Canada Bans WeChat and Kaspersky Apps On Government Devices

Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws

White House Hosts Counter Ransomware Initiative Summit, With a Focus on Not Paying Hackers

Dozens of Countries Will Pledge to Stop Paying Ransomware Gangs

Why Ransomware Victims Can’t Stop Paying off Hackers

Apple Alert: India Opposition Says Government Tried to Hack Phones

In Cyberattacks, Iran Shows Signs of Improved Hacking Capabilities

Krebs: .US Harbors Prolific Malicious Link Shortening Service

LastPass Breach Linked to Theft of $4.4 Million in Crypto

Cyber Chiefs Worry About Personal Liability as SEC Sues SolarWinds, Executive

Budget Cuts, Layoffs Add to Pressure on Cyber Teams

Half of Execs Request Security Bypass Over Past Year

Florida Man Jailed After Draining $1M From Victims in Crypto SIM Swap Attacks

Now Russians Accused of Pwning JFK Taxi System to Sell Top Spots to Cabbies
Ace Holed: Hardware Store Empire Felled by Cyberattack

Cybersecurity Snafu Sends British Library Back to the Dark Ages

SW Ontario Hospitals Confirm Patient Data Compromised in Cyberattack

Flipper Zero Bluetooth Spam Attacks Ported to New Android App

Scarred Manticore Targets Middle East With Advanced Malware

Arid Viper Campaign Targets Arabic-Speaking Users

Trojanized PyCharm Software Version Delivered via Google Search Ads

Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

Exploit Released for Critical Cisco IOS XE Flaw, Many Hosts Still hacked

Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss

Apple, Google, and Microsoft Just Patched Some Spooky Security Flaws

Avast Confirms It Tagged Google App as Malware on Android Phones

Samsung Galaxy Gets New Auto Blocker Anti-malware Feature


BiBi-Linux: Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware

Huawei, Vivo Phones Tag Google App as TrojanSMS-PA Malware

China Plans to Take ‘Hack-Proof’ Quantum Satellite Technology to New Heights

Biden Issues Executive Order on Safe, Secure AI

FTC Orders Non-Bank Financial Firms to Report Breaches in 30 Days

Hackers Accessed 632,000 Email Addresses at U.S. Justice, Defense Departments

Budget Cuts at CISA Could Affect Enterprise Cybersecurity

U.S. SEC Sues SolarWinds, Top Cyber Executive for Fraud

Google Chrome Now Auto-Upgrades to Secure Connections for All Users
Toronto Public Library Services Down Following Weekend Cyberattack

Dallas County (TX) Investigating ‘Cybersecurity Incident’ Months After City Ransomware Attack

Six Rivers Media (TN) Hit by Cyber-Attack Over the Weekend

New Hunters International Ransomware Possible Rebrand of Hive

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

RCE Exploit for Wyze Cam v3 Publicly Released, Patch Now

Google Promises a Rescue Patch for Android 14’s “Ransomware” Bug


N. Korean Lazarus Group Targets Software Vendor Using Known Flaws

Ukrainian Hackers Disrupt Internet Providers in Russia-Occupied Territories

UK National Cyber Security Centre Rolls Out Protective DNS for Schools

King Charles III Signs off on UK Online Safety Act, With Unenforceable Spying Clause

The Hunt for Crypto’s Most Famous Fugitive. ‘Everyone Is Looking for Me.’

Pirate IPTV Network in Austria Dismantled and $1.74 Million Seized

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

What Lurks in the Dark: Taking Aim at Shadow AI
Boeing Assessing Lockbit Hacking Gang Threat of Sensitive Data Leak

Stanford University Investigating Cyberattack After Ransomware Claims

Hackers Email Stolen Clark County School District (NV) Student Data to Parents

Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

Hackers Earn Over $1 Million for 58 Zero-Days at Pwn2Own Toronto

HackerOne Paid Ethical Hackers Over $300 Million in Bug Bounties

Android 14’s User-Profile Data Bug Seems Indistinguishable From Ransomware


France Says Russian State Hackers Breached Numerous Critical Networks

China Rushes to Swap Western Tech With Domestic Options as U.S. Cracks Down

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

YoroTrooper: Researchers Warn of Kazakhstan’s Stealthy Cyber Espionage Group

Humanity Could ‘Lose Control’ of AI, UK PM Warns, as Britain Seeks Leading Role in the Tech

