Cyber - 2025-04-10 - MOR
##
Symantec Enterprise Blogs
View Articles
920 - Search - Threat Intelligence - All Divisions
921 - Search - Feature Stories - Symantec Enterprise
922 - Search - Expert Perspectives - Symantec Enterprise
923 - Search - One Booth at RSAC™ 2025 Conference Will Justify Your Whole Trip
924 - Search - Optimize Data Classification at Rest With These Easy Steps
925 - Search - The Evolution of App Control, A Carbon Black Legend
926 - Search - Breaking: Ransomware Has Been Eradicated
927 - Search - Encrypted, Secured and Battle-Tested: Lessons From a Decade in Encryption Trenches
928 - Search - Cloud C² — Command & Control
929 - Search - Essential, Elite and Red Team
930 - Search - Terms of Service & Policies
931 - Search - PAYLOAD AWARDSGet your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!
932 - Search - ADVANCED DUCKYSCRIPT COURSELearn directly from the creators! Unlock your creative potential with this comprehensive online course.
933 - Search - Threat ProtectionProofpoint Prime stops all human-centric threats for today’s and tomorrow’s landscape.
934 - Search - Defend DataTransform your information protection with a human-centric, omni-channel approach.
935 - Search - Combat Email and Cloud Threats
936 - Search - Comparing ProofpointEvaluating cybersecurity vendors? Check out our side-by-side comparisons.
937 - Search - Combat Data Loss and Insider Risk
938 - Search - English: Europe, Middle East, Africa
939 - Search - Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs
940 - Search - AI, Data Security, and CISO Shifts: Top Cybersecurity Trends to Watch in 2025
941 - Search - A Global Manufacturer’s Journey: Making the Switch from Abnormal Security to Proofpoint
942 - Search - Protect 2024: Proofpoint Sets New Standard for Human-Centric Security
943 - Search - EU lands 25% counter tariff punch on US, Trump pauses broad import levy hike – China exceptedWorld War FeeMiddle Kingdom gets 125%. So this is what it’s like living in reality TV
944 - Search - Microsoft resets ‘days since last Windows 11 problem’ counter to 0SenseShield the latest company to fall foul of 24H2
945 - Search - Microsoft puts $1B US datacenter builds on hold amid AI, tariff uncertaintyWorld War FeeCommitted $80B capex for DCs as recently as January. We wonder what changed?
946 - Search - Tech hiring stalls as AI hype, layoffs, tariffs, economic uncertainty, more collideAnd coming up next, Trump’s World War Fee
947 - Search - Staff at UK’s massive health service still have interoperability issues with electronic recordsGovernment plans to boost efficiency with IT need to get people onsidePublic Sector10 Apr 2025|1
948 - Search - Europol: Five pay-per-infect suspects cuffed, some spill secrets to copsOfficials teased more details to come later this yearCyber-crime10 Apr 2025|
949 - Search - Meta’s AI, built on ill-gotten content, can probably build a digital youLlama 4 Scout is just the right size to ingest a lifetime of Facebook and Insta postsAI + ML10 Apr 2025|2
950 - Search - The Regtranslates the letter in which Oracle kinda-sorta tells customers it was pwnedTL;DR: Move along, still nothing to see here - an idea that leaves infosec pros aghastCyber-crime10 Apr 2025|3
951 - Search - Fear of tariffs made the PC market great again in Q1 as vendors emptied factories to dodge price future hikesWorld War FeeExpected sales surge sparked by Windows 10 support ending could yet be trumped, analysts suggestPersonal Tech10 Apr 2025|4
952 - Search - Did someone say AI agents, Google asks, bursting inCloud NextCustomers aren’t sure, economy isn’t great, tech looks cute, thoughAI + ML10 Apr 2025|3
953 - Search - Google offers 7th-gen Ironwood TPUs for AI, with AI-inspired comparisonsCloud NextSure, we’re doing FP8 versus a supercomputer’s FP64. What of it?AI + ML10 Apr 2025|1
954 - Search - Trump kills clearances for infosec’s SentinelOne, ex-CISA boss Chris KrebsUpdatedAlleges cybersecurity agency was ‘weaponized’ to suppress debunked theoriesPublic Sector10 Apr 2025|22
