2/17/2025

Italian Websites Targeted by Alleged Pro-Russian Hackers

Sweden’s PM on Recent Suspected Undersea Cable Sabotage: ‘We Don’t Believe Random Things Suddenly Happen Quite Often’

South Korea Suspends Downloads of AI Chatbot DeepSeek

X Now Blocks Signal Contact Links, Flags Them as Malicious

Chase Will Soon Block Zelle Payments to Sellers on Social Media

Estonian Duo Plead Guilty to $577m Crypto Ponzi Scheme

Austrian Ex-Chancellor Kurz’s Cybersecurity Firm Dream Says Reaches $1 Billion Valuation

Google Chrome’s AI-Powered Security Feature Rolls Out to Everyone
Finastra Announces Data Breach Following Discovery of November 2024 Cyberattack

Xactus (PA) Data Breach Letter Confirms 2024 Incident Compromised Individuals’ Social Security Numbers

Innovative Renal Care (TN) Sends Data Breach Letters Following Early 2024 Incident

Included Health (CA) Provides Notice of Data Breach to an Unknown Number of Individuals

Microsoft Detects New XCSSET MacOS Malware Variant

Telegram Used as C2 Channel for New Golang Malware

Microsoft to Remove the Location History Feature in Windows

How Public & Private Sectors Can Better Align Cyber Defense

2/14-16/2025

Russian Hackers Target Microsoft 365 Accounts With Device Code Phishing

Ukraine Warns of Growing AI Use in Russian Cyber-Espionage Operations

Top U.S. Election Security Watchdog Forced to Stop Election Security Work

Open-Source Code Repository Codeberg Says ‘Far-Right Forces’ Are Behind Massive Spam Attacks

RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally

APIs: The Foundation of Modern Software Development Is Under Rising Cyber Attack

This Open Text-To-Speech Model Needs Just Seconds of Audio to Clone Your Voice

Texas Investigating DeepSeek for Violating Data Privacy Law

Police Risk Losing Society’s Trust in Fight Against Cybercrime, Warns Europol Chief

How Banks Can Adapt to the Rising Threat of Financial Crime
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

Virginia Attorney General’s Office Hit by Cyber Attack

REMSA Health Experiences Cyberattack, Raising Questions of a Possible Data Breach

PPL Electric Utilities (PA) Breach at Vendor Exposed Some Customer Data

Fillmore County Hospital (NE) Announces Data Breach

PirateFi Game on Steam Caught Installing Password-Stealing Malware

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

SonicWall Firewall Bug Leveraged in Attacks After PoC Exploit Release

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls

2/13/2025

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers

Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops

North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks

CISA and FBI Warn Against Buffer Overflow Vulnerabilities

Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners

The Loneliness Epidemic Is a Security Crisis

Krebs: Nearly a Year Later, Mozilla is Still Promoting OneRep

DOGE Hasn’t Accessed Legally Protected Tax Data, Administration Says in Privacy Suit Response

U.S. Lawmakers Press Trump Admin to Oppose UK’s Order for Apple iCloud Backdoor
Chinese Espionage Tools from Emperor Dragonfly Deployed in RA World Ransomware Attack

zkLend Loses $9.5M in Crypto Heist, Asks Hacker to Return 90%

Hacker Leaks Account Data of 12 Million Zacks Investment Users

Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques

FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux

Surge in Attacks Exploiting Old ThinkPHP and ownCloud Flaws

Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software

Buyout Firms Vie for Cybersecurity Firm Trend Micro, Sources Say

Dutch Police Seizes 127 XHost Servers, Dismantles Bulletproof Hoster

2/12/2025

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks

BadPilot Network Hacking Campaign Fuels Russian Sandworm Attacks

Russian-Linked Bots Sow Fear, Distrust Ahead of German Vote

U.S. Reportedly Releases Russian Cybercrime Figure Alexander Vinnik in Prisoner Swap

North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

This Ad-Tech Company Is Powering Surveillance of U.S. Military Personnel

Leaking the Email of Any YouTube User for $10,000

Romance Scams Cost Americans $697.3M Last Year

Serial “Swatter” Behind 375 Violent Hoaxes Targeted His Own Home to Look like a Victim

Trump Plans to Nominate GOP Insider Sean Cairncross as National Cyber Director
Mars Hydro and LG-LED Solutions: Massive IoT Data Breach Exposes 2.7 Billion Records

Sarcoma Ransomware Claims Breach at Giant PCB Maker Unimicron

Ransomware Attack Disrupting Michigan’s Sault Tribe Operations

Heartland Bank (NE) Sends Data Breach Letters Following Recent Email Data Security Incident

Watergate Hotel Hit with Data Breach

Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability

Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now

Krebs: Microsoft Patch Tuesday, February 2025 Edition

Is AI a Friend or Foe of Healthcare Security?

2/11/2025

Order Blocking Musk’s DOGE From Treasury Systems Doesn’t Apply to Secretary Bessent, Judge Says

Probe Finds U.S. Coast Guard Has Left Maritime Cybersecurity Adrift

Nick Robinson’s X Account Hacked to Promote Crypto

In Fighting AI Chip Trade War With China, There’s One Big Mistake U.S. Can’t Afford to Make

U.S. Sanctions LockBit Ransomware’s Bulletproof Hosting Provider

The Company Man: Binance Exec Detained in Nigeria Breaks His Silence

Arizona Woman Pleads Guilty to Running Laptop Farm for N. Korean IT Workers, Faces 9-Year Sentence

Cybersecurity Firm SailPoint Sets Sights on $12.6 Billion Valuation in U.S. IPO
Russian Military Hackers Deploy Malicious Windows Activators in Ukraine

PowerSchool Breach Exposed Special Education Status, Mental Health Data and Parent Restraining Orders

Third-Party Data Breach at ArdyssLife Affects an Unknown Number of Consumers

SonicWall Firewall Exploit Lets Hackers Hijack VPN Sessions, Patch Now

Fortinet Warns of New Zero-Day Exploited to Hijack Firewalls

Microsoft February 2025 Patch Tuesday Fixes 4 Zero-Days, 55 Flaws

Linux Running in a PDF? This Hack Is as Bizarre as It Is Brilliant

Data Leaks Happen Most Often in These States — Here’s Why

2/10/2025

Europol Warns Financial Sector of “Imminent” Quantum Threat

The Rise of the Drone Boats

UK Military Fast-Tracks Cybersecurity Recruitment

Experts Dismayed at UK’s Apple Decryption Demands

Congressional Leaders Given Access to Surveillance Court in Bid for More Transparency

New York State Bans DeepSeek From Government Devices

Indiana Man Gets 20 Years for $37m Crypto Heist

Alabama Man Pleads Guilty to SIM Swap Attack on U.S. SEC X Account

All Your 8Base Are Belong to Us: Ransomware Crew Busted in Global Sting

Why Rebooting Your Phone Daily Is Your Best Defense Against Zero-Click Hackers

Brave Now Lets You Inject Custom JavaScript to Tweak Websites

Microsoft Raises Rewards for Copilot AI Bug Bounty Program
Memorial Hospital and Manor (GA) Alerts 120,000 Individuals of Data Breach

U.S. Newspaper Publisher Lee Enterprises Still Struggling to Print Papers a Week After ‘Cybersecurity Event’

Sky ECC Encrypted Service Distributors Arrested in Spain, Netherlands

VectraRx Mail Pharmacy (AZ) Sends Out Data Breach Letters Following December 2024 Cyberattack