UK Parliament Opens Inquiry into Cyber-Resilience

Oldham Council Facing 10,000 Cyber Attacks a Day, Report Says

Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware

Forget the Outside Hacker, the Bigger Threat Is Inside by the Coffee Machine

Nigerian Police Dismantle Cybercrime Recruitment, Mentoring Hub

Maine Mass Shooting Disinformation Floods Social Media as Suspect Remains at Large
Chilean Telecom Giant GTD Hit by the Rorschach Ransomware Gang

Akumin Files Notice of Data Breach with the Securities and Exchange Commission

Longhorn Imaging Center (TX) Data Breach Affects Patients’ Sensitive Medical Information

StripedFly Malware Framework Infects 1 Million Windows, Linux Hosts

Android Adware Apps on Google Play Amass Two Million Installs

Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw

Critical Flaw in NextGen’s Mirth Connect Could Expose Healthcare Data

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A and M-Series CPUs

Apple Drops Urgent Patch Against Obtuse TriangleDB iPhone Malware

ServiceNow Quietly Addresses Unauthenticated Data Exposure Flaw From 2015

Samsung Galaxy S23 Hacked Two More Times at Pwn2Own Toronto


Pro Russia Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers

LinkedIn Tests Generative AI to Field Cybersecurity Questions From Employees and Suppliers

Proton’s Password Manager Now Lets You Securely Share Logins

Amazon Launches European ‘Sovereign’ Cloud as EU Data Debate Rages

The AI-Generated Child Abuse Nightmare Is Here

States Sue Meta Alleging Harm to Young People on Instagram, Facebook

Cybersecurity Awareness Doesn’t Cut It; It’s Time to Focus on Behavior

Flipper Zero Can Now Spam Android, Windows Users With Bluetooth Alerts
Seiko “BlackCat” Data Breach: 60,000 Records on the Line

Fellowship Village (NJ) Files Notice of Recent Data Breach with the Federal Government

Malvertising Campaign Targets Brazil’s PIX Payment System with GoPIX Malware

Citrix Bleed Exploit Lets Hackers Hijack NetScaler Accounts

VMware Fixes Critical Code Execution Flaw in vCenter Server

Microsoft Tests Windows 11 Encrypted DNS Server Auto-Discovery

Windows 11 to Let Admins Mandate SMB Encryption for Outbound Connections

Samsung Galaxy S23 Hacked Twice on First Day of Pwn2Own Toronto


Hackers Backdoor Russian State, Industrial Orgs for Data Theft

Irish Cops Data Debacle Exposes Half a Million Motorist Records

1Password Detects Suspicious Activity Following Okta Support Breach

They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird.

Generative AI Can Save Phishers Two Days of Work

A Powerful Tool U.S. Spies Misused to Stalk Women Faces Its Potential Demise

A Controversial Plan to Scan Private Messages for Child Abuse Meets Fresh Scandal

Automakers and Suppliers Spar Over Car Data

Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia

Decentralized Matrix Messaging Network Says It Now Has 115M Users

RTX, the Company Formerly Known as Raytheon, to Sell Its Cybersecurity Business for $1.3B
Cyberattack on Health Services Provider TransForm Impacts 5 Canadian Hospitals

ASVEL Basketball Team Confirms Data Breach After Ransomware Attack

Hopewell Area School District (PA) Targeted by Ransomware Attack

Over 9,500 Bank of Canton Customers May Have Had Personal Information Exposed Due to Fiserv Breach

Ukraine Cyber Officials Warn of a ‘Surge’ in Smokeloader Attacks on Financial, Government Entities

New Grandoreiro Malware Variant Targets Spain

Meet Rhysida, a New Ransomware Strain That Deletes Itself

Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection

iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

VMware Warns Admins of Public Exploit for vRealize RCE Flaw

API Security Flaw Impacted Grammarly, Vidio and Bukalapak


Ukraine Security Services Involved in Hack of Russia’s Largest Private Bank

DC Elections Agency Warns Entire Voting Roll May Have Been Stolen

U.S. Energy Firm Shares How Akira Ransomware Hacked Its Systems

QNAP Takes Down Server Behind Widespread Brute-Force Attacks

Palestine Crypto Donation Scams Emerge Amid Israel-Hamas War

The Hamas Threat of Broadcasting Hostage Execution Videos Looms Large Over Social Media

