4/28/2025

Uyghur Diaspora Group Targeted with Remote Surveillance Malware

Iran Repelled Large Cyber Attack on Sunday

Donald Trump: “I Would Frankly Tell These People Not to Use Signal”

Car Subscription Features Raise Your Risk of Government Surveillance, Police Records Show

iOS and Android Juice Jacking Defenses Have Been Trivial to Bypass for Years

Half of Mobile Devices Run Outdated Operating Systems

Deep-Pocketed Investors Make Startups a Target for Hackers

Palo Alto Networks Acquiring Protect AI to Boost Artificial Intelligence Tools

Cybersecurity CEO Accused of Running Malware on Hospital PC Blabs About It on LinkedIn

Government Set to Ban SIM Farms in European First

Cloudflare Mitigates Record Number of DDoS Attacks in 2025
Ukrainian State and Banking Services Restored After Data Center Outage

Hitachi Vantara Takes Servers Offline After Akira Ransomware Attack

Marks & Spencer Breach Linked to Scattered Spider Ransomware Attack

Media Firm Urban One Confirms Data Breach After Cybercriminals Claim February Attack

VeriSource Now Says February Data Breach Impacts 4 Million People

Portugal’s REN Says No Sign Blackout Caused by Cyberattack

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Kali Linux Warns of Update Failures After Losing Repo Signing Key

How to Survive as a CISO aka ‘Chief Scapegoat Officer’

4/25-27/2025

FBI Seeks Help to Unmask Salt Typhoon Hackers Behind Telecom Breaches

Ex-CISA Boss Chris Krebs Says Trump Actions Risk ‘Dangerously Degrading’ U.S. Cyber Defenses

Easterly Calls for United Front Against ‘Politicizing’ of the Cyber Industry

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Popular LLMs Found to Produce Vulnerable Code by Default

Sam Altman: AI Privacy Safeguards Can’t Be Established Before ‘Problems Emerge’

Receiving Odd Texts for Someone Else? Rise of ‘Wrong Number’ Messages Is New Payday for Scammers

Coinbase Fixes 2FA Log Error Making People Think They Were Hacked

Brave’s Cookiecrumbler Tool Taps Community to Help Block Cookie Notices

Windows “Inetpub” Security Fix Can Be Abused to Block Future Updates

Ex-Disney Worker Who Hacked Menus Gets 3 Years in Prison
Mobile Provider MTN Says Cyberattack Compromised Customer Data

Marks & Spencer Pauses Online Orders After Cyberattack

Nearly 500,000 Impacted by 2023 Cyberattack on Long Beach, California

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

DragonForce Expands Ransomware Model With White-Label Branding Scheme

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

WooCommerce Admins Targeted by Fake Security Patches That Hijack Sites

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Hackers Abuse OAuth 2.0 Workflows to Hijack Microsoft 365 Accounts

Craft CMS RCE Exploit Chain Used in Zero-Day Attacks to Steal Data

SAP Fixes Critical Vulnerability After Evidence of Exploitation

4/24/2025

North Korean Cyber Spies Created U.S. Firms, and Blocknovas and Softglide, to Dupe Crypto Developers

Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

Gmail’s New Encrypted Messages Feature Opens a Door for Scams

South Korea Says DeepSeek Transferred User Data to China and the U.S. Without Consent

UK Bans Export of Video Game Controllers to Russia to Hinder Attack Drone Pilots
Cyberattack Hits Drinking Water Supplier in Spanish Town Near Barcelona

SSNs and More on 5.5M+ Patients Feared Stolen From Yale Health

Frederick Health Data Breach Impacts Nearly 1 Million Patients

Interlock Ransomware Claims DaVita Attack, Leaks Stolen Data

ELENOR-corp Ransomware Targets Healthcare Sector

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Highest-Risk Security Flaw Found in Commvault Backup Solutions

Navigating Regulatory Shifts & AI Risks

4/23/2025

FTC’s Holyoak Says Agency Will Avoid ‘Excessive Regulation’ of AI Development

Cloudflare: Government-Backed Internet Shutdowns Plummet to Zero in First Quarter

FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024

Ransomware Gangs Innovate With New Affiliate Models

Verizon’s DBIR Reveals 34% Jump in Vulnerability Exploitation

Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors

Krebs: DOGE Worker’s Code Supports NLRB Whistleblower

The Tech That Safeguards the Conclave’s Secrecy

WhatsApp Now Lets You Block People From Exporting Your Entire Chat History

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Cybersecurity Startup Chainguard Almost Triples Valuation to $3.5 Billion After Fundraise
Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign

Blue Shield of California Leaked Health Data of 4.7 Million Members to Google

Thousands of Baltimore Students, Teachers Affected by Data Breach Following February Ransomware Attack

Active! Mail RCE Flaw Exploited in Attacks on Japanese Orgs

ASUS Releases Fix for AMI Bug that Lets Hackers Brick Servers

The Foundations of a Resilient Cyber Workforce

EU Fines Apple €500 Million and Meta €200 Million for Breaking Digital Market Rules

4/22/2025

Russia Is Ramping up Hybrid Attacks Against Europe, Dutch Intelligence Says

Billbug Espionage Group Deploys New Tools in Southeast Asia

Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

Whistleblower: DOGE Siphoned NLRB Case Data (Krebs)

DeepSeek Breach Opens Floodgates to Dark Web

Microsoft Reports 92% Adoption Rate for Phishing-Resistant MFA Among Corporate Users

Beware of Video Call Links That Are Attempts to Steal Microsoft 365 Access, Researchers Tell NGOs

RIP, Google Privacy Sandbox
SK Telecom Warns Customer USIM Data Exposed in Malware Attack

Marks & Spencer Confirms Cybersecurity Incident Amid Ongoing Disruption

Ripple’s Recommended XRP Library xrpl.js Hacked to Steal Wallets

New Cryptojacking Malware Targets Docker with Novel Mining Technique

Cookie-Bite Attack PoC Uses Chrome Extension to Steal Session Tokens

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

4/21/2025

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Today’s LLMs Craft Exploits From Patches at Lightning Speed

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

How to Protect Yourself From Phone Searches at the U.S. Border

Southeast Asian Cyber Fraud Industry at ‘Inflection Point’ as It Expands Globally

Two Top Cyber Officials Resign From CISA
Abilene (TX) Takes Systems Offline After Cyberattack

‘Fog’ Hackers Troll Victims With DOGE Ransom Notes

‘Elusive Comet’ Attackers Use Zoom to Swindle Victims

Japan Warns of Hundreds of Millions of Dollars in Unauthorized Trades From Hacked Accounts

WordPress Ad-Fraud Plugins Generated 1.4 Billion Ad Requests per Day

Microsoft Entra Account Lockouts Caused by User Token Logging Mishap

4/18-20/2025

U.S. Will Keep Helping Taiwan in Its Self-Defence, Senator Says in Taipei

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Dems Fret Over Doge Feeding Sensitive Data Into Random AI

ICE Is Paying Palantir $30 Million to Build ‘Immigrationos’ Surveillance Platform

Chase Is Suing More Customers for Stealing Money Last Year Using the Viral TikTok ‘Money Hack’

Airport Retailer Paradies Shops Agrees to $6.9 Million Settlement Over Ransomware Data Breach

Could Ransomware Survive Without Cryptocurrency?