BadIIS Malware Exploits IIS Servers for SEO Fraud

Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

Over 12,000 KerioControl Firewalls Exposed to Exploited RCE Flaw

Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

Apple Releases Security Updates to Block iPhone Passcode Hacking Tools, Again

2/7-9/2025

Krebs: Teen on Musk’s DOGE Team Graduated from ‘The Com’

States Prepare Privacy Lawsuit Against DOGE Over Access to Federal Data

reCAPTCHA: 819 Million Hours of Wasted Human Time and Billions of Dollars in Google Profits

Cloudflare Outage Caused by Botched Blocking of Phishing URL

Microsoft Shares Workaround for Windows Security Update Issues

Apple Ordered to Open Encrypted User Accounts Globally to UK Spying

One of Tax Return Filing Season’s Biggest Financial Risks Isn’t an IRS Audit

India’s RBI Introduces Exclusive “bank.in” Domain to Combat Digital Banking Fraud
HPE Notifies Employees of Data Breach After Russian Office 365 Hack

Hospital Sisters Health System Notifies 882,000 Patients of August 2023 Breach

Phones, Email, Classes Disrupted in University of the Bahamas Ransomware Attack

Massive Brute Force Attack Uses 2.8 Million IPs to Target VPN Devices

Malicious AI Models on Hugging Face Exploit Novel Attack Technique

Cybercriminals Weaponize Graphics Files in Phishing Attacks

Hackers Exploit Cityworks RCE Bug to Breach Microsoft IIS Servers

CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

2/6/2025

Russia Uses Messaging Apps to Recruit Terrorists, Ukraine’s Police Says

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

Federal Judge Tightens DOGE Leash Over Critical Treasury Payment System Access

Krebs: Experts Flag Security, Privacy Risks in DeepSeek AI App

DeepSeek iOS App Sends Data Unencrypted to ByteDance-Controlled Servers

Spyware Firm Paragon Solutions Cuts Italy Access After Alleged Targeting of Activists

Semgrep Raises $100 Million to Develop Bug-Hunting Software

New UK Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks

Europol Cracks Down on Global Child Abuse Network “The Com”

Lawsuit Against Automatic License Plate Reader Cameras Can Move Forward, Judge Says
British Engineering Firm IMI Discloses Breach, Shares No Details

Data Breach at Bankers Cooperative Group (NJ) Impacts Employees of 21 Companies

DDoS Attacks Reportedly Behind DayZ and Arma Network Outages

Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

Hackers Exploit SimpleHelp RMM Flaws to Deploy Sliver Malware

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

Microsoft Says Attackers Use Exposed ASP.NET Keys to Deploy Malware

WordPress ASE Plugin Vulnerability Threatens Site Security

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Critical RCE Bug in Microsoft Outlook Now Exploited in Attacks

New Microsoft Script Updates Windows Media With Bootkit Malware Fixes

2/5/2025

Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign

iOS App Store Apps With Screenshot-Reading Malware Found for the First Time

Despite Catastrophic Hacks, Ransomware Payments Dropped Dramatically Last Year

Following Law Enforcement Disruptions

As Victims Refused to Pay Hackers

Cybercriminals Eye DeepSeek, Alibaba LLMs for Malware Development

Robocallers Posing as FCC Fraud Prevention Team Call FCC Staff

Hackers Spoof Microsoft ADFS Login Pages to Steal Credentials

Spain Arrests Suspected Hacker of U.S. and Spanish Military Agencies

Google Says Commercial Quantum Computing Applications Arriving Within Five Years

NSA Employees Offered Deferred Resignation, Early Retirement

DOGE Latest: Citrix Supremo Has ‘Read-Only’ Access to U.S. Treasury Payment System
Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank

Mobile Malware Targeting Indian Banks Exposes 50,000 Users

Thousands of McKinney, TX Residents Impacted by October Data Breach

KraftCPAs (TN) Experiences Apparent Cyberattack Leading to Data Breach

Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks

Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

Researchers Warn of Risks Tied to Abandoned Cloud Storage Buckets

Thailand Cuts Power Supply to Myanmar Scam Hubs

2/4/2025

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

Chinese Cyberspies Use New SSH Backdoor in Network Device Hacks

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

Cyberattack on NHS Causes Hospitals to Miss Cancer Care Targets

Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden

Krebs: Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

California Man Steals $50 Million Using Fake Investment Sites, Gets 7 Years

DeepSeek’s Breakthrough Emboldens Open-Source AI Models Like Meta’s Llama

Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks

Cyber Agencies Share Security Guidance for Network Edge Devices
Grubhub Security Breach Compromises Customer and Driver Data

Russian Cyber Research Companies Post Alerts About Infostealer, Industrial Threats

DaggerFly-Linked Linux Malware Targets Network Appliances

Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

Microsoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power Platform

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Netgear Warns Users to Patch Critical WiFi Router Vulnerabilities

Zyxel Won’t Patch Newly Exploited Flaws in End-Of-Life Routers

2/3/2025

Russian Hackers Suspected of Compromising British PM’s Personal Email Account

High-profile X Accounts Targeted in Phishing Campaign

DeepSeek AI Tools Impersonated by Infostealer Malware on PyPi

768 CVEs Exploited in the Wild in 2024

Ransomware Groups Weathered Raids, Profited in 2024

Canadian Charged With Stealing $65 Million Using DeFi Crypto Exploits

TSA’s Airport Facial-Recog Tech Faces Audit Probe

Sweden Releases Suspected Ship, Says Cable Break ‘Clearly’ Not Sabotage
Casio UK Online Store Hacked to Steal Customer Credit Cards

Yazoo Valley Electric Power Association (MS) Warns 20,000 Residents of Data Breach

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

Google Fixes Android Kernel Zero-Day Exploited in Attacks

Amazon Redshift Gets New Default Settings to Prevent Data Breaches

Proactive Vulnerability Management for Engineering Success

1/31-2/2/2025

Backdoor Found in Two Healthcare Patient Monitors, Linked to IP in China

Musk Aides Lock Workers Out of OPM Computer Systems

CISA Employees Told They Are Exempt From Federal Worker Resignation Program

WhatsApp Disrupts Spyware Campaign Targeting Journalists

Krebs: FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Gilmore Girls Fans Nabbed as Eurocops Dismantle Two Major Cybercrime Forums: Nulled & Cracked

Former Polish Justice Minister Arrested in Sprawling Spyware Probe

KuCoin to Pay Nearly $300 Million in Penalties After Guilty Plea

DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot
Tata Technologies Hit by Ransomware Attack

Community Health Center (CT) Data Breach Impacts 1 Million Patients

Globe Life Data Breach May Impact an Additional 850,000 Clients

Mizuno USA Says Hackers Stayed in Its Network for Two Months

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

Hackers Use Fake Wedding Invitations to Spread Android Malware in Southeast Asia

Threat Actors Target Public-Facing Apps for Initial Access

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

PyPi Adds Project Archiving System to Stop Malicious Updates

Chinese AI App DeepSeek Was Downloaded by Millions. Deleting It Might Come Next

1/30/2025

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Time Bandit ChatGPT Jailbreak Bypasses Safeguards on Sensitive Topics

Google Blocked 2.36 Million Risky Android Apps From Play Store in 2024

Krebs: Infrastructure Laundering: Blending in with the Cloud

U.S. FDA Identifies Cybersecurity Risks in Certain Patient Monitors

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

Gabbard Grilled Over Snowden Comments During Senate Confirmation Hearing
Ransomware Attack Disrupts Blood Donation Services in U.S.