Krebs: NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

Spain Arrests 34 Cybercriminals Who Stole Data of 4 Million People

Okta Cybersecurity Breach Wipes Out More Than $2 Billion in Market Cap

Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid
City of Philadelphia Discloses Data Breach After Five Months

University of Michigan Employee, Student Data Stolen in Cyberattack

Cyber Attacks Hit NY State Casino Operation, Two Hudson Valley Hospitals

Orange County DA’s Office Hit by Computer Breach; Communications System Taken Down

Cadre Services (WI) Targeted in Ransomware Attack; Hackers Leak Stolen Data, Including SSNs

DoNot Team’s New Firebird Backdoor Hits Pakistan and Afghanistan

QuasarRAT Deploys Advanced DLL Side-Loading Technique

Cisco Patches IOS XE Zero-Days Used to Hack Over 50,000 Devices

Citrix Warns Admins to Patch NetScaler CVE-2023-4966 Bug Immediately

Google Chrome’s New “IP Protection” Will Hide Users’ IP Addresses


Krebs: Hackers Stole Access Tokens from Okta’s Support Unit

International Criminal Court Systems Breached for Cyber Espionage

New TetrisPhantom Hackers Steal Data From Secure USB Drives on Gov’t Systems

DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals

Irish-Linked Spyware Used in Brazen Attacks

Cyberattacks Intensify on Israeli and Palestinian Human Rights Groups

The Dangerous Mystery of Hamas’ Missing ‘Suicide Drones’

ENISA Warns of Rising AI Manipulation Ahead of Upcoming European Elections

Ragnar Locker Ransomware Developer Arrested in France

20 Years Of Cybersecurity Awareness Month: Leveling Up The Basics

How an Explosion of ‘Smart’ Devices Is Threatening U.S. Households — And National Security

Microsoft Announces Security Copilot Early Access Program
Kwik Trip Finally Confirms Cyberattack Was Behind Ongoing Outage

American Family Insurance Confirms Cyberattack Is Behind IT Outages

PennyMac Files Notice of Data Breach That Leaked Thousands of SSNs

Fake Corsair Job Offers on LinkedIn Push DarkGate Malware

ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

Cisco Discloses New IOS XE Zero-Day Exploited to Deploy Malware Implant

Over 40,000 Cisco IOS XE Devices Infected with Backdoor Using Zero-Day

Number of Hacked Cisco IOS XE Devices Plummets From 50K to Hundreds

Critical RCE Flaws Found in SolarWinds Access Audit Solution


Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign

Cyberspace Has No Boundaries — That’s Why Global Cooperation on Security Is Crucial: UK Official

Amazon, Microsoft, and India Crack Down on Tech Support Scams

Republican Congressman Says Labor Crunch Biggest Threat to U.S. Cybersecurity

QR Codes Used in 22% of Phishing Attacks

U.S. Charge Man With Running Stolen Credentials Marketplace

Europol Knocks RagnarLocker Offline in Second Major Ransomware Bust This Year

Valve Enhances Steam Security With SMS Verification
Casio Keyed up After Data Loss Hits Customers in 149 Countries

Data Breach Hits Saint Louis University Students and Employees, School Says

Atlas Healthcare Confirms Recent Data Breach Affecting Residents’ Social Security Numbers

Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies

Fake KeePass Site Uses Google Ads and Punycode to Push Malware

BlackCat Ransomware Uses New ‘Munchkin’ Linux VM in Stealthy Attacks

Hacker Group GhostSec Unveils New Generation Ransomware Implant

Microsoft Extends Purview Audit Log Retention After July Breach


Ukraine Says Joint Mission With U.S. Derailed Moscow’s Cyberattacks

Google Links WinRAR Exploitation to Russian, Chinese State Hackers

Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms

Twitter Glitch Allows CIA Informant Channel to Be Hijacked

Federal Cyber Chief Tells Agencies to Tap Brakes on AI

AI Adoption Surges But Security Awareness Lags Behind

Krebs: The Fake Browser Update Scam Gets a Makeover

Google Bulks up Android’s Malware Defenses to Combat New Tricks, Including AI: Play Protect

Dutch Consumer Group Sues Amazon Over Data Tracking

FBI: Hackers Are Extorting Plastic Surgery Patients

Ex-Navy IT Head Gets 5 Years for Selling People’s Data on Darkweb
Ukrainian Activists Hack Trigona Ransomware Gang, Wipe Servers

Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps

North Korean Hackers Lazarus and Andariel Exploit Critical TeamCity Flaw to Breach Networks

MATA Malware Framework Exploits EDR in Attacks on Defense Firms

Hacker Leaks Millions of New 23andMe Genetic Data Profiles

Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign

New Admin Takeover Vulnerability Exposed in Synology’s DiskStation Manager

What CISOs Should Exclude From SEC Cybersecurity Filings

Major Cyber Attack Could Cost the World $3.5 Trillion -Lloyd’s of London


TetrisPhantom: Persistent Espionage Campaign Targets APAC Governments

Ransomware Comes Back in Vogue for Cybercriminals

Fake Browser Updates Used in Malware Distribution

Huge Increase in ‘Spear Phishing’ Ever Since ChatGPT’s Rise, Says Japanese Cybersecurity Firm

Google Password Manager Could Ease Your Transition to Passkeys

Amazon Quietly Rolls Out Support for Passkeys, With a Catch

Over 40,000 Admin Portal Accounts Use ‘Admin’ as a Password

Insiders Say X’s Crowdsourced Anti-Disinformation Tool Is Making the Problem Worse

Krebs: Tech CEO Sentenced to 5 Years in IP Address Scheme

New Calculator Aims to Measure Companies’ Cyberattack Damages
Chilean Government Warns of Black Basta Ransomware Attacks After Customs Incident

D-Link Confirms Data Breach After Employee Phishing Attack

KwikTrip All but Says IT Outage Was Caused by a Cyberattack

Crum & Forster Notifies Nearly 14k Consumers of Recent Data Breach Leaking Their SSNs

SpyNote Android Malware Spreads via Fake Volcano Eruption Alerts

Malicious Notepad++ Google Ads Evade Detection for Months

Over 10,000 Cisco Devices Hacked in IOS XE Zero-Day Attacks

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software

Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers


Russian Sandworm Hackers Breached 11 Ukrainian Telcos Since May

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

BLOODALCHEMY Provides Backdoor to Southeast Asian nations’ Secrets

Fake ‘RedAlert’ Rocket Alert App for Israel Installs Android Spyware

Healthcare Sector Warned About New Ransomware Group NoEscape

Your Organization Has Suffered a Data Incident: Now Here Are the Regulators It Will Likely Encounter

Deepfake Porn Is Out of Control

WhatsApp Turns on Passwordless Logins With Passkeys for Android Users

What the Hollywood Writers Strike Resolution Means for Cybersecurity
We’re Not in e-Kansas Anymore: State Courts Reel From ‘Unauthorized Incursion’

Taylored Services Parent Co Cyber Attack and Possible Data Breach Affects Current and Former Employees

Henry Schein Announces Data Breach

SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

Discord Still a Hotbed of Malware Activity — Now APTs Join the Fun

Hackers Exploit Critical Flaw in WordPress Royal Elementor Plugin

CISA, FBI Urge Admins to Patch Atlassian Confluence Immediately

Cisco Warns of New iOS XE Zero-Day Actively Exploited in Attacks

Signal Disputes Alleged Zero-Day Flaw


Billboards in Israel Were Briefly Hacked to Display Pro-Hamas Messages as Cyberwar Ramps Up

New PEAPOD Cyberattack Campaign Targeting Women Political Leaders

Women Political Leaders Summit Targeted in Romcom Malware Phishing

AI algorithm Detects MitM Attacks on Unmanned Military Vehicles

Chinese Embassy Criticizes Costa Rica for 5G Company Restrictions

UK Regulator Fines Equifax £11m for 2017 Data Breach

Security Pros Warn That EU’s Vulnerability Disclosure Rule Is Risky

Australia Fines X, Formerly Twitter, for Not Answering Questions on Child Abuse Content
Hackers Hit Aid Groups Responding to Israel and Gaza Crisis

Kwik Trip IT Systems Outage Caused by Mysterious ‘Network Incident’

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

Hackers Use Binance Smart Chain Contracts to Store Malicious Scripts

CISA Shares Vulnerabilities, Misconfigs Used by Ransomware Gangs

Steam Enforces SMS Verification to Curb Malware-Ridden Updates

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication


Chinese APT ToddyCat Targets Asian Telecoms, Governments

Israel Sees Cyber Incursions Across Digital Systems

Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack

Everest Ransomware Cybercriminals Offer Corporate Insiders Cold, Hard Cash for Remote Access

