Ethereum blockchain analytics firm Nansen asks a subset of its users to reset passwords following a recent data breach at its authentication provider. [...] | Continue reading
T-Mobile has denied suffering another data breach following Thursday night reports that a threat actor leaked a large database allegedly containing T-Mobile employees' data. [...] | Continue reading
Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers. [...] | Continue reading
A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream.' [...] | Continue reading
GitHub has made passkeys generally available across the platform today to secure accounts against phishing and allow passwordless logins for all users. [...] | Continue reading
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year. [...] | Continue reading
Microsoft will start rolling out its Copilot digital assistant to all customers next week, on September 26th, together with a host of new AI-powered capabilities as part of a new Windows 11 22H2 update. [...] | Continue reading
Pizza Hut Australia is sending data breach notifications to customers, warning that a cyberattack allowed hackers to access their personal information. [...] | Continue reading
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023. [...] | Continue reading
T-Mobile customers today were able to see other people's account and billing information after logging into the company's official mobile application. [...] | Continue reading
Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company's network. [...] | Continue reading
The developers of Free Download Manager (FDM) have published a script to check if a Linux device was infected through a recently reported supply chain attack. [...] | Continue reading
A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware. [...] | Continue reading
Data breaches and their investigations are becoming extremely costly for the enterprise. Learn from Outpost24 below about what your business can do to reduce these costs. [...] | Continue reading
Signal has announced that it upgraded its end-to-end communication protocol to use quantum-resistant encryption keys to protect users from future attacks. [...] | Continue reading
Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets. [...] | Continue reading
Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks. [...] | Continue reading
The International Criminal Court (ICC) disclosed a cyberattack on Tuesday after discovering last week that its systems had been breached. [...] | Continue reading
GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies. [...] | Continue reading
Microsoft said today that the Exchange Web Services (EWS) API for Exchange Online and Office 365 will be retired in approximately three years. [...] | Continue reading
New malware named HTTPSnoop and PipeSnoop are used in cyberattacks on telecommunication service providers in the Middle East, allowing threat actors to remotely execute commands on infected devices. [...] | Continue reading
The APT36 hacking group, aka 'Transparent Tribe,' has been observed using at least three Android apps that mimic YouTube to infect devices with their signature remote access trojan (RAT), 'CapraRAT.' [...] | Continue reading
Microsoft has released Windows Subsystem for Linux (WSL) 2.0.0 with a set of new opt-in experimental features, including a new network mode and automated memory and disk size cleanup. [...] | Continue reading
An estimated 12,000 Juniper SRX firewalls and EX switches are vulnerable to a fileless remote code execution flaw that attackers can exploit without authentication. [...] | Continue reading
Microsoft is finally rolling out support for layers and image transparency to the Paint image editor application 38 years after its launch. [...] | Continue reading
The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services. [...] | Continue reading
The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository. [...] | Continue reading
A Chinese espionage-focused hacker tracked as 'Earth Lusca' was observed targeting government agencies in multiple countries, using a new Linux backdoor dubbed 'SprySOCKS.' [...] | Continue reading
Passwords have long been used as the primary gatekeepers of digital security, yet they can also be a weak link in the chain. Learn more from Specops Software on how to find and secure compromised passwords. [...] | Continue reading
TikTok is flooded by a surge of fake cryptocurrency giveaways posted to the video-sharing platform, with almost all of the videos pretending to be themes based on Elon Musk, Tesla, or SpaceX. [...] | Continue reading
Google Chrome is set to enhance its user experience on the desktop by adding a "read aloud" function, currently available for testing in the Canary version. While its initial rollout might seem basic, it gets the job done. [...] | Continue reading
Microsoft's Edge browser, known for its innovative features, is now shedding one of its most applauded functions, Web Select. [...] | Continue reading
Telegram, the widely used messaging app, has unveiled an integrated crypto wallet feature, allowing users to effortlessly access their cryptocurrency holdings. [...] | Continue reading
The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage. [...] | Continue reading
This week's big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions. [...] | Continue reading
Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [...] | Continue reading
Google has announced the Auto Update Expiration (AUE) date will be extended from 5 years to 10 for all Chromebooks, guaranteeing a decade of monthly security updates. [...] | Continue reading
California's Attorney General announced today that Google will pay $93 million to settle a privacy lawsuit alleging it violated the U.S. state's consumer protection laws. [...] | Continue reading
Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is causing recent service outages that prevent trucking companies from managing their fleets. [...] | Continue reading
The Irish Data Protection Commission (DPC) has fined TikTok €345 million ($368 million) for violating the privacy of children between the ages of 13 and 17 while processing their data. [...] | Continue reading
Bing Chat, the famous ChatGPT-powered chatbot that allows users to converse with various personalities and topics has connectivity issues worldwide. [...] | Continue reading
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. [...] | Continue reading
The Auckland Transport (AT) transportation authority in New Zealand is dealing with a widespread outage caused by a cyber incident, impacting a wide range of customer services. [...] | Continue reading
Microsoft has added text recognition support to the latest Snipping Tool build, allowing users to select and copy text from screenshots. [...] | Continue reading
Caesars Entertainment, self-described as the largest U.S. casino chain with the most extensive loyalty program in the industry, says it paid a ransom to avoid the online leak of customer data stolen in a recent cyberattack. [...] | Continue reading
Microsoft says an Iranian-backed threat group has targeted thousands of organizations in the U.S. and worldwide in password spray attacks since February 2023. [...] | Continue reading
Security researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted '.theme' file. [...] | Continue reading
United Kingdom's Greater Manchester Police (GMP) said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier. [...] | Continue reading