AngelSense Exposed Location Data and Personal Information of Tracked Users

Cybersecurity Event at Benefits Management Group (IL) Results in Data Breach

Solana Pump.Fun Tool DogWifTool cCompromised to Drain Wallets

Syncjacking Attack Enables Full Browser and Device Takeover

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

States With Laws Requiring Data Brokers to Register Are Ramping up Enforcement

1/29/2025

Poland Accuses Russia of Recruiting Polish Citizens Online for Election Meddling

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

Google Will Now Automatically Revoke Permissions From Harmful Android Apps

Exposed DeepSeek Database Revealed Chat Prompts and Internal Data

DeepSeek Leveraged U.S. Chips, ‘Stolen’ Technology, Trump’s Commerce Secretary Pick Says

Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks

Italian Regulator Asks DeepSeek for Information About Data Collection

Nation-State Hackers Abuse Gemini AI Tool

The Trial at the Tip of the Terrorgram Iceberg

FBI Seizes Cracked.io, Nulled.to Hacking Forums in Operation Talent
Threat Actors Exploit Government Websites for Phishing

How Interlock Ransomware Infects Healthcare Organizations

South Africa’s Government-Run Weather Service Knocked Offline by Cyberattack

Frederick Health (MD) Network Forced to Shut down It Systems After Ransomware Attack

Albany Gastroenterology Associates (NY) Files Notice of Data Breach Following Unauthorized Access to Computer Network

Laravel Admin Package Voyager Vulnerable to One-Click Rce Flaw

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

Sectigo Buys Entrust’s Public Certificate Business

1/28/2025

Krebs: A Tumultuous Week for Federal Cybersecurity Efforts

DeepSeek’s Popular AI App Is Explicitly Sending U.S. Data to China

Apple Researchers Reveal the Secret Sauce Behind DeepSeek AI

Scammers Are Creating Fake News Videos to Blackmail Victims

AI Haters Build Tarpits to Trap and Trick AI Scrapers That Ignore robots.txt

Microsoft Tests Edge Scareware Blocker to Block Tech Support Scams

Google Play Will Now Verify VPNs That Prioritize Privacy and Safety

British Vishing-as-a-Service Trio Sentenced

Prosecutors Say They Can’t Obtain Murder Conviction After Judge Throws Out Evidence From Facial Recognition Match

58% of Ransomware Victims Forced to Shut Down Operations

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?
UK Engineering Firm Smiths Group Hit by Cyber Attack

Texas Utility Firm CenterPoint Energy Investigating Potential Leak of Customer Data Tied to 2023 MOVEit Breach

API Supply Chain Attacks Put Millions of Airline Users at Risk

PowerSchool Starts Sending Breach Notifications, but There Are Still Questions Left to Answer

ENGlobal Cyber-Attack Exposes Sensitive Data

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program

Hellcat: Baguette Bandits Strike Again With Ransomware and a Side of Mockery

Hackers Exploiting Flaws in SimpleHelp RMM to Breach Networks

New Apple CPU Side-Channel Attacks Steal Data From Browsers

Signal Will Let You Sync Old Messages When Linking New Devices

1/27/2025

Silicon Valley Is Raving About a Made-in-China DeepSeek AI Model

China’s DeepSeek AI App Sends U.S. Tech Stocks Reeling

DeepSeek’s Top-Ranked AI App Is Restricting Sign-Ups Due to ‘Malicious Attacks’

Hackers Hijack Emergency Sirens in Kindergartens Across Israel

Ukraine Denies Involvement in Cyberattack Against Slovakia

Sweden Seizes Cargo Ship After Another Undersea Cable Hit in Suspected Sabotage

EU Sanctions Russian GRU Hackers for Cyberattacks Against Estonia

MGM Agrees to Pay $45 Million to Settle Data-Breach Lawsuit

Brazil Bans Iris Scan Company Co-Founded by Sam Altman From Paying Citizens for Biometric Data

Democrat Members of U.S. Surveillance Watchdog Fired After Refusing to Resign
Matagorda County (TX) Issues Disaster Declaration Following Cyberattack

Universal Lenders (IL) Sends Data Breach Letters to 19,575 Individuals

Hidden Text Salting Disrupts Brand Name Detection Systems

New Phishing Campaign Targets Mobile Devices with Malicious PDFs

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Clone2Leak: GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs

Apple Fixes This Year’s First Actively Exploited Zero-Day Bug

CISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-Attacks

Bitwarden Makes It Harder to Hack Password Vaults Without MFA

Microsoft Teams Phishing Attack Alerts Coming to Everyone Next Month

1/24-26/2025

Cyber Diplomacy Funding Halted as U.S. Issues Broad Freeze on Foreign Aid

Kristi Noem Confirmed by U.S. Senate as Trump’s Homeland Secretary

UK to Examine Undersea Cable Vulnerability as Russian Spy Ship Spotted in British Waters

UnitedHealth Estimates Change Healthcare Hack Impacted About 190 Million People

Russian Scammers Target Crypto Influencers with Infostealers

Hacker Infects 18,000 “Script Kiddies” With Fake Malware Builder

Can’t Download TikTok? How About a Used iPhone for $3,000

U.S. Privacy Snags a Win as Judge Limits Warrantless FBI Searches

Hackers Get $886,250 For 49 Zero-Days at Pwn2Own Automotive 2025
TalkTalk Investigates Breach After Data for Sale on Hacking Forum

At Least $69 Million Stolen From Crypto Platform Phemex in Suspected Cyberattack

Game Developer Big Cheese Studio Targeted in Cyber Attack, PAP Reports

Ransomware Gang Uses SSH Tunnels for Stealthy VMware ESXi Access

Hackers Use Windows RID Hijacking to Create Hidden Admin Account

Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

Microsoft: Outdated Exchange Servers Fail to Auto-Mitigate Security Bugs

Zyxel Warns of Bad Signature Update Causing Firewall Boot Loops

1/23/2025

Hackers Imitate Kremlin-Linked Group to Target Russian Entities

FBI: North Korean IT Workers Steal Source Code to Extort Employers

DOJ Indicts Two Americans for Running Laptop Farm Used in North Korea IT Worker Scam

Google Is Giving IT More Control Over Your Chrome Extensions

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing

Hundreds of Fake Reddit Sites Push Lumma Stealer Malware

Bookmakers Ramp Up Efforts to Combat Arbitrage Betting Fraud

PayPal Fined by New York for Cybersecurity Failures

Texas Probes Four More Car Companies Over How They Collect and Sell Consumer Data

LinkedIn Sued for Allegedly Training AI Models With Private Messages Without Consent

Tesla EV Charger Hacked Twice on Second Day of Pwn2Own Tokyo

CISA: Hackers Still Exploiting Older Ivanti Bugs to Breach Networks

CISOs Dramatically Increase Boardroom Influence but Still Lack Soft Skills

New Android Identity Check Locks Settings Outside Trusted Locations
FortiGate Config Leaks: Victims’ Email Addresses Published Online

RansomHub Lays Claim on American Standard, Grohe Breaches

PFS Investments Inc. (GA) Files Notice of Recent Data Breach Leaking Confidential Information

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

Critical Zero-Days Impact Premium WordPress Real Estate Plugins

QNAP Fixes Six Rsync Vulnerabilities in NAS Backup, Recovery App

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Cisco Fixes Critical 9.9-Rated, Make-Me-Admin Bug in Meeting Management

The Security Risk of Rampant Shadow AI

1/22/2025

Iran and Russia Deepen Cyber Ties With New Agreement

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

Trump Admin Tells All Democrats on Intelligence Oversight Board to Resign

Krebs: MasterCard DNS Error Went Unnoticed for Years

What PowerSchool Isn’t Saying About Its ‘Massive’ Student Data Breach

PowerSchool Hacker Claims They Stole Data of 62 Million Students

Cloudflare CDN Flaw Leaks User Location Data, Even Through Secure Chat Apps

Major Cybersecurity Vendors’ Credentials Found on Dark Web

BreachForums Admin to Be Resentenced After Appeals Court Slams Supervised Release