Shadow PC Warns of Data Breach as Hacker Tries to Sell Gamers’ Info

The Cyberwar Between the East and the West Goes Through Africa

New Clues Suggest Stolen FTX Funds Went to Russia-Linked Money Launderers

AMC CEO Was Target of Blackmail and Extortion Plot

California Enacts “Delete Act” For Data Privacy
Malicious NuGet Package Targeting .NET Developers with SeroXen RAT

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

Ransomware Attacks Now Target Unpatched WS_FTP Servers

Ransomware Victims Continue to Pay Up, While Bracing for AI-Enhanced Attacks

Hyped up Curl Vulnerability Falls Short of Expectations

Apple Fixes iOS Kernel Zero-Day Vulnerability on Older iPhones

New Microsoft Bug Bounty Program Focuses on AI-Powered Bing

6 Simple Cybersecurity Rules You Can Apply Now


Initial U.S. Intelligence Suggests Iran Was Surprised by the Hamas Attack on Israel

Gaza Conflict: How Israeli Cybersecurity Will Respond

Israelis Form Citizen Cyber Brigades Amid Mounting Digital Attacks

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

U.S. Navy Sailor Pleads Guilty to Accepting $15,000 in Bribes From China

U.S. Government Issues Open-Source Security Guidance for Critical Infrastructure

SEC is Investigating MOVEit Mass-Hack, Says Progress Software

The UN Risks Normalizing Internet Censorship

Microsoft Defender Now Auto-Isolates Compromised Accounts
Simpson Manufacturing Shuts Down IT Systems After Cyberattack

West Texas Gas Files Notice of Data Breach Affecting Over 56,000 People

BianLian Extortion Group Claims Recent Air Canada Breach

LinkedIn Smart Links Attacks Return to Target Microsoft Accounts

U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability

CD-Indexing Cue Files Are the Core of a Serious Linux Remote Code Exploit

New WordPress Backdoor Creates Rogue Admin to Hijack Websites

Krebs: Patch Tuesday, October 2023 Edition

From Chaos to Cadence: Celebrating Two Decades of Microsoft’s Patch Tuesday


Israel Was Prepared for a Different War

Iran’s Khamenei Lauds Hamas Attack on Israel, Again Denies Involvement

Israeli Startup Community, at Home and Abroad, Prepares to Fight

New Threat Actor “Grayling” Blamed For Espionage Campaign

Cloudflare, Google, and Amazon Explain What’s Behind the Largest DDoS Attacks Ever

Krebs: Phishers Spoof USPS, 12 Other Natl’ Postal Services

Google Begins Prompting Users to Create Passwordless Passkeys by Default

AI Isn’t Just About Risk, Says Splunk’s Cyber Chief

New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise

Arctic Wolf Acquires Cybersecurity Automation Platform Revelstoke
Air Europa Data Breach: Customers Warned to Cancel Credit Cards

ALPHV Ransomware Gang Claims Attack on Florida Circuit Court

Walmart, Inc. Files Notice of Data Breach Indicating Over 85k Victims

Community First Medical Center In Portage Park (IL) Suffers Large-Scale Data Breach

IZ1H9 Botnet Targets IoT Devices With New Exploits

D-Link WiFi Range Extender Vulnerable to Command Injection Attacks

New Critical Citrix NetScaler Flaw Exposes ‘Sensitive’ Data

Microsoft October 2023 Patch Tuesday Fixes 3 Zero-Days, 104 Flaws

Microsoft Exchange Gets ‘Better’ Patch to Mitigate Critical Bug

Microsoft to Kill Off VBScript in Windows to Block Malware Delivery


Vietnam Agents Tried to Plant Spyware on Phones of U.S. Lawmakers and Journalists: Probe

Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors

Hacktivist Attacks Erupt in Middle East Following Hamas Assault on Israel

X, Formerly Twitter, Amplifies Disinformation Amid the Israel-Hamas Conflict

Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

HelloKitty Ransomware Source Code Leaked on Hacking Forum

Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist

DOJ: Ex-Soldier Tried to Pass Secrets to China After Seeking a ‘Subreddit About Spy Stuff’

Cybersecurity Talent in America: Bridging the Gap
Datacenter Cabling Biz Volex Confirms Digital Break-in