Alleged SmokeLoader Malware Operator Facing Federal Charges in Vermont

Trump Is Shifting Cybersecurity to the States, but Many Aren’t Prepared

If Boards Don’t Fix Operational Technology (OT) Security, Regulators Will
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

New Android Malware Steals Your Credit Cards for NFC Relay Attacks

New Payment-Card Scam Involves a Phone Call, Some Malware and a Personal Tap

Phishers Abuse Google OAuth to Spoof Google in DKIM Replay Attack

Interlock Ransomware Gang Pushes Fake IT Tools in ClickFix Attacks

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

Critical Erlang/OTP SSH RCE Bug Now Has Public Exploits, Patch Now

ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware

Widespread Microsoft Entra Lockouts Tied to New Security Feature Rollout

4/17/2025

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops

Stormont Asks Cyber Security Police to Investigate Fake Rates Website

New Jersey Sues Discord for Allegedly Failing to Protect Children

Cybersecurity Startup Exaforce Raises $75 Million

Airport Retailer Agrees to $6.9 Million Settlement Over Ransomware Data Breach
Entertainment Services Giant Legends International Discloses Data Breach

Ahold Delhaize Confirms Data Theft After INC Ransomware Claims Attack

Mayor of Fall River (MA) Confirms School System Was Hit with a Ransomware Attack

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

NTLM Hash Exploit Targets Poland and Romania Days After Patch

Chrome Extensions With 6 Million Installs Have Hidden Tracking Code

CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

Cybersecurity by Design: When Humans Meet Technology

4/16/2025

Brian Krebs: Funding Expires for Key Cyber Vulnerability Database

Trump Administration Decides to Fund CVE Cybersecurity Tracker After All

Last-Minute Funding Uncertainty for Key Cyber Program Spooks Industry

Former Trump Official Chris Krebs Targeted With Government Probe Vows to Fight

Ex-CISA Chief Chris Krebs Leaving SentinelOne Following Trump Pressure

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

92% of Mobile Apps Found to Use Insecure Cryptographic Methods

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

Chinese Firm Tied to Uyghur Rights Abuses Now Training Tibet Police on Hacking Techniques
China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses

Researchers Uncover Social Media Harassment Campaign Targeting Thai Dissidents Since 2020

Jira Down: Atlassian Users Experiencing Degraded Performance

CISA Warns of Potential Data Breaches Caused by Legacy Oracle Cloud Leak

Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins

New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks

Over 16,000 Fortinet Devices Compromised With Symlink Backdoor

New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs

Apple Fixes Two Zero-Days Exploited in Targeted iPhone Attacks

4/15/2025

China Names Alleged U.S. Snoops Over Asian Winter Games Attacks

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

Trade War Raises Cyber Stakes With China

The CVE Program for Tracking Security Flaws Is About to Lose Federal Funding

EU Confirms Issuing ‘Burner Phones’ to Top Officials but Denies Practice Caused by Trump

Krebs: Trump Revenge Tour Targets Cyber Leaders, Elections

Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI

ChatGPT 4.1 Early Benchmarks Compared Against Google Gemini

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Android Phones Will Soon Reboot if They’re Locked for a Few Days

LabHost Phishing Mastermind Sentenced to 8.5 Years
4Chan’s ‘Cesspool of the Internet’ Is Down After Apparently Being Hacked

Suspected 4Chan Hack Could Expose Longtime, Anonymous Admins

Federal Employee Alleges DOGE Activity Resulted in Data Breach at Labor Board

Landmark Admin Data Breach Impact Now Reaches 1.6 Million People

Midnight Blizzard Deploys New Grapeloader Malware in Embassy Phishing

North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers

Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

Microsoft Blocks ActiveX by Default in Microsoft 365, Office 2024

Are We Prioritizing the Wrong Security Metrics?

4/14/2025

Taiwan Charges Chinese Ship Captain With Breaking Subsea Cables

Chinese Police Ensnaring Tibetans Over Phone and Internet Activity, Human Rights Watch Says

The Most Dangerous Hackers You’ve Never Heard Of

TraderTraitor: The Kings of the Crypto Heist

Prodaft Offers “No Judgment” Deal to Buy Dark Web Accounts from Cybercrime Forum Users

U.S. Blocks Foreign Governments from Acquiring Citizen Data

Meta to Resume AI Training on Content Shared by Europeans

OpenAI’s GPT-4.1, 4.1 nano, and 4.1 mini Models Release Imminent

Hackers Using AI-Produced Audio to Impersonate Tax Preparers, IRS

Silicon Valley Crosswalk Buttons Hacked to Imitate Musk, Zuckerberg’s Voices
Dialysis Firm DaVita Hit by Ransomware Attack, Says Patient Care Continues

Hertz Says Customers’ Personal Data and Driver’s Licenses Stolen in Data Breach

Insurance Firm Lemonade Says Breach Exposed Driver’s License Numbers

Govtech Giant Conduent Confirms Client Data Stolen in January Cyberattack

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

New Malware ResolverRAT Targets Healthcare and Pharma Sectors

That Groan You Hear Is Users’ Reaction to Recall Going back Into Windows

New SSL/TLS Cert to Live No Longer Than 47 Days by 2029

40 More Student Athletes Sue Against University of Michigan After Matt Weiss Cyber Hack

4/11-13/2025

In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

Google Cloud: China Achieves “Cyber Superpower” Status

LLMs Can’t Stop Making up Software Dependencies and Sabotaging Everything

Leak Confirms OpenAI’s GPT 4.1 is Coming Before GPT 5.0

Google’s AI Video Generator Veo 2 Is Rolling out on AI Studio

Tycoon2FA Phishing Kit Targets Microsoft 365 with New Tricks

Microsoft Defender Will Isolate Undiscovered Endpoints to Block Attacks

UnitedHealth Group Sends Demands for Hack Loan Repayments

Why Data Privacy Isn’t the Same as Data Security

Ten Things to Know about the European Union’s New Product Liability Directive

NVD Revamps Operations as Vulnerability Reporting Surges
Morocco Investigates Major Data Breach Allegedly by Algerian Hackers

Laboratory Services Cooperative Exposed Health Data of 1.6 Million People

Western Sydney University Discloses Security Breaches, Data Leak

Ransomware Attack Cost IKEA Operator in Eastern Europe $23 Million

Researchers Warn About ‘Goffee’ Spilling Onto Russian Flash Drives

SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit

Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems

Chrome 136 Fixes 20-Year Browser History Privacy Risk

Microsoft: Windows ‘Inetpub’ Folder Created by Security Fix, Don’t Delete

4/10/2025

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

Infosec Experts Fear China Could Retaliate Against Tariffs With a Typhoon Attack

Krebs: China-based SMS Phishing Triad Pivots to Banks

Cybersecurity Industry Falls Silent as Trump Turns Ire on SentinelOne

Trump Administration Planning Major Workforce Cuts at CISA

Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America

Operation Endgame Continues with Smokeloader Customer Arrests

OpenAI Wants ChatGPT to ‘Know You Over Your Life’ With New Memory Update

ChatGPT’s o4-mini, o4-mini-high and o3 Spotted Ahead of Release

Sweden Arrests Senior Uyghur Representative on Suspicion of Spying for China
U.S. Sensor Giant Sensata Admits Ransomware Derailed Ops

Oregon’s Environmental Agency Shuts Down Network After Cyberattack

South African Telecom Provider Cell C Serving 7.7 Million Confirms Data Leak Following Cyberattack

90 Degree Benefits (AL) Provides Notice of Data Breach

New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner

SpyNote Malware Targets Android Users with Fake Google Play Pages

Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses

Hackers Exploit WordPress Plugin Auth Bypass Hours After Disclosure

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Using Post-Quantum Planning to Improve Security Hygiene

4/9/2025

Western Intelligence Agencies Warn Spyware Threat Targeting Taiwan, Tibetan Rights Advocates

U.S. Senator Wyden Announces Hold on Trump Cyber Nominee, Citing Telecom ‘Cover-Up’

Precision-Validated Phishing Elevates Credential Theft Risks

Ransomware Attacks Hit All-Time High as Payoffs Dwindle

Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots

OpenAI Helps Spammers Plaster 80,000 Sites With Messages That Bypassed Filters

Police Detains Smokeloader Malware Customers, Seizes Servers

Data Privacy Regulators Lobby Lawmakers to Not Draft Federal Legislation Preempting State Laws

As Spyware Market Continues to Expand, Diplomatic Pall Mall Process Hits a Pivot Point
Ukraine’s Railways Restore Half of IT Services Hit by Cyber Attack So Far

Germany Links Cyberattack on Research Group to Russian State-Backed APT29 Hackers

Oracle Says “Obsolete Servers” Hacked, Denies Cloud Breach

Hackers Target SSRF Bugs in EC2-Hosted Sites to Steal AWS Credentials

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware

CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks

Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered

Krebs: Patch Tuesday, April 2025 Edition

Google Takes on Cursor With Firebase Studio, Its AI Builder for Vibe Coding

4/8/2025

U.S. Financial Regulator Office of the Comptroller of the Currency (OCC) Says Email Hack Exposed Sensitive Data on Banks