Israeli Private Eye Wanted in U.S. Over Alleged Hacking for Exxon Lobbyist, Lawyer Says

Trump Frees Silk Road Creator Ross Ulbricht After 11 Years in Prison
Conduent Confirms Cybersecurity Incident Behind Recent Outage

Octagon (CT) Sends Round of Data Breach Letters Following Recent Cybersecurity Incident

PlushDaemon APT Targeted South Korean VPN Software

Telegram CAPTCHA Tricks You Into Running Malicious Powershell Scripts

Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures

IPany VPN Breached in Supply-Chain Attack to Push Custom Malware

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Cisco Warns of Denial of Service Flaw With PoC Exploit Code

Microsoft Issues Out-Of-Band Fix for Windows Server 2022 NUMA Glitch

Hackers Exploit 16 Zero-Days on First Day of Pwn2Own Automotive 2025

Why CISOs Must Think Clearly Amid Regulatory Chaos

1/21/2025

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

Fake Homebrew Google Ads Target Mac Users With Malware

Quad Foreign Ministers Meet in Washington in Signal of Trump’s China Focus

TSA Chief Behind Cyber Directives for Aviation, Pipelines and Rail Ousted by Trump Team

U.S. Department of Homeland Security Firing All Advisory Committee Members, Letter Says

UK’s New Digital IDs Raise Security and Privacy Fears

Disciplinary and Special Ed Records of Toronto Students May Have Leaked in PowerSchool Breach

Cloudflare Mitigated a Record-Breaking 5.6 Tbps DDoS Attack
Russian Telecom Giant Rostelecom Investigates Suspected Cyberattack on Contractor

Govtech Giant Conduent Won’t Rule Out Cyberattack as Outage Drags On

IntraSystems Data Breach Hits Home Care Patients at Allegheny Health Network

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers

Oracle To Address 320 Vulnerabilities in January Patch Update

7-Zip Fixes Bug That Bypasses Windows MoTW Security Warnings, Patch Now

Patch Procrastination Leaves 50,000 Fortinet Firewalls Vulnerable to Zero-Day

1/17-20/2025

Ukraine’s State Registers Restored Following Cyber-Attack

Indian APT Group DONOT Misuses App for Intelligence Gathering

U.S. Treasury Department Imposes Sanctions on Chinese Company Over Salt Typhoon Hack

FCC Orders Telecoms to Secure Their Networks After Salt Tyhpoon Hacks

Trump Revokes Biden Executive Order on Addressing AI Risks

Homeland Security Nominee Kristi Noem Bashes CISA, Says Agency Must Be ‘Smaller, More Nimble’

Tough New EU Cyber Rules Require Banks to Ramp up Security — But Many Aren’t Ready

TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025

How to Get around the U.S. TikTok Ban

TikTok Restores Service for U.S. Users Based on Trump’s Promised Executive Order

Canadian IT Company OpenText Corporation Added to Moscow’s List of ‘Undesirable’ Organizations

Former CIA Analyst Pleads Guilty to Sharing Top Secret Files

Philippines Arrests Chinese National Suspected of Spying on Critical Infrastructure
Costa Rica Refinery Cyberattack Was First Deployment for New U.S. Response Program, Ambassador Says

Data on Half a Million Hotel Guests Exposed After Otelier Breach

HPE Launches Investigation After Hacker Claims Data Breach

Medusa Ransomware Group Claims Attack on UK’s Gateshead Council

LifeBridge Health (MD) Posts Notice of 2024 Data Breach Affecting Patient SSNs and Medical Info

Edw. C. Levy Co. (MI) Announces Data Breach Following Ransomware Attack

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation

Malicious PyPi Package Steals Discord Auth Tokens From Devs

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Strategic Approaches to Threat Detection, Investigation & Response

FTC Orders GM to Stop Collecting and Selling Driver’s Data

FTC Cracks Down on Genshin Impact Gacha Loot Box Practices

1/16/2025

Biden’s Cyber Ambassador Urges Trump Not to Cede Ground to Russia and China in Global Tech Fight

Krebs: Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting

Biden Issues 11th-Hour Cyber Executive Order

Trump’s Truth Social Users Targeted by Rampant Scams Online

GitHub’s Deepfake Porn Crackdown Still Isn’t Working

Middle Eastern Real Estate Fraud Grows with Online Listings

Enzo Biochem Settles Lawsuit Over 2023 Ransomware Attack for $7.5m

GDPR Complaints Filed Against TikTok, Temu for Sending User Data to China

U.S. Cracks Down on North Korean IT Worker Army With More Sanctions

Microsoft Expands Testing of Windows 11 Admin Protection Feature
Wolf Haldenstein Law Firm Says 3.5 Million Impacted by Data Breach

Carruth Compliance Consulting (OR) Sends Out Data Breach Letters Following December 2024 Cyberattack

Clop Ransomware Gang Names Dozens of Victims Hit by Cleo Mass-Hack, but Several Firms Dispute Breaches

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

W3 Total Cache Plugin Flaw Exposes 1 Million WordPress Sites to Attacks

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

1/15/2025

Russian Espionage and Financial Theft Campaigns Have Ramped Up, Ukraine Cyber Agency Says

China’s Salt Typhoon Spies Spotted on U.S. Gov’t Networks Before Telcos, CISA Boss Says

North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains

Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99

UN Security Council Members Meet on Spyware for First Time

No New Funding in EU Plan to Tackle Ransomware Attacks Against Hospitals

Section 702 Surveillance Powers Remain ‘Indispensable,’ CIA Pick Ratcliffe Says

Federal Court Orders Massive Return of $9.3b in Bitcoin Stolen From Bitfinex in 2016 Hack

FTC Cracks Down on GoDaddy for Cybersecurity Failings

From Gmail to Word, Your Privacy Settings and AI Are Entering Into a New Relationship

DJI Loosens Flight Restrictions, Decides to Trust Operators to Follow FAA Rules

CISA Shares Guidance for Microsoft Expanded Logging Capabilities
Suspected Ukrainian Hackers Impersonating Russian Ministries to Spy on Industry

UnitedHealth Hid Its Change Healthcare Data Breach Notice for Months

Label Giant Avery Says Website Hacked to Steal Credit Cards

University of Oklahoma Isolates Systems After ‘Unusual Activity’ on IT Network

E-Benefit Solution Notifies Consumers of Recent Data Breach

EncompassCare (OH) Files Notice of Data Breach Affecting Consumers’ Social Security Numbers

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

MikroTik Botnet Uses Misconfigured SPF DNS Records to Spread Malware

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

SAP Fixes Critical Vulnerabilities in NetWeaver Application Servers

Microsoft: Happy 2025. Here’s 161 Security Updates (Krebs)

1/14/2025

North Korea Linked to Crypto Heists of Over $650 Million in 2024 Alone

U.S. Issues Final Rule Barring Chinese, Russian Connected Car Tech

Hegseth Says Debate Over Cyber Command, NSA Leadership Would Reach ‘Conclusion’

FBI Hacked Thousands of Computers to Make PlugX Malware Used by China Uninstall Itself

Biden Opens Federal Land for AI Data Centers, Sets Rules for Developers

The UK Wants to Do Its ‘Own Thing’ on AI Regulation, Suggesting a Divergence From U.S. And EU

UK Floats Ransomware Payout Ban for Public Sector

Wyze Cameras Will Use AI to Describe What They See

The ‘Largest Illicit Online Marketplace’ Ever Huione Guarantee Is Growing at an Alarming Rate, Report Says

