Category: Security

AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. […]

Read more →

Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. […]

Read more →

ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company’s e-commerce provider, BigCommerce. […]

Read more →

Volkswagen’s automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers’ names and reveal precise vehicle locations. […]

Read more →

A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. […]

Read more →

At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. […]

Read more →

The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. […]

Read more →

The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. […]

Read more →

Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. […]

Read more →

A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated U.S. hacking laws by using WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices. […]

Read more →

Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. […]

Read more →

A new Microsoft 365 phishing-as-a-service platform called “FlowerStorm” is growing in popularity, filling the void left behind by the sudden shutdown of the Rockstar2FA cybercrime service. […]

Read more →

The US Department of Justice has charged a Russian-Israeli dual-national for his suspected role in developing malware and managing the infrastructure for the notorious LockBit ransomware group. […]

Read more →

Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. […]

Read more →

The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. […]

Read more →

​The Alliance for Creativity and Entertainment (ACE) has taken down one of the world’s largest live sports streaming piracy rings, with over 821 million visits last year. […]

Read more →

​Daniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June. […]

Read more →

A malicious Android spyware application named ‘BMI CalculationVsn’ was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. […]

Read more →

uniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. […]

Read more →

Juniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. […]

Read more →

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. […]

Read more →

Privileged access management company BeyondTrust suffered a cyberattack in early December after threat actors breached some of its Remote Support SaaS instances. […]

Read more →

​​Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. […]

Read more →

The Russian hacking group tracked as APT29 (aka “Midnight Blizzard”) is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. […]

Read more →

The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. […]

Read more →

Security service edge (SSE) has emerged as a hot topic in the networking and security markets because it provides cloud-delivered security to protect access to websites and applications. This is key for the work-from-anywhere approach enterprises adopted during the pandemic and maintained as hybrid work became the norm. SSE is also a prevalent subject because…

Read more →

A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. […]

Read more →

​Recorded Future, an American threat intelligence company, has become the first cybersecurity firm designated by the Russian government as an “undesirable” organization. […]

Read more →

Interpol calls on the cybersecurity community, law enforcement, and the media to stop using the term “Pig Butchering” when referring to online relationship and investment scams, as it unnecessarily shames the victims impacted by these fraud campaigns. […]

Read more →

A cyberespionage threat group known as ‘Bitter’ was observed targeting defense organizations in Turkey using a novel malware family named MiyaRAT. […]

Read more →

Cybercrime is a relentless and evolving threat to organizations worldwide. However, with the right insights, we can significantly enhance our security, mitigate risks, and stay ahead of these criminals. FortiGuard Labs’ Cyberthreat Predictions for 2025 report is designed to provide exactly these insights. It identifies emerging threat trends for the coming year and offers actionable…

Read more →

Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. […]

Read more →

Organizations are often caught off-guard when a data breaches occurs, forcing them to quickly perform mass password resets Learn from Specops Software about some of the common mass password reset scenarios and the challenges you may face. […]

Read more →

The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. […]

Read more →

The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. […]

Read more →