The Kodi Foundation has disclosed a data breach after hackers stole the organization's MyBB forum database containing user data and private messages and attempted to sell it online. [...] | Continue reading
VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack. [...] | Continue reading
Malware developers have created a thriving market promising to add malicious Android apps to Google Play for $2,000 to $20,000, depending on the type of malicious behavior cyber criminals request. [...] | Continue reading
Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. [...] | Continue reading
Microsoft is testing changes to how the print screen button works in Windows 11, causing it to open the Windows Snipping Tool rather than copying a screenshot to the clipboard. [...] | Continue reading
Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed number of individuals whose personal information was stolen in a January 13 ransomware attack. [...] | Continue reading
The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch two security vulnerabilities actively exploited in the wild to hack iPhones, Macs, and iPads. [...] | Continue reading
Belgian HR and payroll giant SD Worx has suffered a cyberattack causing them to shut down all IT systems for its UK and Ireland services. [...] | Continue reading
Microsoft PowerToys, a set of free utilities for Windows 10 users, has introduced a new feature allowing users to preview registry file contents before importing them. [...] | Continue reading
The Dutch government will adopt the RPKI (Resource Public Key Infrastructure) standard on all its systems before the end of 2024 to upgrade the security of its internet routing. [...] | Continue reading
A threat group called ARES is gaining notoriety on the cybercrime scene by selling and leaking databases stolen from corporations and public authorities. [...] | Continue reading
On Friday, five days into a massive outage impacting its cloud services, Western Digital finally provided customers with a workaround to access their files. [...] | Continue reading
Microsoft announced today that Client Access Rules (CARs) deprecation in Exchange Online will be delayed by one year until September 2024. [...] | Continue reading
On Friday, U.S. Cybersecurity and Infrastructure Security Agency (CISA) increased by five its list of security issues that threat actors have used in attacks, three of them in Veritas Backup Exec exploited to deploy ransomware. [...] | Continue reading
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. [...] | Continue reading
Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment. [...] | Continue reading
Following reports of a ransomware attack, Taiwanese PC vendor MSI (short for Micro-Star International) confirmed today that its network was breached in a cyberattack. [...] | Continue reading
An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor that researchers named Balad Injector. [...] | Continue reading
Microsoft Edge has become the first and only browser with an integrated AI image generator, allowing users to create images that do not exist yet, powered by the latest DALL∙E models from OpenAI. [...] | Continue reading
Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device. [...] | Continue reading
The UK's Criminal Records Office (ACRO) has finally confirmed, after weeks of delaying issuing a statement, that online portal issues experienced since January 17 resulted from what it described as a "cyber security incident." [...] | Continue reading
A new malware strain called Rilide has been targeting Chromium-based web browsers like Google Chrome, Brave, Opera, and Microsoft Edge, to monitor user browsing history, snap screenshots, and inject scripts that can steal cryptocurrency. [...] | Continue reading
Microsoft reminded customers today that multiple editions of Windows 10, version 21H2, will reach the end-of-service (EOS) in two months, on June 13, 2023. [...] | Continue reading
Microsoft, Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have announced a broad legal crackdown against servers hosting cracked copies of Cobalt Strike, one of the primary hacking tools used by cybercriminals. [...] | Continue reading
The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of the organization's operations. [...] | Continue reading
Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as "Money Message," which claims to have stolen source code from the company's network. [...] | Continue reading
Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to a larger audience or to recruit unpaid helpers. [...] | Continue reading
A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a thriving hub for buying and selling illegal services or stolen data. [...] | Continue reading
The developers of the Typhon info-stealer announced on a dark web forum that they have updated the malware to a major version they advertise as 'Typhon Reborn V2' [...] | Continue reading
Google has announced a new Google Play Store data deletion policy that will require Android developers to provide users with an online option to delete their accounts and in-app data. [...] | Continue reading
Microsoft announced today that the recently introduced Edge Workspaces feature, which allows users to share groups of tabs with friends and family, is now available as part of a limited public preview. [...] | Continue reading
Multiple vulnerabilities discovered Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs. [...] | Continue reading
Biometric authentication is often thought of as nearly impossible to steal or fake. Not only are there ways around biometric authentication, but not all biometric methods are created equal. [...] | Continue reading
The police in Spain have arrested José Luis Huertas (aka "Alcaseca", "Mango", "chimichuri"), a 19-year-old regarded as the most dangerous hackers in the country. [...] | Continue reading
HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers. [...] | Continue reading
The domains for Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were seized by law enforcement earlier this week as part of Operation Cookie Monster. [...] | Continue reading
Microsoft says Rockstar Games has addressed a known issue affecting its launcher, causing the Red Dead Redemption 2 (RRD2) game to no longer launch on some Windows 11 systems. [...] | Continue reading
An ALPHV/BlackCat ransomware affiliate was observed exploiting three vulnerabilities impacting the Veritas Backup product for initial access to the target network. [...] | Continue reading
Following a cyberattack on a U.S.-based company, malware researchers discovered what appears to be a new ransomware strain with "technically unique features," which they named Rorschach. [...] | Continue reading
eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware. [...] | Continue reading
The Cybersecurity and Infrastructure Security Agency (CISA) warned federal agencies to patch a Zimbra Collaboration (ZCS) cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries. [...] | Continue reading
Today, the U.S. Department of Justice seized six virtual currency accounts containing over $112 million in funds stolen in cryptocurrency investment schemes. [...] | Continue reading
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system. [...] | Continue reading
Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload. [...] | Continue reading
British outsourcing services provider Capita announced today that a cyberattack on Friday prevented access to its internal Microsoft Office 365 applications. [...] | Continue reading
Western Digital announced today that its network has been breached and an unauthorized party gained access to multiple company systems. [...] | Continue reading
A new ransomware gang named 'Money Message' has appeared, targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor. [...] | Continue reading
Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid. [...] | Continue reading