Asset Manager Ashford Settles SEC Allegations It Failed to Disclose Extent of Hack
Russia’s Largest Platform for State Procurement Hit by Cyberattack From Pro-Ukraine Group

Connecticut City of West Haven Assessing Impact of Cyberattack

Tennessee-Based Mortgage Lender Confirms December Cyberattack

WP3.XYZ Malware Attacks Add Rogue Admins to 5,000+ WordPress Sites

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

Hackers Use FastHTTP in New High-Speed Microsoft 365 Password Attacks

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

Microsoft January 2025 Patch Tuesday Fixes 8 Zero-Days, 159 Flaws

Snyk Appears to Deploy ‘Malicious’ Packages Targeting Cursor for Unknown Reason

New Startups Focus on Deepfakes, Data-in-Motion & Model Security

1/13/2025

Russian Malware Campaign Hits Kazakhstan and Central Asian Diplomatic Files

Turks and Caicos Recovering From Pre-Christmas Ransomware Attack

CISA Orders Agencies to Patch BeyondTrust Bug Exploited in Attacks

Poland Uncovers Russia-Linked Disinformation Campaign Targeting Upcoming Presidential Election

Rep. Don Bacon on Cyber Deterrence: ‘Speak Softly and Carry a Big-@$$ Stick’

Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems

The Criminal Question in the Coming Wave of Pro-Crypto Legislation

Inside the Black Box of Predictive Travel Surveillance

Texas Sues Allstate, Alleging It Violated Data Privacy Rights of 45 Million Americans

WEF Warns of Growing Cyber Inequity Amid Escalating Complexities in Cyberspace
A Breach of Gravy Analytics’ Huge Trove of Location Data Threatens the Privacy of Millions

UK Domain Registry Nominet Confirms Breach via Ivanti Zero-Day

Cyberattack Forces Eindhoven University of Technology to Cancel Lectures

HCF Management (OH) Sends Data Breach Letters to Victims Following September 2024 Cyberattack

OneBlood Confirms Personal Data Stolen in July Ransomware Attack

Stolen Path of Exile 2 Admin Account Used to Hack Player Accounts

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Ransomware Abuses Amazon AWS Feature to Encrypt S3 Buckets

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

Microsoft: macOS Bug Lets Hackers Install Malicious Kernel Drivers

Microsoft 365 MFA Outage Fixed

1/10-12/2025

As China Hacking Threat Builds, Biden to Order Tougher Cybersecurity Standards

Silk Typhoon Treasury Hackers Also Breached Us Foreign Investments Review Office

Chinese Cyber-Spies Peek Over Shoulder of Officials Probing Real-Estate Deals Near American Military Bases

Phishing Texts Trick Apple iMessage Users Into Disabling Protection

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation

Pastor Who Saw Crypto Project in His “Dream” Indicted for Fraud

New York Sues to Recover $2 Million in Crypto Stolen in Remote Job Scams

DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering

NSO Ruling Is a Victory for WhatsApp, but Could Have a Small Impact on Spyware Industry
Slovakia Hit by Historic Cyber-Attack on Land Registry

STIIIZY Data Breach Exposes Cannabis Buyers’ IDs and Purchases

Telefónica Confirms Internal Ticketing System Breach After Data Leak

The North Los Angeles County Regional Center Files Notice of Data Breach Following Apparent Ransomware Attack

Laramie County (WY) Library System Hit by Cyberattack

AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

Fake PoC Exploit Targets Security Researchers with Infostealer

New Web3 Attack Exploits Transaction Simulations to Steal Crypto

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices

Docker Desktop Blocked on Macs Due to False Malware Alert

Scammers File First — Get Your IRS Identity Protection PIN Now

1/9/2025

Japan Faces Prolonged Cyber-Attacks Linked to China’s MirrorFace

Ivanti Zero-Day Attacks Infected Devices With Custom Chinese Malware

U.S. Treasury Hack Linked to Silk Typhoon Chinese State Hackers

How the U.S. TikTok Ban Would Actually Work

Google Messages Takes a Step Towards Secure Messaging Across Apps and Platforms (APK Teardown)

Apple Says Siri Isn’t Sending Your Conversations to Advertisers

EU Commission Liable for Breaching EU’s Own Data Protection Rules

New AI Challenges Will Test CISOs & Their Teams in 2025
Hackers Claim Massive Breach Gravy Analytics, the Parent Company of Location Data Giant Venntel, Threaten to Leak Data

Hackers Claim to Breach Russian State Agency Rosreestr Managing Property, Land Records

Largest U.S. Addiction Treatment Provider ​BayMark Health Services Notifies Patients of Data Breach

PowerSchool Says Hackers Stole Students’ Sensitive Data, Including Social Security Numbers, in Data Breach

Some Winston-Salem (NC) City Services Knocked Offline by Cyberattack

Fake CrowdStrike Job Offer Emails Target Devs With Crypto Miners

New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption

1/8/2025

Cyber Command Overhaul Gets Austin’s Approval, but Plan Faces Uncertain Future

Pall Mall Process to Tackle Commercial Hacking Proliferation Raises More Concerns Than Solutions

Russian ISP Confirms Ukrainian Hackers “Destroyed” Its Network

TikTok’s Fate Divides Trump and Fellow Republicans as Supreme Court Action Looms

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Fake Government Officials Use Remote Access Tools for Card Fraud

Scammers Exploit Microsoft 365 to Target PayPal Users

Krebs: A Day in the Life of a Prolific Voice Phishing Crew
PowerSchool Hack Exposes Student, Teacher Data From K-12 Districts

Medical Billing Firm Medusind Discloses Breach Affecting 360,000 People

Pediatric Home Service (MN) Files Official Notice of Data Breach

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Hackers Exploit KerioControl Firewall Flaw to Steal Admin CSRF Tokens

Unpatched Critical Flaws Impact Fancy Product Designer WordPress Plugin

Ivanti Warns of New Connect Secure Flaw Used in Zero-Day Attacks

SonicWall Urges Admins to Patch Exploitable SSLVPN Bug Immediately

1/7/2025

‘We Have to Prioritize Cybersecurity’ Within Federal Budgets, Outgoing Cyber Czar Says

Cybercriminals Don’t Care About National Cyber Policy

Phishing Click Rates Triple in 2024

Finland Finds Russian ‘Spy’ Ship Anchor as Subsea Cable Company Demands Ship’s Seizure for Compensation

Former NSA Cyber Chief Joins Venture Firm DataTribe

U.S. Adds Web and Gaming Giant Tencent to List of Chinese Military Companies

U.S. Cyber Trust Mark Launches as the Energy Star of Smart Home Security

License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data

Telegram Hands Over Data on Thousands of Users to U.S. Law Enforcement

UK Government to Ban Creation of Explicit Deepfakes

Washington State Sues T-Mobile Over 2021 Data Breach Security Failures

Meta Ends Fact-Checking on Facebook, Instagram in Free-Speech Pitch
Turbulence at UN Aviation Agency as Probe Into Potential Data Theft Begins

Pittsburgh Regional Transit Employees’, Applicants’ Personal Information Stolen During Ransomware Attack

Green Bay Packers’ Online Store Hacked to Steal Credit Cards

Casio Says Data of 8,500 People Exposed in October Ransomware Attack

Walker County Schools (GA) Alerting Parents, Educators of Student Information System Data Breach

Dragonfly Health (AZ) Files Notice of Data Breach with Federal Regulators

Hyperice (CA) Sends Data Breach Letters Following June 2024 Cyberattack

Teton Orthopaedics (WY) Sends Out Data Breach Letters Following Ransomware Attack