Hackers Lurked in Treasury OCC’s Systems Since June 2023 Breach

Canada Says China-Linked Information Campaign Spreading False Narratives About Prime Minister

To Tackle Espionage, Dutch Government Plans to Screen University Students and Researchers

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

Scattered Spider Stops the Rickrolls, Starts the RAT Race

Don’t Open that JPEG in WhatsApp for Windows. It Might Be An .EXE

WhatsApp Flaw Can Let Attackers Run Malicious Code on Windows PCs

Musk’s DOGE Using AI to Snoop on U.S. Federal Workers, Sources Say

EncryptHub’s Dual Life: Cybercriminal vs Windows Bug-Bounty Researcher
Czech Prime Minister Says His X Account Was Hacked ‘From Abroad’

Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings

Veristat Files Notice of Data Breach Affecting Consumers’ Social Security Numbers

New Mirai Botnet Behind Surge in TVT DVR Exploitation

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

AWS Rolls Out ML-KEM to Secure TLS From Quantum Threats

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

Microsoft: Windows CLFS Zero-Day Exploited by Ransomware Gang

Microsoft April 2025 Patch Tuesday Fixes Exploited Zero-Day, 134 Flaws

NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog

4/7/2025

Public Officials Separate Workplace and Personal Online Lives. Hackers Don’t Care.

Darknet’s Xanthorox AI Offers Customizable Tools for Hackers

UK Loses Bid to Keep Apple Appeal Against Demand for iPhone ‘Backdoor’ a Secret

Alleged Scattered Spider SIM-Swapper Must Pay back $13.2m to 59 Victims

Six Arrested for AI-Powered Investment Scams That Stole $20 Million

Australian Regulator Pulls Licenses of 95 Companies in Effort to Crack Down on Investment Scams

Russia Arrests CEO of Tech Company Linked to Doppelgänger Disinformation Campaign
Hackers Are Pretending to Be Drone Companies and State Agencies to Spy on Ukrainian Victims

Someone Hacked Ransomware Gang Everest’s Leak Site

Food Giant WK Kellogg Discloses Data Breach Linked to Clop Ransomware

Flaw in ESET Security Software Used to Spread Malware From ToddyCat Group

Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign

Windows 11 24H2 Blocked on PCs with Code-Obfuscation Driver BSODs

Google Fixes Android Zero-Days Exploited in Attacks, 60 Other Flaws

4/4-6/2025

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

NSA Director Fired After Trump’s Meeting With Right-Wing Influencer Laura Loomer

Krebs: Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe

Maryland Pharmacist Used Keyloggers to Spy on Coworkers for a Decade, Victim Alleges

Russia Jails Hacker for Two Years Over Cyberattack on Local Tech Company

Toll Payment Text Scam Returns in Massive Phishing Wave

Coinbase to Fix 2FA Account Activity Entry Freaking Out Users

For Bitcoin Bulls Who Self-Custody Crypto, the Global Risks Are Growing

Alan Turing Institute: UK Can’t Handle a Fight Against AI-Enabled Crims

OpenAI Tests Watermarking for ChatGPT-4O Image Generation Model
Hackers Strike Australia’s Largest Pension Funds in Coordinated Attacks

Europcar GitLab Breach Exposes Data of up to 200,000 Customers

Port of Seattle Says Ransomware Breach Impacts 90,000 People

Life University Confirms Data Breach Following July 2024 Cybersecurity Incident

LiUNA Announces Data Breach Following Confirmed Ransomware Attack

PoisonSeed Phishing Campaign Behind Emails With Wallet Seed Phrases

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

WinRAR Flaw Bypasses Windows Mark of the Web Security Alerts

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

4/3/2025

Hackers Hit Ukrainian State Agencies, Critical Infrastructure With New ‘Wrecksteel’ Malware

Poland’s Prime Minister Says Cyberattack Targeted His Party as Election Nears

Suspected Chinese Spies Right Now Hijacking Buggy Ivanti Gear – For Third Time in 3 Years

Why Is Someone Mass-Scanning Juniper and Palo Alto Networks Products?

Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware

Amateur Hacker ‘Coquettte’ Leverages Russian Bulletproof Hosting Server Proton66 to Spread Malware

Microsoft at 50: Its Incredible Rise, 15 Lost Years, and Stunning Comeback – In 4 Charts
Texas State Bar Warns of Data Breach After INC Ransomware Claims Attack

Oracle Privately Confirms Cloud Breach to Customers

Sensitive Data Breached in Highline Schools Ransomware Incident

Hunters International Shifts From Ransomware to Pure Data Extortion

Hacker Claims Twilio’s SendGrid Data Breach, Selling 848,000 Records

U.S., Australia, Canada Warn of ‘Fast Flux’ Scheme Used by Ransomware Gangs

CISA Warns of Fast Flux DNS Evasion Used by Cybercrime Gangs

Recent GitHub Supply Chain Attack Traced to Leaked Spotbugs Token

Max Severity RCE Flaw Discovered in Widely Used Apache Parquet

Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent

4/2/2025

Waltz and Staff Used Gmail for Government Communications, Officials Say

Cybersecurity Professor Xiaofeng Wang Faced China-Funding Inquiry Before Disappearing, Sources Say

Cybersecurity Professor Targeted by FBI Has Not Been Detained, Lawyer Says

Crimelords at Hunters International Tell Lackeys Ransomware Too ‘Risky’

GitHub Expands Security Tools After 39 Million Secrets Leaked in 2024

Microsoft Adds Hotpatching Support to Windows 11 Enterprise

Gray Bots Surge as Generative AI Scraper Activity Increases

ChatGPT Is Down Worldwide With Something Went Wrong Error

OpenAI Backs Deepfake Cybersecurity Startup Adaptive Security in New Funding Round

Genetic Data Site OpenSNP to Close and Delete Data Over Privacy Concerns

Police Shuts Down KidFlix Child Sexual Exploitation Platform
Royal Mail Investigates Data Breach Affecting Supplier

Verizon Call Filter API Flaw Exposed Customers’ Incoming Call History

Native Tribe in Minnesota Says Cyber Incident Knocked Out Healthcare, Casino Systems

The Siegel Group Announces Data Breach Following Early 2025 Cyberattack

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

Cisco Warns of CSLU Backdoor Admin Account Used in Attacks

Stripe API Skimming Campaign Unveils New Techniques for Theft

Counterfeit Android Devices Found Preloaded With Triada Malware

Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

4/1/2025

North Korean IT Worker Army Expands Operations in Europe

Someone Is Trying to Recruit Security Researchers in Bizarre Hacking Campaign

China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions

European Commission Takes Aim at End-To-End Encryption and Proposes Europol Become an EU FBI

Google to Switch on E2EE for All Gmail Users

OpenAI says Deep Research is Coming to ChatGPT Free “Very Soon”

Microsoft to Mark Five Decades of Ctrl-Alt-Deleting the Competition

New Windows 11 Trick Lets You Bypass Microsoft Account Requirement
Ukraine Blames Russia for Railway Hack, Labels It “Act of Terrorism”

Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

New Phishing Attack Combines Vishing and DLL Sideloading Techniques

Cybercriminals Expand Use of Lookalike Domains in Email Attacks

WP Ultimate CSV Importer Flaws Expose 20,000 Websites to Attacks

Critical Auth Bypass Bug in CrushFTP Now Exploited in Attacks

Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices

3/31/2025

Krebs: How Each Pillar of the 1st Amendment is Under Attack

Cybersecurity Professor Xiaofeng Wang Mysteriously Disappears as FBI Raids His Homes

Canadian Hacker Arrested for Allegedly Stealing Data From Texas Republican Party

British Intel Intern Pleads Guilty to Smuggling Top Secret Data Out of Protected Facility

China Cracks Down on Personal Information Collection. No, Seriously

An AI Image Generator’s Exposed Database Reveals What People Really Used It For

Microsoft Uses AI to Find Flaws in GRUB2, U-Boot, Barebox Bootloaders

AI-Powered Cybersecurity Firm ReliaQuest Raises More Than $500 Million

U.S. Seizes $8.2m From Romance Baiting Scammers

EU Commission to Invest €1.3bn in Cybersecurity and AI

French Regulator Fines Apple $162 Million for Anticompetitive Use of Privacy Tool