Hackers Modify Online Stores’ 404 Pages to Steal Credit Cards

Hackers Hijack Citrix NetScaler Login Pages to Steal Credentials

PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS

Over 17,000 WordPress Sites Hacked in Balada Injector Attacks Last Month

GNOME Linux Systems Exposed to RCE Attacks via File Downloads

High-Severity Flaws in ConnectedIO’s 3G/4G Routers Raise Concerns for IoT Security

Security Patch for Two New Flaws in Curl Library Arriving on October 11

Navigating the Patchwork of U.S. Privacy and Cybersecurity Laws: Summer 2023 Regulatory Updates


Israel at War With Hamas After Unprecedented Attacks

Israel’s Security Forces Face Questions After Hamas Attack

Israel’s Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance

Iran Helped Plot Attack on Israel Over Several Weeks

Israel’s Government, Media Websites Hit With Cyberattacks

Ukraine Cyber-Conflict: Hacking Gangs Vow to De-Escalate

Apple’s Encryption Is Under Attack by a Mysterious Group

Snap AI Chatbot Investigation Launched in UK Over Teen-Privacy Concerns

FTC Warns of ‘Staggering’ Losses to Social Media Scams Since 2021

MGM Didn’t Pay Up After Hackers Broke Into Its System and Stole Customer Data

MGM Resorts Ransomware Attack Led to $100 Million Loss, Data Theft

Bounty Offered for Secret NSA Seeds Behind NIST Elliptic Curves Algo
North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency

Host of EU Summit Spain Target of DDoS Cyberattacks

D.C. Board of Elections Confirms Voter Data Stolen in Site Hack

Hackers Are Selling the Data of Millions Lifted From 23andMe’s Genetic Database

CDW Data to Be Leaked Next Week After Negotiations With LockBit Break Down

Florida Circuit Court Pauses Many Proceedings Following Cyberattack

Lyca Mobile Says Customer Data Was Stolen During Cyberattack

Third Flagstar Bank Data Breach Since 2021 Affects 800,000 Customers

Supermicro’s BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities

GitHub’s Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack

Microsoft 365 Admins Warned of New Google Anti-spam Rules


China-Linked Cyberspies Backdoor Semiconductor Firms With Cobalt Strike

China Poised to Disrupt U.S. Critical Infrastructure with Cyber-Attacks, Microsoft Warns

Hackers With AI Are Harder to Stop, Microsoft Says

South Korea Accuses North of Phish and Ships Attack

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

CISA and NSA Tackle IAM Security Challenges in New Report

NSA and CISA Reveal Top 10 Cybersecurity Misconfigurations

U.S. Government Proposes SBOM Rules for Contractors

Court Rules in Favor of Auto-Repair Companies in Car-Data Dispute

Blackbaud Settles Data Breach With 49 States, DC for $50 Million

Lorenz Ransomware Crew Bungles Blackmail Blueprint by Leaking Two Years of Contacts
Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack

GoldDigger Android Trojan Drains Victim Bank Accounts

Analysis and Config Extraction of Lu0Bot, a Node.js Malware with Considerable Capabilities

QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks

CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities

Critical Glibc Bug Puts Linux Distributions at Risk

Amazon to Make MFA Mandatory for ‘Root’ AWS Accounts by Mid-2024

Beyond Cybersecurity Awareness Month: Finding A Signal In The Noise

Could Cybersecurity Breaches Become Harmless in the Future?

Zero-Days for Hacking WhatsApp Are Now Worth Millions of Dollars


LightSpy iPhone Spyware Linked to Chinese APT41 Group

Red Cross Issues Wartime Hacktivist Rules

Badbox & Peachpit: Your Cheap Android TV Streaming Box May Have a Dangerous Backdoor

Police Issue “Quishing” Email Warning

The Team Helping Women Fight Digital Domestic Abuse

BlackBerry to Separate IoT and Cybersecurity Businesses, Plans IPO

Clorox Says Sales and Profit Took a Big Hit From Cyberattack

A Tool to Help Boards Measure Cyber Resilience

How to Measure Patching and Remediation Performance

Patch Confusion for Critical Exim Bug Puts Email Servers at Risk — Again
Sony Confirms Data Breach Impacting Thousands in the U.S.