New Mirai Botnet Targets Industrial Routers With Zero-Day Exploits

CISA Warns of Critical Oracle, Mitel Flaws Exploited in Attacks

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

1/6/2025

U.S. Cyber Watchdog Says No Indication Breach at Treasury Hit Other Federal Agencies

Chinese Hackers Double Cyber-Attacks on Taiwan

Eagerbee Backdoor Deployed Against Middle Eastern Gov’t Orgs, ISPs

Russia Blames Telecom Network Accident for Widespread Internet Outage

India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements

IoT’s Regulatory Reckoning Is Overdue

Pig Butchering (Romance Baiting) Victim Sues Banks for Allowing Scammers to Open Accounts
Hackers Reportedly Compromise Argentina’s Airport Security Payroll System

School Districts in Maine, Tennessee Respond to Holiday Cyberattacks

Pacific Pulmonary Medical Group (CA) October 2024 Announces Data Breach

New Infostealer Campaign Uses Discord Videogame Lure

Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages

New PhishWP Plugin Enables Sophisticated Payment Page Scams

Vulnerable Moxa Devices Expose Industrial Networks to Attacks

MediaTek Rings in the New Year With a Parade of Chipset Vulns

1/3-5/2025

How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons

U.S. Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks

Cyber Investors Expect More Mergers in 2025

Cybersecurity Firm Tenable’s CEO Amit Yoran Dies After Battle With Cancer

Crypto Boss Extradited to Face $40bn Fraud Charges

Cryptocurrency Wallet Drainers Stole $494 Million in 2024

Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations

Windows 10 Users Urged to Upgrade to Avoid “Security Fiasco”

Russia Orders Yandex to Scrub Maps and Images of Strategic Oil Refinery
Atos Group Denies Space Bears’ Ransomware Attack Claims

Lexington Diagnostic Center (KY) Announces Recent Data Breach Involving Sensitive Patient Information

Tycon Medical Systems (VA) Sends Data Breach Letters Following Cybersecurity Incident

New FireScam Android Data-Theft Malware Poses as Telegram Premium App

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

Bad Tenable Plugin Updates Take down Nessus Agents Worldwide

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

1/2/2025

Treasury’s Sanctions Office Hacked by Chinese Government, Officials Say

‘Office of Foreign Assets Control’

‘No Definitive Link’ Found Between New Orleans Attack and Las Vegas Cybertruck Explosion, FBI Says

Global Campaign Targets PlugX Malware with Innovative Portal

Tighter Regulations Proposed for Foreign IT in Drones Used in U.S.

Apple Offers to Settle ‘Snooping Siri’ Lawsuit for an Utterly Incredible $95M

Crypto Hacks, Scam Losses Reach $29M in December, Lowest in 2024
Japan’s Largest Mobile Carrier Says Cyberattack Disrupted Some Services

Hackers Leak Rhode Island Citizens’ Data on Dark Web

Crown Mortgage Company (IL) Sends Data Breach Letters Following Recent Cybersecurity Incident

Over 3 Million Mail Servers Without Encryption Exposed to Sniffing Attacks

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

12/31/2024-1/1/2025

What to Know about String of U.S. Hacks Blamed on China

U.S. Sanctions Russian & Iranian Groups Over AI-Generated Election Disinformation

Finland Identifies Seven Suspects Among Crew of Alleged Russian ‘Spy’ Tanker

Krebs: U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Hey, Maybe It’s Time to Delete Some Old Chat Histories

Over 3.1 Million Fake “Stars” on GitHub Projects Used to Boost Rankings
Indiana University Health Announces Data Breach Following Compromised Email Account

New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

New Details Reveal How Hackers Hijacked 35 Google Chrome Extensions

The Biggest Cybersecurity and Cyberattack Stories of 2024

These Were the Badly Handled Data Breaches of 2024

12/30/2024

China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says

AT&T and Verizon Say Networks Secure After Salt Typhoon Breach

Finland Seizes Suspected Russian Spy Ship and Questions Crew Following Cable Breaks

Germany Charges Three Suspected Russian Spies Accused of Surveilling Military Sites

Telegram Blocks Russian State Media Channels in Several EU Countries

Italian Websites Subjected to Pro-Russian DDoS Attack Campaign
U.S. Treasury Says Chinese Hackers Stole Documents in ‘Major Incident’

U.S. Treasury Department Breached Through Remote Support Platform

Atos Says Space Bears Ransomware Group Claims It Compromised a Database

In-Home Attendant Services (TX) Files Official Notice of Data Breach

Ransomware Is 35 Years Old and Now a Billion-Dollar Problem. Here’s How It Could Evolve

Happy 15th Anniversary, KrebsOnSecurity!

12/27-29/2024

White House: Salt Typhoon Hacks Possible Because Telecoms Lacked Basic Security Measures

U.S. Adds 9th Telcom to List of Companies Hacked by Chinese-Backed Salt Typhoon Cyberespionage

The U.S. Proposes Rules to Make Healthcare Data More Secure

Biden Administration Finalizes Rule to Block Sale of Americans’ Bulk Data to Adversaries

The Paper Passport Is Dying

CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration

Record-Breaking Ransoms and Breaches: A Timeline of Ransomware in 2024

How Cops Taking Down LockBit, ALPHV Led to RansomHub’s Meteoric Rise

It’s Only a Matter of Time Before LLMs Jump Start Supply-Chain Attacks
Hackers Steal ZAGG Customers’ Credit Cards in Third-Party Breach

Customer Data From 800,000 Electric Cars and Owners Exposed Online

Blue Yonder Says November Ransomware Attack Not Connected to Cleo Vulnerability

Hackers Hijacked Legitimate Chrome Extensions to Try to Steal Data

Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately

Too Much ‘Trust,’ Not Enough ‘Verify’

12/26/2024

Cyberattack on Ukraine’s State Registers Disrupts Marriage Registration, Real Estate Deals

A Weird Windows 11 Bug Won’t Let Some People Install Any Security Updates

The Worst Hacks of 2024

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

UN General Assembly Approves Cybercrime Treaty Despite Industry Backlash
Japan Airlines Systems Back to Normal After Cyberattack Delayed Flight

Nearly Half a Million People Had Data Stolen After Cyberattack on American Addiction Centers

New ‘OtterCookie’ Malware Used to Backdoor Devs in Fake Job Offers

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%

Apache Warns of Critical Flaws in MINA, HugeGraph, Traffic Control

12/24-25/2024

U.S. and Japan Blame North Korea for $308m DMM Bitcoin Crypto Heist

Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

European Space Agency’s Official Store Hacked to Steal Payment Cards

American Airlines Resumes Flights After Brief Grounding Ahead of Busy Christmas Travel

Former NSA Cyberspy’s Not-So-Secret Hobby: Hacking Christmas Lights

You Need to Create a Secret Password With Your Family

Major Biometric Data Farming Operation Uncovered

Inside Operation Destabilise: How a Ransomware Investigation Linked Russian Money Laundering and Street-Level Drug Dealing
Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks

Pittsburgh Regional Transit Attributes Recent Service Disruptions to Ransomware Attack

Colonial Surety Company (NJ) Announces Data Breach Stemming from May Cybersecurity Incident

Clop Ransomware Is Now Extorting 66 Cleo Data-Theft Victims

How Androxgh0st Rose From Mozi’s Ashes to Become ‘Most Prevalent Malware’

New Botnet Exploits Vulnerabilities in NVRs, TP-Link Routers

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

12/23/2024

Inside The Invisible Russia-Ukraine Battlefield

France Extends Olympics Security Measures to Christmas Market

Interpol Identifies Over 140 Human Traffickers in New Innovative Initiative

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

MFA: Shun This Basic Cybersecurity Tactic and Become a Target for Hackers

FTC Orders Marriott and Starwood to Implement Strict Data Security
Classified Fighter Jet Specs Leaked on War Thunder – Again