FTC Says 23andMe Purchaser Must Uphold Existing Privacy Policy for Data Handling

CIOs and CISOs Need a Common Strategy Around AI Copilots
Moscow Subway App and Website Disrupted in Possible Retaliation for Ukraine Railway Hack

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers

API Testing Firm APIsec Exposed Customer Data During Security Lapse

Oracle Under Fire for Its Handling of Separate Security Incidents

Check Point Confirms Breach, but Says It Was ‘Old’ Data and Crook Made ‘False’ Claims

United Domestic Workers of America (CA) Sends Out Data Breach Letters Following Apparent Cyberattack

Georgia Urology Notifies Patients of Data Breach Following Compromised Employee Email Accounts

Phishing Platform ‘Lucid’ Behind Wave of iOS, Android SMS Attacks

Evilginx Tool (Still) Bypasses MFA

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Bridging the Gap Between the CISO & the Board of Directors

3/28-30/2025

Trump CISA Cuts Threaten U.S. Election Integrity, Experts Warn

Solar Power System Vulnerabilities Could Result in Blackouts

Nine in Ten Healthcare Organizations Use the Most Vulnerable IoT Devices

OpenAI Now Pays Researchers $100,000 for Critical Vulnerabilities

Hijacked Microsoft Web Domain Injects Spam Into SharePoint Servers

Madison Square Garden’s Surveillance System Banned This Fan Over His T-Shirt Design

Personal Info on Federal Judges Is Widely Accessible Online, Leading to Safety Risks
Oracle Health Breach Compromises Patient Data at U.S. Hospitals

Retail Giant Sam’s Club Investigates Clop Ransomware Breach Claims

Pacific Residential Mortgage (OR) Confirms Data Breach Following Recent Ransomware Attack

Phishing-As-A-Service Operation Uses DNS-Over-HTTPS for Evasion

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

New Ubuntu Linux Security Bypasses Require Manual Mitigations

3/27/2025

Chinese FamousSparrow Hackers Deploy Upgraded Malware in Attacks

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

Two Serbian Journalists Reportedly Targeted With Pegasus Spyware

Krebs: When Getting Phished Puts You in Mortal Danger

Troy Hunt: A Sneaky Phish Just Grabbed my Mailchimp Mailing List

No MFA? Expect Hefty Fines, UK’s ICO Warns

UK Fines Software Provider £3.07 Million for 2022 Ransomware Breach

UK NCSC Urges Domain Registrars to Improve Security

Security Shop Pwns BlackLock Ransomware Gang, Passes Insider Info to Authorities

Vivaldi Integrates Proton VPN Into the Browser to Fight Web Tracking

WhatsApp’s Meta AI Is Now Rolling out in Europe, and It Can’t Be Turned Off

SignalGate Is Driving the Most U.S. Downloads of Signal Ever

European Officials Increasingly Certain Baltic Sea Cable Breaks Are Accidental, Not Sabotage

Russia Arrests Three for Allegedly Creating Mamont Malware, Tied to Over 300 Cybercrimes
Russian Media, Academia Targeted in Espionage Campaign Using Google Chrome Zero-Day Exploit

Ukraine’s State Railway Restores Online Ticket Sales After Major Cyberattack

Vulnerable Children’s Details at Risk in Data Cardiff Breach

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

PJobRAT Malware Targets Users in Taiwan via Fake Apps

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records

Infostealer Campaign Compromises 10 Npm Packages, Targets Devs

Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks

CoffeeLoader Malware Loader Linked to SmokeLoader Operations

Dozens of Solar Inverter Flaws Could Be Exploited to Attack Power Grids

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

Mozilla Warns Windows Users of Critical Firefox Sandbox Escape Flaw

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

3/26/2025

Austria Uncovers Alleged Russian Disinformation Campaign Spreading Lies About Ukraine

RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment

New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations

U.S. Intel Leaders Are Grilled Again About the Leaked Signal Chat as More Details Emerge

Here Are the Attack Plans That Trump’s Advisers Shared on Signal

SignalGate Isn’t About Signal

DOGE Staffer ‘Big Balls’ Provided Tech Support to Cybercrime Ring, Records Show

SEC’s Hester Peirce Discusses New Approach to Crypto and Cyber Rule Making

Secure Browser Startup Island Raises $250 Million
Oracle Customers Confirm Data Stolen in Alleged Cloud Breach Is Valid

StreamElements Discloses Third-Party Data Breach After Hacker Leaks Data

SecurityScorecard Observes Surge in Third-Party Breaches

UK Warns of Emerging Threat From ‘Sadistic’ Online ‘Com Networks’ of Teenage Boys

Malicious npm Packages Deliver Sophisticated Reverse Shells

Threat Actors Abuse Trust in Cloud Collaboration Platforms

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Cybersecurity Gaps Leave Doors Wide Open

Claude is Testing ChatGPT-Like Deep Research Feature Compass

3/25/2025

Lengthy Disruption of Russian Internet Provider Claimed by Ukrainian Hacker Group

Ukraine Railways Say Sunday’s Cyber Attack Hit Its Online Freight Services

Cyber Command Official Is Trump’s Choice for Pentagon Policy Job

What Is Signal, the Messaging App Trump Team Used to Share War Plans?

NSA Warned of Vulnerabilities in Signal App a Month Before Houthi Strike Chat

Senate Democrats Dissatisfied With Intel Officials’ Responses About Signal Chat

Signal Is App of Choice for Trump Allies and Opponents Alike

How to Tell if Your Online Accounts Have Been Hacked

Cloudflare R2 Service Outage Caused by Password Rotation Error

Flurry to Pay $3.5 Million for Harvesting Sexual and Reproductive Health Data From Period App

5 Considerations for a Data Loss Prevention Rollout
Hacker Defaces NYU Website, Exposing Admissions Data on 1 Million Students

Nearly $13 Million Stolen From Abracadabra Finance in Crypto Heist

Malaysia PM Says Country Rejected $10 Million Ransom Demand After Airport Outages

New Android Malware Uses .NET MAUI to Evade Detection

Cybercriminals Use Atlantis AIO to Target 140+ Platforms

Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker

Browser-In-The-Browser Attacks Target CS2 Players’ Steam Accounts

EncryptHub Linked to MMC Zero-Day Attacks on Windows Aystems

New Windows Zero-Day Leaks NTLM Hashes, Gets Unofficial Patch

Broadcom Warns of Authentication Bypass in VMware Windows Tools

CrushFTP Warns Users to Patch Unauthenticated Access Flaw Immediately

3/24/2025

Chinese Weaver Ant Hackers Spied on Telco Network for 4 Years

APT ‘Weaver Ant’

The Trump Administration Accidentally Texted Me Its War Plans

SANS Institute Warns of Novel Cloud-Native Ransomware Attacks

23andMe Files for Bankruptcy, Customers Advised to Delete DNA Data

How to Delete Your Data From 23andMe

Google’s $32 Billion Wiz Deal May Signal a Turning Point for Slow IPO, M&A Markets

Authorities Seize 1842 Devices in Africa’s Cybercrime Crackdown

Alleged Snowflake Hacker Agrees to Be Extradited to the U.S.
Ukraine Railway Systems Hit by Targeted Cyber-Attack

Ukraine Sees Russian Effort to Sow Chaos

South Africa’s Astral Foods Hit by Cybersecurity Incident

Hackers Steal Sensitive Data From Union County (PA) During Ransomware Attack

DrayTek Routers Worldwide Go into Reboot Loops Over Weekend

VanHelsingRaaS Expands Rapidly in Cybercrime Market

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

Google Gemini’s Astra (Screen Sharing) Rolls Out on Android for Some Users

3/21-23/2025

Trump Denies Musk to Be Briefed on Top-Secret Plan for Potential War With China

Trump Administration Begins Shifting Cyberattack Response to States

China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

Krebs: Arrests in Tap-to-Pay Scheme Powered by Phishing

FBI Warnings Are True—Fake File Converters Do Push Malware

Cloudflare Now Blocks All Unencrypted Traffic to Its API Endpoints

Major Web Services Go Dark in Russia Amid Reported Cloudflare Block

Microsoft: Exchange Online Bug Mistakenly Quarantines User Emails

Why Cyber Quality Is the Key to Security
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed

Oracle Denies Breach After Hacker Claims Theft of 6 Million Data Records

YouTube Account of Costa Rica’s Presidency Back Online After Cyber Attack

Steam Pulls Game Demo Infecting Windows With Info-Stealing Malware

Fake Semrush Ads Used to Steal SEO Professionals’ Google Accounts

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

Albabat Ransomware Evolves to Target Linux and macOS

Microsoft Trusted Signing Service Abused to Code-Sign Malware

Cybercriminals Exploit CheckPoint Antivirus Driver in Malicious Campaign

Veeam RCE Bug Lets Domain Users Hack Backup Servers, Patch Now

3/20/2025

Taiwan Critical Infrastructure Targeted by Hackers With Possible Ties to Volt Typhoon

FishMonger APT Group Linked to I-SOON in Espionage Campaigns

North Korea Launches New Unit With a Focus on AI Hacking, per Report

Low-Cost Drone Add-Ons From China Let Anyone With a Credit Card Turn Toys Into Weapons of War

U.S. Offers $15M Reward for Team Accused of Smuggling Drone Tech to Iran

Krebs: DOGE to Fired CISA Staff: Email Us Your Personal Data

More Than 400 Social Security Numbers, Other Private Information Revealed in JFK Files

Wiz Deal Buoys Cyber Startup Outlook

The Post-Quantum Cryptography Apocalypse Will Be Televised in 10 Years, Says UK’s NCSC

Rooted Devices 250 Times More Vulnerable to Compromise

Google Sues Alleged Scammers Over 10,000 Fake Maps Listings

Ex-Michigan Assistant Charged With Hacking Computer Accounts

China’s Baidu Denies Data Breach After Executive’s Daughter Leaks Personal Info
Major Web Services Go Dark in Russia Amid Reported Cloudflare Block

Malware Campaign ‘DollyWay’ Breached 20,000 WordPress Sites

HellCat Hackers Go on a Worldwide Jira Hacking Spree

GitHub Action Supply Chain Attack Exposed Secrets in 218 Repos

ESHYFT (NJ) Allegedly Leaves Database Exposed, Leading to Potentially Large-Scale Data Breach

Parascript (CO) Announces Data Breach Following August 2024 Ransomware Attack

RansomHub Ransomware Uses New Betruger ‘Multi-Function’ Backdoor

VSCode Extensions Found Downloading Early-Stage Ransomware

CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation

Critical Cisco Smart Licensing Utility Flaws Now Exploited in Attacks

Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems

WordPress Security Plugin WP Ghost Vulnerable to Remote Code Execution Bug

Kali Linux 2025.1a Released With 1 New Tool, Annual Theme Refresh

3/19/2025

U.S. Suspends Some Efforts to Counter Russian Sabotage as Trump Moves Closer to Putin

Ex-U.S. Cyber Command Chief: Europe and 5 Eyes Can’t Fully Replicate U.S. Intel

Hong Kong Aims to Safeguard Key Facilities With New Cybersecurity Law

Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia

Europol Warns of “Shadow Alliance” Between States and Criminals

WhatsApp Patched Zero-Click Flaw Exploited in Paragon Spyware Attacks

Researchers Name Six Countries as Likely Customers of Paragon’s Spyware

Click Profit Blocked by the FTC Over Alleged E-commerce Scams

Turkey Restricts Social Media Following Arrest of President’s Main Rival
Ukrainian Military Targeted in New Signal Spear-Phishing Attacks

Ukraine’s IT Army Keeps up Attacks on Russia Despite Waning Media Hype

Attackers Swipe Data of 500K+ People From Pennsylvania Teachers Union

Names, Bank Info, and More Spills From Top Sperm Bank California Cryobank

Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge

New Arcane Infostealer Infects YouTube, Discord Users via Game Cheats

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems

3/18/2025

China Identifies Taiwanese Hackers Allegedly Behind Cyberattacks and Espionage

China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation

Third of UK Supply Chain Relies on “Chinese Military” Companies

BlackBasta Ransomware Ties to Russian Authorities Uncovered

Poisoned Windows Shortcuts Found to Be a Favorite of Chinese, Russian, N. Korean State Hackers

Security Researcher Proves GenAI Tools Can Develop Google Chrome Infostealers

New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors

New Report Highlights Common Passwords in RDP Attacks

Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz

CISA Fires, Rehires & Immediately Benches Security Crew on Full Pay

This New Tool Lets You See How Much of Your Data Is Exposed Online – And It’s Free
GitHub Action Hack Likely Led to Another in Cascading Supply Chain Attack

Municipalities in Four States Are Struggling With Cyberattacks Limiting Services

Western Alliance Bank Notifies 21,899 Customers of Data Breach

Blockchain Gaming Platform WEMIX Hacked to Steal $6.1 Million

HELLCAT: Jaguar Land Rover Breach Highlights Growing Cybersecurity Risks in Automotive Sector

Grede Holdings (MI) Sends Out Round of Data Breach Letters Following January 2025 Cybersecurity Incident

New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

Apple Has Revealed a Passwords App Vulnerability That Lasted for Months

Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017

3/17/2025

Cloudflare Introduces E2E Post-Quantum Cryptography Protections

U.S. Legislators Demand Transparency in Apple’s UK Backdoor Court Fight

States Vie for Fired Federal Cyber Workers

Google in Fresh Talks to Buy Cybersecurity Startup Wiz for $30 Billion

How Economic Headwinds Influence the Ransomware Ecosystem

OKX Suspends DEX Aggregator after Lazarus Hackers Try to Launder Funds

Telegram CEO Pavel Durov Leaves France Temporarily as Criminal Probe Continues
‘Mora_001’ Ransomware Gang Exploiting Fortinet Bug Spotlighted by CISA in January

Cherokee County School District (SC) Remains Offline After Data Breach

Microsoft: New RAT Malware Used for Crypto Theft, Reconnaissance

Researchers Confirm BlackLock as Eldorado Rebrand

Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

3/14-16/2025

North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps

Krebs: ClickFix: How to Infect Your PC in Three Easy Steps

Apple Will Soon Support Encrypted RCS Messaging With Android Users

Google Refuses to Deny It Received Encryption Order From UK Government

A New Era of Attacks on Encryption Is Starting to Heat Up

New Akira Ransomware Decryptor Cracks Encryptions Keys Using GPUs

Top 10 Takeaways from the New HIPAA Security Rule NPRM

Infosys Settles Lawsuits Against U.S. Unit Over Cyber Incident for $17.5 Million

LockBit Ransomware Developer Extradited to U.S.

FCC Stands up Council on National Security to Fight China in Ways That CISA Used To
Europe’s Telecoms Sector Under Increased Threat From Cyber Spies, Warns Denmark

Ransomware Attack Takes Down Health System Network in Micronesia

Fraudsters Impersonate Clop Ransomware to Extort Businesses

Coinbase Phishing Email Tricks Users With Fake Wallet Migration

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Malicious Adobe, DocuSign OAuth Apps Target Microsoft 365 accounts

Fake “Security Alert” Issues on GitHub use OAuth App to Hijack Accounts

OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection

Black Basta Ransomware Gang Creates Tool to Automate VPN Brute-Force Attacks

Cisco IOS XR Vulnerability Lets Attackers Crash BGP on Routers

3/13/2025

Volt Typhoon Accessed U.S. OT Network for Nearly a Year

Juniper Patches Bug That Let Chinese Cyberspies Backdoor Routers

‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge

CISA: We Didn’t Fire Red Teams, We Just Unhired a Bunch of Them

White House Instructs Agencies to Avoid Firing Cybersecurity Staff, Email Says

Albania Starts Turning off TikTok Amid Concern Over Youth Violence

UK ICO Fires GDPR “Warning Shot” Over Use of Children’s Data

Calls Grow for UK to Move Secret Apple Encryption Court Hearing to Public Session
‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality

Why the Toll Road Text Scam Is Out of Control Across the U.S., and Apple, Android Can’t Do Anything to Stop It

New SuperBlack Ransomware Exploits Fortinet Auth Bypass Flaws

Bank of America Warns Customers of Data Breach After Document Handling Mishap

Professional Law Enforcement Association (MI) Files Notice of Data Breach with State Attorney General