Lyca Mobile Suffers Cyber Attack, Investigating Ransomware Possibility

Weather Network Says Ransomware Attack Caused Website and App Outages in September

Hundreds of Malicious Python Packages Found Stealing Sensitive Data

Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack

Atlassian Patches Critical Confluence Zero-Day Exploited in Attacks

Cisco Fixes Hard-Coded Root Credentials in Emergency Responder

Apple Emergency Update Fixes New Zero-Day Used to Hack iPhones


NATO Says It Is Addressing an Apparent Cyberattack After Strategy Documents Posted Online

Federal Appeals Court Extends Limits on Biden Admin Comms With Social Media Companies to Top U.S. Cyber Agency

Predator Spyware Linked to Madagascar’s Government Ahead of Presidential Election

NSA Establishes AI Security Center

Companies Want to Spend More on AI to Defeat Hackers, but There’s a Catch

Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot

Upstream Supply Chain Attacks Triple in a Year

Improving Cybersecurity With AWS’s Threat Intelligence Honeypot System

Google Is Making It Harder for Bulk Senders to Fill Your Gmail With Spam

EvilProxy Uses Indeed.com Open Redirect for Microsoft 365 Phishing

FBI Most-Wanted Russian Hacker Reveals Why He Burned His Passport
Rock County (WI) Dealing With Ransomware Attack on Public Health Department

Ragnar Ransomware Gang Posts 30GB of Data It Claims Belongs to Victorian Network Pacific Real Estate

Richmond-Based Freight Transport Company Estes Express Lines Experiences Cyberattack

Metro Transit (MO) Steadily Recovering From Cyber Attack

Greater Dallas Healthcare Enterprises Data Breach Affects Patients’ Medical Info

FortiGuard Uncovers Deceptive Install Scripts in npm Packages

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

New ‘Looney Tunables’ Linux Bug Gives Root on Major Distros

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Microsoft Edge, Teams Get Fixes for Zero-Days in Open-Source Libraries


KillNet Claims DDoS Attack Against Royal Family Website

Nearly 100,000 Industrial Control Systems Exposed to the Internet

Krebs: Don’t Let Zombie Zoom Links Drag You Down

AI-Generated Phishing Emails Almost Impossible to Detect, Report Finds

FBI Warns of Surge in ‘Phantom Hacker’ Scams Impacting Elderly

Cybersecurity Awareness Month Celebrates 20 Years

Cybersecurity Professional Job-Satisfaction Realities for National Cybersecurity Awareness Month

Microsoft Defender No Longer Flags Tor Browser as Malware

Yes, Singapore Immigration Plans to Scan Your Face Instead of Your Passport

Norway Urges Europe-Wide Ban on Meta’s Targeted Ad Data Collection
Motel One Discloses Data Breach Following Ransomware Attack

India’s National Logistics Portal Exposed Sensitive Personal Data, Trade Records

Fauquier County Public Schools (VA) Open Despite LockBit Ransomware Attack

BunnyLoader Malware Targets Browsers and Cryptocurrency

Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses

Ransomware Gangs Now Exploiting Critical TeamCity RCE Flaw

Exploit Available for Critical WS_FTP Bug Exploited in Attacks

OpenRefine’s Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

Exim Patches Three of Six Zero-Day Bugs Disclosed Last Week


North Korean Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm

Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

Russian Company Offers $20M for Non-NATO Mobile Exploits

Krebs: A Closer Look at the Snatch Data Ransom Group

Phishing, Smishing Surge Targets U.S. Postal Service

Amazon Sends Mastercard, Google Play Gift Card Order Emails by Mistake

Discord Is Investigating Cause of ‘You Have Been Blocked’ Errors

How to Tell When Your Phone Will Stop Getting Security Updates

How to Stop Google Bard From Storing Your Data and Location

Cybersecurity Budgets Grow, But at a Slower Pace

ShinyHunters Member Pleads Guilty to $6 Million in Data Theft Damages

UK PhD Student Guilty of 3D-Printing ‘Kamikaze’ Drone for Islamic State Terrorists
Royal Family Website ‘Targeted in Russian Cyber Attack’

Large Michigan Healthcare Provider McLaren Confirms Ransomware Attack

Tahoe Forest Hospital District (CA) Notifies Patients of Data Breach

Pinal County Schools (AZ) Affected by Ransomware Attack

Cloudflare DDoS Protections Ironically Bypassed Using Cloudflare

Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar

Meet LostTrust Ransomware — A likely Rebrand of the MetaEncryptor Gang

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

Exploit Released for Microsoft SharePoint Server Auth Bypass Flaw

Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

People Still Matter in Cybersecurity Management