Alta Resources Corporation (WI) Provides Notice of Data Breach Affecting Over 37k People

Critical Vulns Found in WordPress Plugins WPLMS and VibeBP

Adobe Warns of Critical ColdFusion Bug with PoC Exploit Code

Apache Fixes Remote Code Execution Bypass in Tomcat Web Server

Non-Human Identities Gain Momentum, Requires Both Management & Security

12/20-22/2024

FAA Banning Drone Flights Over New Jersey, New York Sites

Ukraine’s State Registers Hit with One of Russia’s Largest Cyberattacks, Officials Say

Russia Security Threat Is Far Reaching, Italy’s Prime Minister Warns

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

North Korean Hackers Stole $1.3 Billion Worth of Crypto This Year

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Pegasus Spyware Maker NSO Group Is Liable for Attacks on 1,400 WhatsApp Users

Ransomware Attackers Target Industries with Low Downtime Tolerance

U.S. Unseals Complaint Against Russian-Israeli Accused of Working for LockBit

Romanian Netwalker Ransomware Affiliate Sentenced to 20 Years in Prison

Massive Live Sports Piracy Ring With 812 Million Yearly Visits Taken Offline

Three of the Biggest U.S. Banks Are Facing a Lawsuit for ‘Widespread Fraud’ on Zelle: Bank of America, JPMorgan Chase, and Wells Fargo

What Google’s Quantum Computing Breakthrough Willow Means for the Future of Bitcoin and Other Cryptos
Ascension: Health Data of 5.6 Million Stolen in Ransomware Attack

Duke Energy Reports Data Breach Potentially Impacting Over 8 Million Customers

PS Logistics Announces Data Breach Stemming from February 2024 Cyberattack

SRP Federal Credit Union (SC) Data Breach—240,000 Members Exposed in Attacked Claimed by Nitrogen Ransomware Group

Wood County (OH) Agencies Continue Investigating Ransomware Attack

Krispy Kreme Breach, Data Theft Claimed by Play Ransomware Gang

LockBit Admins Tease a New Ransomware Version: LockBit 4.0

New FlowerStorm Microsoft Phishing Service Fills Void Left by Rockstar2FA

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

How Not To Become A Botnet Victim: A Practical Guide For Everyone

Infosec Experts Divided on Ai’s Potential to Assist Red Teams

12/19/2024

UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

Krebs: Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

Lumen Technologies Launches Sale of Consumer Fiber Unit

U.S. Organizations Still Using Kaspersky Products Despite Ban

Four Smart Questions for Boards Overseeing Cybersecurity

U.S. Seeks Extradition of Alleged LockBit Ransomware Developer From Israel
Bugs in a Major McDonald’s India Delivery System Exposed Sensitive Customer Data

New Malware Can Kill Engineering Processes in ICS Environments

BadBox Malware Botnet Infects 192,000 Android Devices Despite Disruption

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

12/18/2024

U.S. Targets TP-Link With a Potential Ban on the Chinese Routers

U.S. Government Tells Officials, Politicians to Ditch Regular Calls and Texts

Chinese National Cyber Centre Says U.S. Hacks Stole Trade Secrets From Tech Firms

Congress Again Fails to Limit Scope of Spy Powers in New Defense Bill

Krebs: How to Lose a Crypto Fortune with Just One Bad Click

Phishing Attacks Double in 2024

Nigeria Cracks Down on Cryptocurrency Investment Fraud and Romance Scams

Raccoon Stealer Malware Operator Gets 5 Years in Prison After Guilty Plea

Dutch Regulator Fines Netflix $5 Million for Data Privacy Violations

Quantum AI Startup SandboxAQ Valued at $5.3 Bln After $300 Mln Fundraising
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

‘Bitter’ Cyberspies Target Defense Orgs With New MiyaRAT Malware

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

Brighton Jones Files Official Notice of Data Breach Following Email Phishing Attack

New Fake Ledger Data Breach Emails Try to Steal Crypto Wallets

A Lightweight App Comes With Some Heavy Consequences, Researchers Say

New Attacks Exploit VSCode Extensions and npm Packages

BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

Microsoft Won’t Let Customers Opt out of Passkey Push

Recorded Future CEO Applauds “Undesirable” Designation by Russia

12/17/2024

Intel Officials Warned Police That U.S. Cities Aren’t Ready for Hostile Drones

U.S. Unveils New National Cyber Incident Response Plan

Sophisticated TA397 Malware Targets Turkish Defense Sector

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

Stop Calling Online Scams ‘Pig Butchering,’ Interpol Warns

Drug Dealers Have Moved on to Social Media

Facebook Owner Meta Hit with 251 Million Euros in Fines for 2018 Data Breach

Coder Wrote a Bug So Bad Security Guards Wanted a Word When He Arrived at Work
Positive Behavior Supports Corporation Reports Data Breach Affecting Sensitive Client Information

Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

Cybercriminals Exploit Google Calendar to Spread Malicious Links

Over 25,000 SonicWall VPN Firewalls Exposed to Critical Flaws

Critical Security Hole in Apache Struts Under Exploit

CISA Orders Federal Agencies to Secure Microsoft 365 Tenants

12/16/2024

Trump Administration Wants to Go on Cyber Offensive Against China

Federal Money Is Helping States Overhaul Cybersecurity. What Happens if It Dries Up?

Russia Recruits Ukrainian Kids for Sabotage and Reconnaissance

Serbian Authorities Are Reportedly Hacking and Installing Spyware on Activists’ Phones: NoviSpy

YouTube Creators Targeted in Global Phishing Campaign

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

The Education Industry: Why Its Data Must Be Protected

Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets

Israeli Spyware Firm Paragon Acquired by U.S. Investment Group

BlackBerry Offloads Cylance for a Fraction of What It Paid in 2019

Kali Linux 2024.4 Released With 14 New Tools, Deprecates Some Features
Texas Tech University System Data Breach Impacts 1.4 Million Patients

ConnectOnCall Breach Exposes Health Data of Over 910,000 Patients

Hackers Orchestrate Cyberattack Against PIH Health, Claiming Massive Data Breach

Rhode Island Confirms Data Breach After Brain Cipher Ransomware Attack

Cicada3301 Ransomware Claims Attack on French Peugeot Dealership

Namibia’s State Telecom Provider Says Hackers Leaked Data After It Refused to Pay Ransom

FBI Spots HiatusRAT Malware Attacks Targeting Web Cameras, DVRs

DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Windows Kernel Bug Now Exploited in Attacks to Gain SYSTEM Privileges

12/13-15/2024

Winnti Hackers Target Other Threat Actors With New Glutton PHP Backdoor

Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

Ukraine Uncovers Russian Spy Network Recruiting Teens for Espionage

“Hazardous Drone Operation” Leads to Two Arrests in Boston

Game-Like ‘Task Scams’ Stole More Than $220 Million in Six Months

The Simple Math Behind Public Key Cryptography

Major Cloud Providers Could Get Key Role in AI Chip Access Outside the U.S., Sources Say

Peak Design Denies Snitching on Luigi Mangione

UnitedHealth’s Optum Left an AI Chatbot, Used by Employees to Ask Questions About Claims, Exposed to the Internet

UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts

Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

Russia Blocks Viber in Latest Attempt to Censor Communications
Rhode Island’s Online Benefits System Shuts Down After Cyberattack

SRP Federal Credit Union (SC) Says 240,000 Impacted by Recent Cyberattack

Auto Parts Giant LKQ Says Cyberattack Disrupted Canadian Business Unit

Japanese Game and Anime Publisher Kadokawa Reportedly Pays $3 Million Ransom to Russia-Linked Hackers