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

Microsoft Apologizes for Removing VSCode Extensions Used by Millions

3/12/2025

Chinese Hackers Implant Backdoor Malware on Juniper Routers

This Is the FBI, Open Up. China’s Volt Typhoon Is on Your Network

Schools Use AI to Monitor Kids, Hoping to Prevent Violence. Our Investigation Found Security Risks

Machine Identities Outnumber Humans Increasing Risk Seven-Fold

Australia Regulator Sues FIIG Securities for Cybersecurity Failures

Cyber Reporting Rules Savaged in House Hearing

Trump Administration Shakes Up CISA with Staff and Funding Cuts

Trump’s FTC Advances Broad Antitrust Probe of Microsoft, Bloomberg News Reports

The Violent Rise of ‘No Lives Matter’

Signal No Longer Cooperating With Ukraine on Russian Cyberthreats, Official Says
Spyware in Bogus Android Apps Is Attributed to North Korean Group

New North Korean Android Spyware Slips Onto Google Play

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

Tata Technologies’ Data Leaked by Hunters International Ransomware Gang

CISA: Medusa Ransomware Hit Over 300 Critical Infrastructure Orgs

HOLT Group (TX) Files Notice of Data Breach Leaking Consumer’s Financial Information

Facebook Discloses FreeType 2 Flaw Exploited in Attacks

Mozilla Warns Users to Update Firefox Before Certificate Expires

Krebs: Microsoft with 6 Zero-Days in March 2025 Patch Tuesday

Microsoft Patches Windows Kernel Zero-Day Exploited Since 2023

3/11/2025

North Korean Lazarus Hackers Infect Hundreds via npm Packages

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

Sean Plankey Picked by Trump to Be CISA Director

University of South Florida Gets $40 Million to Start Cyber and AI College

95% of Data Breaches Tied to Human Error in 2024

Steganography Explained: How XWorm Hides Inside Images

Krebs: Alleged Co-Founder of Garantex Arrested in India

Trump Administration Ends FTC’s Ransomware Data Breach Case Against MGM Resorts

Balancing Cybersecurity Accountability & Deregulation
PowerSchool Previously Hacked in August, Months Before Data Breach

‘Uber for Nurses’ Exposes 86K+ Medical Records, PII in Open S3 Bucket for Months

MassJacker Malware Uses 778,000 Wallets to Steal Cryptocurrency

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices

Critical PHP RCE Vulnerability Mass Exploited in New Attacks

CISA Urges All Organizations to Patch Exploited Critical Ivanti and VeraCore Vulnerabilities

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches

Microsoft March 2025 Patch Tuesday Fixes 7 Zero-Days, 57 Flaws

Apple Fixes Webkit Zero-Day Exploited in ‘Extremely Sophisticated’ Attacks

This Is the One Security Fix Added in iOS 18.3.2 and More

3/10/2025

Multiple Outages at X Caused by ‘Massive Cyberattack,’ Musk Claims

X Hit by ‘Massive Cyberattack’ Amid Dark Storm’s DDoS Claims

UK AI Research Under Threat From Nation-State Hackers

Surge in Malicious Software Packages Exploits System Flaws

Switzerland Mandates Cyber-Attack Reporting for Critical Infrastructure

Allstate Insurance Sued for Delivering Personal Info on a Platter, in Plaintext, to Anyone Who Went Looking For It

Trump Administration Ends FTC’s Ransomware Data Breach Case Against MGM Resorts

U.S. Gov’t Says Americans Lost Record $12.5 Billion to Fraud in 2024

FTC Will Send $25.5 Million to Victims of Tech Support Scams

North Korean Lazarus Hackers Cash out Hundreds of Millions From $1.5bn ByBit Hack
Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools

Sunflower Medical Group (KS) Says More Than 220,000 Impacted by Cyberattack

Central Texas Pediatric Orthopedics Announces Data Breach Affecting at Least 90,000 People

What PowerSchool Won’t Say About Its Data Breach Affecting Millions of Students

Scam Spoofs Binance Website and Uses Trump Coin as Lure for Malware

SIM Swapping Fraud Surges in the Middle East

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Google Paid $12 Million in Bug Bounties Last Year to Security Researchers

3/7-9/2025

Two U.S. Army Soldiers Charged With Selling Military Secrets to China

White House Cyber Director’s Office Set for More Power Under Trump, Experts Say

Cyber Companies Stress AI as Core Future Technology

Palantir Delivers First Two AI-Enabled Systems to U.S. Army

Ransomware Groups Favor Repeatable Access Over Mass Vulnerability Exploits

YouTubers Extorted via Copyright Strikes to Spread Malware

Employee of Unnamed Company Charged With Stealing Unreleased Movies, Sharing Them Online

U.S. Seizes $23 Million in Crypto Linked to LastPass Breaches

Krebs: Feds Link $150M Cyberheist to 2022 LastPass Hacks

Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist

U.S. Charges Garantex Admins With Money Laundering, Sanctions Violations

Developer Guilty of Using Kill Switch to Sabotage Employer’s Systems

Undocumented Commands Found in Bluetooth Chip Used by a Billion Devices
Microsoft: North Korean Hackers Join Qilin Ransomware Gang

Data Breach at Japanese Telecom Giant NTT Hits 18,000 Companies

Home Appliance Company Presto Says Cyberattack Causing Delivery Delays

Chicago Public Schools Data Breach: What to Know, How It Affects You

RansomHub Hackers Leak Sensitive Data From Elite Bronx Private School Riverdale Country School After Ransomware Attack

Mission (TX) Declares State of Emergency After Cyberattack on Government Systems

Amerman Ginder (PA) Files Official Notice of Data Breach

A Brand-New Botnet Is Delivering Record-Size DDoS Attacks

U.S. Cities Warn of Wave of Unpaid Parking Phishing Texts

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Unpatched Edimax IP Camera Flaw Actively Exploited in Botnet Attacks

Bug Affecting PHP Scripts Demands ‘Immediate Action From Defenders Globally’

3/6/2025

Russia Claims Ukraine Hacked State Youth Organizations to Recruit Minors

Trump’s Spy Chief Tulsi Gabbard Urged to Declassify Details of Secret Surveillance Program

Pentagon Cuts Threaten Programs That Secure Loose Nukes and Weapons of Mass Destruction

Krebs: Who is the DOGE and X Technician Branden Spikes?

The U.S. Army Is Using ‘CamoGPT’ to Purge DEI From Training Materials

Enterprise AI Through a Data Security Lens: Balancing Productivity With Safety

Why Security Leaders Are Opting for Consulting Gigs

Cybersecurity Job Satisfaction Plummets, Women Hit Hardest

It’s ‘Never Been Easier’ to Become an Online Scammer as Cybercrime Markets Flourish, Security Experts Warn

U.S. Seizes Domain of Garantex Crypto Exchange Used by Ransomware Gangs

Cybercrime ‘Crew’ Stole $635,000 in Taylor Swift Concert Tickets

Malicious Chrome Extensions Can Spoof Password Managers in New Attack

Armis Buys Otorio for $120M to Beef up Cybersecurity in Physical Spaces
Attackers Target Japanese Firms with Cobalt Strike

Thousands of Public School Workers Impacted by Cyberattack on Retirement Plan Administrator

Scott County (IA) Notifies Residents of Data Breach

FlexCare Sends Out Data Breach Letters Following Email Compromise

The Badbox Botnet Is Back, Powered by up to a Million Backdoored Androids

Microsoft Says Malvertising Campaign Impacted 1 Million PCs

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

Akira Ransomware Gang Encrypted Network From a Webcam to Bypass EDR

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Ethereum Private Key Stealer on PyPi Downloaded Over 1,000 Times

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Vulnerability in Chaty Pro Plugin Exposes 18,000 WordPress Sites

Over 37,000 VMware ESXi Servers Vulnerable to Ongoing Attacks

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution

3/5/2025

Silk Typhoon Shifts Tactics to Exploit Common IT Solutions

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

12 Chinese Hackers Charged With U.S. Treasury Breach — And Much, Much More

DOJ to Appeal Court Decision Ruling Broad Cell Phone Tower Searches Are Unconstitutional

