OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries. [...] | Continue reading
Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February. [...] | Continue reading
The U.K.'s National Crime Agency (NCA) revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations. [...] | Continue reading
A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders. [...] | Continue reading
GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software development and version control service says, the private RSA key was only "briefly" exposed, but that it took action out of "an abund … | Continue reading
During the second day of Pwn2Own Vancouver 2023, competitors were awarded $475,000 after successfully exploiting 10 zero-days in multiple products. [...] | Continue reading
A new variant of the BlackGuard stealer has been spotted in the wild, featuring new capabilities like USB propagation, persistence mechanisms, loading additional payloads in memory, and targeting additional crypto wallets. [...] | Continue reading
Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of websites running the highly popular WooCommerce Payments for online stores. [...] | Continue reading
City of Toronto is among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree. Other victims listed alongside the Toronto city government include UK's Virgin Group and the statutory corporation, Pension Protection Fund. [...] | Continue reading
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. [...] | Continue reading
Microsoft announced that the new Windows 11 build rolling out to Insiders in the Canary channel comes with increased protection against phishing attacks and support for SHA-3 cryptographic hash functions. [...] | Continue reading
Microsoft is testing an updated version of the Windows 11 Snipping Tool that fixes a recently disclosed 'Acropalypse' privacy flaw that allows the partial restoration of cropped images. [...] | Continue reading
Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication (VBR) software. [...] | Continue reading
Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional overwriting of firewall rules to default to weaker settings. [...] | Continue reading
A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices. [...] | Continue reading
On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. [...] | Continue reading
A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans. [...] | Continue reading
Fresh produce giant Dole Food Company has confirmed that the information of an undisclosed number of employees was accessed during a February ransomware attack. [...] | Continue reading
Microsoft has released a new Windows 11 preview build that adds a new dedicated USB4 settings page and support for displaying seconds in the system tray clock. [...] | Continue reading
A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts. [...] | Continue reading
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails. [...] | Continue reading
Proof-of-concept exploits for vulnerabilities in Netgear's Orbi 750 series router and extender satellites have been released, with one flaw a critical severity remote command execution bug. [...] | Continue reading
Microsoft has released the optional KB5023773 Preview cumulative update for Windows 10 20H2, Windows 10 21H2, and Windows 10 22H2, with ten fixes for various issues. [...] | Continue reading
Microsoft says the KB5007651 Microsoft Defender Antivirus update triggers Windows Security warnings on Windows 11 systems saying that Local Security Authority (LSA) Protection is off. [...] | Continue reading
A severe privacy flaw named 'acropalypse' has also been found to affect the Windows Snipping Tool, allowing people to partially recover content that was edited out of an image. [...] | Continue reading
Security researchers have discovered attacks from an advanced threat actor that used "a previously unseen malicious framework" called CommonMagic and a new backdoor called PowerMagic. [...] | Continue reading
Mozilla has addressed a known issue causing the Firefox web browser to freeze on startup on Windows 11 systems after installing the KB5023706 March 2023 cumulative update. [...] | Continue reading
Microsoft today announced that optional non-security preview release updates would be released during the fourth week of the month starting in April 2023. [...] | Continue reading
Another ransomware operation, the LockBit gang, now threatens to leak what it describes as files stolen from the City of Oakland's systems. [...] | Continue reading
The notorious Breached hacking forum has shut down after the remaining administrator, Baphomet, disclosed that they believe law enforcement has access to the site's servers. [...] | Continue reading
Coinbase wallet and other decentralized crypto apps (dapps) were found to be vulnerable to "red pill attacks," a method that can be used to hide malicious smart contract behavior from security features. [...] | Continue reading
The Clop ransomware gang claims to have attacked Saks Fifth Avenue on its dark web leak site. Saks admits the incident is linked to the ongoing GoAnywhere MFT software exploits but states that no real customer data was stolen. [...] | Continue reading
Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company's IT systems. [...] | Continue reading
Windows 11 users report seeing widespread Windows Security warnings that Local Security Authority (LSA) Protection has been disabled even though it shows as being toggled on. [...] | Continue reading
Leading Bitcoin ATM maker General Bytes disclosed that hackers stole cryptocurrency from the company and its customers using a zero-day vulnerability in its BATM management platform. [...] | Continue reading
Threat actors are targeting and infecting .NET developers with cryptocurrency stealers delivered through the NuGet repository and impersonating multiple legitimate packages via typosquatting. [...] | Continue reading
File-sharing site Zippyshare has announced they are shutting down the site by the end of March 2023 after announcing they can no longer afford to keep the service running. [...] | Continue reading
Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022, most targeting Microsoft, Google, and Apple products. [...] | Continue reading
An 'Acropalypse' flaw in Google Pixel's Markup tool made it possible to partially recover edited or redacted screenshots and images, including those that have been cropped or had their contents masked, for the past five years. [...] | Continue reading
A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm with the potential for massive attacks. [...] | Continue reading
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. [...] | Continue reading
Microsoft says it will provide developers with a new API that also asks Windows users for permission when pinning their apps to the taskbar, desktop, or the Start Menu. [...] | Continue reading
U.S. law enforcement arrested on Wednesday a New York man believed to be Pompompurin, the owner of the BreachForums hacking forum. [...] | Continue reading
The fallout from the Clop ransomware attacks on GoAnywhere platforms has become apparent this week, with the threat actors starting to extort victims on their data leak site and companies confirming breaches. [...] | Continue reading
The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, "held" by a third-party newsletter service, was stolen. [...] | Continue reading
Microsoft is working on a non-custodial built-in Ethereum crypto wallet for Microsoft Edge to allow users to send and receive cryptocurrency and NFTs. [...] | Continue reading
Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability. [...] | Continue reading
Ukraine's cyberpolice has arrested the developer of a remote access trojan (RAT) malware that infected over 10,000 computers while posing as game applications. [...] | Continue reading