Young Life Announces Data Breach Affecting Employees and Volunteers

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

CISA Confirms Critical Cleo Bug Exploitation in Ransomware Attacks

Clop Ransomware Claims Responsibility for Cleo Data Theft Attacks

Akira and RansomHub Surge as Ransomware Claims Reach All-Time High

Citrix Shares Mitigations for Ongoing Netscaler Password Spray Attacks

CISA Warns Water Facilities to Secure HMI Systems Exposed Online

12/12/2024

Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States

North Korea’s Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years

U.S. Offers $5 Million for Info on North Korean IT Worker Farms

Telecoms Haven’t Notified Most Victims of Chinese Phone Data Hacking Campaign, Sources Say

Google Says Its Breakthrough Quantum Chip Can’t Break Modern Cryptography

Police Refer Westminster ‘Honeytrap’ to Prosecutors

Spain Busts Voice Phishing Ring for Defrauding 10,000 Bank Customers

Police Shuts Down Rydox Cybercrime Market, Arrests 3 Admins

Insurance Worker Sentenced After Illegally Accessing Claimants’ Data
Bitcoin ATM Firm Byte Federal Hacked via GitLab Flaw, 58K Users Exposed

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Remcos RAT Malware Evolves with New Techniques

New Stealthy Pumakit Linux Rootkit Malware Spotted in the Wild

New IOCONTROL Malware Used in Critical Infrastructure Attacks

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Security Flaws in WordPress Woffice Theme Prompts Urgent Update

Cleo Patches Critical Zero-Day Exploited in Data Theft Attacks

12/11/2024

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Secret Blizzard Targets Ukrainian Military with Custom Malware Kazuar Backdoor

The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come

Snowflake Pledges to Make MFA Mandatory

Krebs: How Cryptocurrency Turns to Cash in Russian Banks

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

South Korea Takes Down Fraudulent Online Trading Network Used to Extort $6.3M

Operation PowerOFF Takes Down DDoS Boosters
Krispy Kreme Security Hole Leads to Cyberattack, Frosting Orders

Lynx Ransomware Behind Electrica Energy Supplier Cyberattack

Sabre (TX) Sends Data Breach Letter to Employees Announcing Leaked SSNs and More

Sophisticated Scam Targets UAE Residents with Fake Police Fines

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

Microsoft Azure MFA Flaw Allowed Easy Access Bypass

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Krebs: Patch Tuesday, December 2024 Edition

12/10/2024

Wyden Proposes Bill to Secure U.S. Telecoms After Salt Typhoon Hacks

U.S. Sanctions Chinese Firm Sichuan Silence Information Technology Company Over Potentially Deadly Ransomware Attack

Nvidia Probed in China Over Possible Antimonopoly Violations

Chinese Hackers Use Visual Studio Code Tunnels for Remote Access

Poker Cheaters Allegedly Use Tiny Hidden Cameras to Spot Dealt Cards

New Jersey Mayors Pen Letter Demanding Action on Mysterious Drone Sightings

AI Safety Is Hard to Steer With Science in Flux, U.S. Official Says

Avast Antivirus Owner Gen Digital Acquires MoneyLion in $1 Bln Deal

FTC Distributes $72 Million in Fortnite Refunds From Epic Games

Next Congress Likely to Tussle Over Cyber Oversight
Nemesis and ShinyHunters Hackers Exploit AWS Misconfigurations in Massive Data Breach

Highgate Hotels Sends Out Data Breach Letters Following Cyberattack

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

New AppLite Malware Targets Banking Apps in Phishing Campaign

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

BadRAM: $10 Security Flaw in Amd Could Allow Hackers to Access Cloud Computing Secrets

WPForms Bug Allows Stripe Refunds on Millions of WordPress Sites

Ivanti Warns of Maximum Severity CSA Auth Bypass Vulnerability

Microsoft December 2024 Patch Tuesday Fixes 1 Exploited Zero-Day, 71 Flaws

12/9/2024

China’s Salt Typhoon Recorded Top American Officials’ Calls, Says White House

U.S. Agencies to Brief House on Chinese Salt Typhoon Telecom Hacking

Phishing Scam Targets Ukrainian Defense Companies

Radiant Links $50 Million Crypto Heist to North Korean Hackers

Police Arrest UHC CEO Shooting Suspect, App Developer Luigi Mangione

Cybercrime Gang Arrested After Turning Airbnbs Into Fraud Centers

Federal Appeals Court Upholds Law Threatening U.S. TikTok Ban

Proposal for Cyber Force Study Is Watered down in Final Defense Bill

The Case For and Against Creating a Military Cyber Force

Russia Disrupts Internet Access in Multiple Regions to Test ‘Sovereign Internet’
Romanian Energy Supplier Electrica Hit by Ransomware Attack

U.S. Subsidiaries of Japanese Water Treatment Company, Green Tea Maker Kurita Water Industries Hit with Ransomware

Ransomware Attack Hits Leading Heart Surgery Device Maker ​Artivion

Amergis Healthcare Staffing (MD) Reports Data Breach Stemming from Compromised Email Accounts

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

OpenWrt Sysupgrade Flaw Let Hackers Push Malicious Firmware Images

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Large-Scale Incidents & the Art of Vulnerability Prioritization

12/6-8/2024

FCC Chair Proposes Cybersecurity Rules in Response to China’s Salt Typhoon Telecom Hack

How Chinese Insiders Are Stealing Data Scooped up by President XI’s National Surveillance System

Romania Exposes TikTok Propaganda Campaign Supporting Pro-Russian Candidate

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

UK Cybersecurity Agency Unconcerned About Changes to Cisa Under Trump

Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ Data

QR Codes Bypass Browser Isolation for Malicious C2 Communication

The Weight-Loss Drug Boom Has Become One of the Internet’s Biggest Scams

Why SOC Roles Need to Evolve to Attract a New Generation
Pirated Corporate Software Infects Russian Businesses With Info-Stealing Malware

Deloitte Denies Breach, Claims Cyber-Attack Targeted Single Client

Anna Jaques Hospital (MA) Ransomware Breach Exposed Data of 300K Patients

Blue Yonder SaaS Giant Breached by Termite Ransomware Gang

Cardano Foundation X Account Hacked, Scam Links Posted, Then Removed

Ultralytics AI Model Hijacked to Infect Thousands With Cryptominer

More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

New Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch

12/5/2024

U.S. Phone Companies Could Face Fines for Weak Security Under a Proposed New Rule

Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

New Android Spyware Found on Phone Seized by Russian FSB

U.S. Arrests Scattered Spider Suspect Linked to Telecom Hacks

Nebraska Man Pleads Guilty to Dumb Cryptojacking Operation

Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

Texas Accuses Four Companies of Sharing Sensitive User Data Without Proper Notice and Consent

She Escaped an Abusive Marriage—Now She Helps Women Battle Cyber Harassment
Romania’s Election Systems Targeted in Over 85,000 Cyberattacks

Ransomware Hackers Target NHS Hospitals With New Cyberattacks

Major USAID Contractor Chemonics Says 263,000 Affected by 2023 Data Breach

Hoboken Government Recovering From Ransomware Attack as Conti-Linked Gang Takes Credit

PointClickCare Data Breach Affects Residents of Multiple Long-Term Care Facilities

ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

Pro-Russian Hacktivist Group ‘Noname’ Claims 6600 Attacks Targeting Europe

Mitel MiCollab Zero-Day Flaw Gets Proof-of-Concept Exploit

Vulnerability Management Challenges in IoT & OT Environments