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers

Would-be Extortionists Send “BianLian” Ransom Notes in the Mail

Mass Federal Layoffs Will Hurt Cybersecurity, Former Top U.S. Security Official Says

Rural Hospitals in U.S. Need to Invest at Least $70 Million in Cybersecurity, Microsoft Finds
Qilin Ransomware Gang Claims Attacks on Cancer Clinic, OB-GYN Facility

Toronto Zoo Shares Update on Last Year’s Ransomware Attack

Two Decades of Visitor Data

Loyola University Maryland Sends Data Breach Letters Following July 2024 Cyberattack

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Microsoft Teams Tactics, Malware Connect Black Basta, Cactus Ransomware

Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America

Open-Source Tool ‘Rayhunter’ Helps Users Detect Stingray Attacks

People Are Using Super Mario to Benchmark AI Now

3/4/2025

Russia to Redeploy Resources Freed up by End of War in Ukraine, Warns Finnish Intelligence

Polish Space Agency Offline as It Recovers From Cyberattack

North Koreans Finish Initial Laundering Stage After More Than $1 Billion Stolen From Bybit

North Korean Fake IT Workers Leverage GitHub to Build Jobseeker Personas

Private 5G Networks Face Security Risks Amid AI Adoption

YouTube Warns Creators an AI-Generated Video of Its CEO Is Being Used for Phishing Scams

Google Messages Is Using AI to Detect Scam Texts

It’s Bad Enough We Have to Turn on Cams for Meetings, Now the Person Staring at You May Be an AI Deepfake

Apple Reportedly Challenges the UK’s Secretive Encryption Crackdown

Catalan Court Orders Former NSO Group Executives Be Indicted for Spyware Abuses

Treasury Sanctions Iranian National Behind Defunct Nemesis Darknet Marketplace

Iran Linked to More Than 20 Plots to Kill or Kidnap British Citizens and Residents
Polyglot: New Cyber-Espionage Campaign Targets UAE Aviation and Transport

Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers

New Eleven11bot Botnet Infects 86,000 Devices for DDoS Attacks

Gregory & Appel Insurance (IN) Announces Data Breach Impacting Consumer Social Security Numbers

Hunters International Ransomware Claims Attack on Tata Technologies

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Dark Caracal Group Might Have Refreshed Its Malware, Researchers Say

Cisco Warns of Webex for BroadWorks Flaw Exposing Credentials

VMware Warns Customers to Patch Actively Exploited Zero-Day Vulnerabilities

Google’s March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities

GreyNoise Intelligence Releases New Research on Cybersecurity Vulns

Half of Online Gambling Firms Lose 10% of Revenue to Fraud

3/3/2025

CISA Denies Reports of Shift in Cybersecurity Posture Amid Russian Threats

Finland Releases Russian ‘Spy’ Ship but Continues to Detain Three Crew Members as Suspects

Russian Telecom Beeline Facing Outages After Cyberattack

Vodafone Trials Quantum-Safe Tech to Protect Smartphone Browsing

Microsoft Unveils Finalized EU Data Boundary as European Doubt Over U.S. Grows

Governments Can’t Seem to Stop Asking for Secret Backdoors

ICO Launches TikTok, Reddit & Imgur Investigation Over Use of Children’s Data

Cybersecurity Not the Hiring-’Em-Like-Hotcakes Role It Once Was
Rubrik Rotates Authentication Keys After Log Server Breach

Palau Health Ministry on the Mend After Qilin Ransomware Attack

Lee Enterprises Ransomware Attack Hits Freelance and Contractor Payments

Penn-Harris-Madison Schools (IN) Combat Ransomware Attack, Systems Shut down as Precaution

ClickFix Phishing Campaign Uses Havoc Framework to Control Infected Systems

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Attackers Leverage Microsoft Teams and Quick Assist for Access

CISA Tags Windows, Cisco Vulnerabilities as Actively Exploited

2/28-3/2/2025

Cyberattack Detected at Polish Space Agency, Minister Says

German Government Denies Foreign Election Interference Was Successful

Hegseth Orders Cyber Command to Stand down on Russia Planning

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone

Krebs: Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

The Biggest Data Breaches of 2025 — So Far

Third-Party Attacks Drive Major Financial Losses in 2024

U.S. Recovers $31 Million Stolen in 2021 Uranium Finance Hack

Cybersecurity M&A Roundup: SolarWinds Acquired for $4.4bn

The UK Will neither Confirm nor Deny That It’s Killing Encryption

China Tells Its AI Leaders to Avoid U.S. Travel Over Security Concerns

Prolific Data Extortion Actor Arrested in Thailand

Police Arrests Suspects Tied to AI-Generated CSAM Distribution Ring

California Shuts Down Data Broker for Failing to Register
Zapier Says Someone Broke Into Its Code Repositories and May Have Accessed Customer Data

India’s Angel One Says Assessing Impact After Security Breach

Qilin Ransomware Claims Attack at Lee Enterprises, Leaks Stolen Data

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

Ransomware Gangs Exploit Paragon Partition Manager Bug in BYOVD Attacks

Old Vulnerabilities Among the Most Widely Exploited

Ransomware Criminals Love CISA’s KEV List – And That’s a Bug, Not a Feature

C++ Creator Calls for Help to Defend Programming Language From ‘Serious Attacks’

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

2/27/2025

Belgium Probes if Chinese Hackers Breached Its Intelligence Service

Chinese Cyber Espionage Jumps 150%, CrowdStrike Finds

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

OpenSSF Publishes Security Framework for Open Source Software

Does Terrible Code Drive You Mad? Wait Until You See What It Does to OpenAI’s GPT-4O

A Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life.

Hackers Stole this Engineer’s 1Password Database. Could It Happen to You?

Microsoft Names Developers Behind Illicit AI Tools Used in Celebrity Deepfake Scheme

Krebs: U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Suspected Desorden Hacker Arrested for Breaching 90 Organizations

Privacy Tech Firms Warn France’s Encryption and VPN Laws Threaten Privacy

Meta Fixes Error That Exposed Instagram Users to Graphic and Violent Content

Thousands Rescued From Scam Compounds in Myanmar Now Stuck at Thai Border
Philippine Army Confirms Attack on Its Networks

DragonForce Ransomware Hits Saudi Firm, 6TB Data Stolen

FBI Confirms Lazarus Hackers Were Behind $1.5B Bybit Crypto Heist

FBI Urges Crypto Community to Avoid Laundering Funds From Bybit Hack

Winos 4.0 Malware Targets Taiwan With Email Impersonation

Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations

Over 49,000 Misconfigured Building Access Systems Exposed Online

Southern Water Says Black Basta Ransomware Attack Cost £4.5m in Expenses

GrassCall Malware Campaign Drains Crypto Wallets via Fake Job Interviews

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Vo1d Malware Botnet Grows to 1.6 Million Android TVs Worldwide

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

Nakivo Fixes Critical Flaw in Backup & Replication Tool

Software Vulnerabilities Take Almost Nine Months to Patch

2/26/2025

CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries

Geopolitical Tension Fuels APT and Hacktivism Surge

NSA Says It Is Investigating Potential Misuse of Chat Platform

Romanian Police Question Pro-Russian Presidential Candidate Following Kremlin Interference

What Apple Pulling Advanced Data Protection Means for You

U.S. Examining Whether UK’s Encryption Demand on Apple Broke Data Treaty

Signal May Exit Sweden If Government Imposes Encryption Backdoor

Cellebrite Cuts off Serbia Over Abuse of Phone-Cracking Software Against Civil Society

99% of Organizations Report API-Related Security Issues

Cybersecurity Budgets Should Reflect Business Risks, Corporate Leaders Say

Startup PsiQuantum Says It is Making Millions of Quantum Computing Chips

OpenAI’s GPT 4.5 Spotted in Android Beta, Launch Imminent
Bybit Declares War on North Korea’s Lazarus Crime-Ring to Regain $1.5B Stolen From Wallet

Lazarus Hacked Bybit via Breached Safe{Wallet} Developer Machine

‘Cyber Incident’ Shuts Down Cleveland Municipal Court for Third Straight Day

Pump.fun X Account Hacked to Promote Scam Governance Token

Yes! Communities (CO) Sends Data Breach Letters Related to December 2024 Incident

EncryptHub Breaches 618 Orgs to Deploy Infostealers, Ransomware

Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

Malicious PyPI Package “automslc” Enables 104K+ Unauthorized Deezer Music Downloads

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

VSCode Extensions With 9 Million Installs Pulled over Security Risks

Qualcomm Pledges 8 Years of Security Updates for Android Kit using Its Chips (YMMV)

How APT Naming Conventions Make Us Less Safe

2/25/2025

New Auto-Color Linux Backdoor Targets North American Gov’ts, Universities

Ghostwriter Cyber-Attack Targets Ukrainian, Belarusian Opposition

Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks

A Team of Female Founders Is Launching Cloud Security Tech That Could Overhaul AI Protection

Microsoft Invests in Cloud Data Firm Veeam Software to Build AI Products

Only a Fifth of Ransomware Attacks Now Encrypt Data

61% of Hackers Use New Exploit Code Within 48 Hours of Attack

Quarter of Brits Report Deepfake Phone Scams

This Russian Tech Bro Helped Steal $93 Million and Landed in Us Prison. Then Putin Called.

