythos Nears Public Release via Claude Code

Anthropic’s Restricted Claude Mythos Model Is Edging Toward Public Release Through Claude Code Anthropic’s most powerful and previously locked-down AI model, Claude Mythos, has surfaced briefly inside Claude Code and Claude Security. A signal that a controlled public rollout may be closer than the company has publicly acknowledged. The fleeting appearance of a toggle labeled … Read more

Critical Ghost CMS SQL Injection Flaw Exploited in Massive ClickFix Malware Campaign

Welcome back to The Threat Box. If your organization relies on Ghost CMS for its corporate blog, newsroom, or publishing platform, you need to pay close attention. A highly critical vulnerability is actively being exploited in the wild, turning otherwise reputable websites into delivery mechanisms for a sophisticated malware campaign known as ClickFix. Cybersecurity researchers … Read more