Swedish Authorities Seek Backdoor to Encrypted Messaging Apps

UK Home Office’s New Vulnerability Reporting Mechanism Leaves Researchers Open to Prosecution

Firefox Continues Manifest V2 Support as Chrome Disables MV2 Ad-Blockers

Anthropic’s Claude 3.7 Sonnet Is Here and Results Are Insane
U.S. Drug Testing Firm DISA Says Data Breach Impacts 3.3 Million People

Orange Group Confirms Breach After Hacker Leaks Company Documents

Siberia’s Largest Dairy Plant Reportedly Disrupted With LockBit Variant

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets

Have I Been Pwned Adds 284M Accounts Stolen by Infostealer Malware

‘OpenAI’ Job Scam Targeted International Workers Through Telegram

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

MITRE Caldera Security Suite Scores Perfect 10 for Insecurity

Unmanaged Devices: The Overlooked Threat CISOs Must Confront

2/24/2025

Krebs: Trump 2.0 Brings Cuts to Cyber, Consumer Protections

Screens at HUD Display AI Video of Donald Trump Sucking Elon Musk’s Toes

Australia Bans Kaspersky Software Over National Security and Espionage Concerns

Russia Warns Financial Sector of Major IT Service Provider Hack

Google Is Replacing Gmail’s SMS Authentication With QR Codes

Inside the Telegram Groups Doxing Women for Their Facebook Posts

Michigan Man Indicted for Dark Web Credential Fraud

OpenAI Bans ChatGPT Accounts Used by North Korean Hackers
Bybit Offers $140m Bounty to Recover Funds After Mega Crypto-Heist

North Korean Hackers Linked to $1.5 Billion Bybit Crypto Heist

Nuna Baby Essentials (PA) Sends Data Breach Following Recent Cybersecurity Incident

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

Botnet Targets Basic Auth in Microsoft 365 Password Spray Attacks

Exploits for Unpatched Parallels Desktop Flaw Give Root on Macs

Essential Addons for Elementor XSS Vulnerability Discovered

2/21-23/2025

Ukrainian Hackers Claim Breach of Russian Loan Company Linked to Putin’s Ex-Wife

Chinese Medical Devices Are in Health Systems Across U.S., and the Government and Hospitals Are Worried

Data Leak Exposes TopSec’s Role in China’s Censorship-as-a-Service Operations

OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

India’s Haryana State Pollution Control Board Website ‘Hacked’, Plaint Lodged

Apple Pulls Encryption Feature From UK Over Government Spying Demands

Google Cloud Introduces Quantum-Safe Digital Signatures in KMS

The Cybersecurity Talent Shortage: WSJ Readers Dissect the Problem

Pentagon Fast-Tracks ‘Cyber Command 2.0’ Review, Requests Authorities Wish List

Nations Open ‘Data Embassies’ to Protect Critical Info

Top Polish Anti-Corruption Official Resigns Amid Spyware Probe
Bybit Exchange Hacked, Over $1.4 Billion in ETH-Related Tokens Drained

Beware: PayPal “New Address” Feature Abused to Send Phishing Emails

Fake CS2 Tournament Streams Used to Steal Crypto, Steam Accounts

Phoenix Rehabilitation and Nursing Center Announces Third-Party Data Breach at Unnamed Vendor

VectraRx Mail Pharmacy (AZ) Confirms 2024 Data Breach Leaked Sensitive Information Belonging to 109,383 People

Star Solution Services (BC) Provides Notice of Data Breach Affecting Over 27k Individuals

Anne Arundel County (MD) Investigates Cyber Incident Affecting Payment Systems, Origin Unknown

Williamsburg-James City Schools (VA) Recovered From Cyber Attack

SpyLend Android Malware Downloaded 100,000 Times From Google Play

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks

2/20/2025

Chinese Hackers Use Custom Malware to Spy on U.S. Telecom Networks

China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware

Friedrich Merz Targeted by Pro-Russian Disinformation Before German Vote, Researchers Say

Google Ad-Tech Users Can Target National Security ‘Decision Makers’ and People With Chronic Diseases

Over 330 Million Credentials Compromised by Infostealers

Black Basta Ransomware Gang’s Internal Chat Logs Leak Online

Hacked, Leaked, Exposed: Why You Should Never Use Stalkerware Apps

The Cryptocurrency Scam That Turned a Small Town Against Itself

West Coast Cybersecurity Salaries Outshine Rest of Country

Health Net Federal Services Pays $11M Settlement Over Alleged Cybersecurity Lapses

SEC Replaces Cryptocurrency Fraud Unit With Team Aimed More Broadly at Emerging Tech

When Brand Loyalty Trumps Data Security
Malicious Ads Target Freelance Developers via GitHub

Darcula PhaaS Can Now Auto-Generate Phishing Kits for Any Brand

Ottawa Family Physicians (KS) Notifies Patients of December 2024 Data Breach

UK Healthcare Giant Hcrg Confirms Hack After Ransomware Gang Claims Theft of Sensitive Data

New NailaoLocker Ransomware Used Against EU Healthcare Orgs

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes

Critical Flaws in Mongoose Library Expose MongoDB to Data Thieves, Code Execution

Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Apiiro Unveils Free Scanner to Detect Malicious Code Merges

2/19/2025

Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger

Spies Eye AUKUS Nuclear Submarine Secrets, Australia’s Intelligence Chief Warns

Multiple Foreign Intelligence Agencies Plotting to Murder Dissidents in Australia

Hundreds of U.S. Military and Defense Credentials Compromised

Three Ways to Batten Down Executives’ Personal Digital Lives

Microsoft Creates Chip It Says Shows Quantum Computers Are ‘Years, Not Decades’ Away

Sanctioned Entities Fueled $16 Billion in Cryptocurrency Activity Last Year, Report Says
Pegasus Spyware Infections Found on Several Private Sector Phones

CISA and FBI: Ghost Ransomware Breached Orgs in 70 Countries

Australian IVF Clinic Genea Suffers Data Breach Following Cyber Incident

Phishing Attack Hides JavaScript Using Invisible Unicode Trick

WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack

CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

New WinRAR Version Strips Windows Metadata to Increase Privacy

2/18/2025

Mustang Panda Leverages Microsoft Tools to Bypass Anti-Virus Solutions

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

Sen. Ron Wyden Remains Hopeful for Bipartisan Action on Tech, Cyber Issues

SANS Institute Launches AI Cybersecurity Hackathon

It’s Early, But BlackLock is On Track to Be 2025’s Most Prolific Ransomware Group

Krebs: How Phished Data Turns into Apple & Google Wallets

U.S. Newspaper Publisher Uses Linguistic Gymnastics to Avoid Saying Its Outage Was Due to Ransomware

Managed Healthcare Defense Contractor to Pay $11 Million Over Alleged Cyber Failings
Venture Capital Giant Insight Partners Hit by Cyberattack

Evolving Snake Keylogger Variant Targets Windows Users

Cracked Garry’s Mod, BeamNG.Drive Games Infect Gamers with Miners

Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

OpenSSH Flaws Expose Systems to Critical Attacks

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Trend Micro Predicts Increase in Ai-Driven Cyber Threats in 2025