955 - Search - Apple settles unfair labor charges brought by fired engineering managerWhistleblower Ashley Gjøvik hails iWatershed iMoment for iStaff iRightsCxO10 Apr 2025|2
956 - Search - Nvidia paid $1M for Mar-a-Lago meal, US later scrapped AI chip export crackdownBest after-dinner mint everAI + ML09 Apr 2025|12
957 - Search - Founder of facial-rec controversy biz Clearview AI booted from boardFrom wanting to weed out far-Left, anti-Trump migrants to amassing a huge database of internet photosAI + ML09 Apr 2025|4
958 - Search - ISC 2025: Hitting the Big 4-0Join the HPC, AI and QC communities in June to explore the future of performance-centric computingPartner Content
959 - Search - Musk’s DOGE muzzled on X over tape storage baloneyComment70 years old, yes. Obsolete? Not by a long shot
960 - Search - April’s Patch Tuesday leaves unlucky Windows Hello users unable to loginUpdatedCan’t Redmond ask its whizz-bang Copilot AI to fix it?Patches09 Apr 2025|7
961 - Search - Wyden blocks Trump’s CISA boss nominee, blames cyber agency for ‘actively hiding info’ about telecom insecurityIt worked for in 2018 with Chris Krebs. Will it work again?Networks09 Apr 2025|6
962 - Search - Someone compromised US bank watchdog to access sensitive financial filesOCC mum on who broke into email, but Treasury fingered China in similar hack months agoCyber-crime09 Apr 2025|1
963 - Search - Trump thinks we can make iPhones in the US just like China. Yeah, rightWorld War FeeOne’s a world power with extensive cutting-edge electronics manufacturing empire, the other is AmericaPersonal Tech09 Apr 2025|98
964 - Search - EU lands 25% counter tariff punch on US, Trump pauses broad import levy hike – China exceptedWorld War FeeMiddle Kingdom gets 125%. So this is what it’s like living in reality TVOn-Prem09 Apr 2025|76
965 - Search - Commercial space station outfit plans two Orbital Data Center nodes by the end of 2025Yep. It’s Axiom’s datacenters in SPAAAAACESystems09 Apr 2025|12
966 - Search - Microsoft puts $1B US datacenter builds on hold amid AI, tariff uncertaintyWorld War FeeCommitted $80B capex for DCs as recently as January. We wonder what changed?Systems09 Apr 2025|6
967 - Search - Bad luck, Windows 10 users. No fix yet for ransomware-exploited bugPatch TuesdayA novel way to encourage upgrades? Microsoft would never stoop so low
968 - Search - Tech hiring stalls as AI hype, layoffs, tariffs, economic uncertainty, more collideAnd coming up next, Trump’s World War FeeOn-Prem09 Apr 2025|6
969 - Search - UK officials insist ‘murder prediction tool’ algorithms purely abstractEven though policing department spent 2 years on ‘Minority Report’ evoking study predicting which criminals will become killersPublic Sector09 Apr 2025|38
970 - Search - Google’s got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft’s $20B+ security bizCloud NextHow Chocolate Factory hopes to double down on enterprise-secCSO09 Apr 2025|6
971 - Search - FreeDOS 1.4: Still DOS, still FOSS, more modern than everThe 1990s called – they’re impressedOSes09 Apr 2025|26
972 - Search - Microsoft resets ‘days since last Windows 11 problem’ counter to 0SenseShield the latest company to fall foul of 24H2OSes09 Apr 2025|24
973 - Search - UK’s answer to DARPA sprouts new ideas, like programmable plantsUpdated programs suggest ARIA will keep singing for another yearScience09 Apr 2025|25
974 - Search - Microsoft lists seven habits of highly effective Windows 11 usersStrangely no eighth tip to use something elseOSes09 Apr 2025|70
975 - Search - Laser-cooled chips: Maybe coming soon-ish to a datacenter near youPublic-private partnership zaps photons at hotspots, hopes to ship by 2027Science09 Apr 2025|13
976 - Search - Copyright-ignoring AI scraper bots laugh at robots.txt so the IETF is trying to improve itRecently formed AI Preferences Working Group has August deadline to develop ideas on how to tell crawlers to go away, or come for a feastAI + ML09 Apr 2025|33
977 - Search - DOGE dilettantes ‘didn’t test’ Social Security fraud detection tool at appropriate scaleFeds claim creaky COBOL, user spike is real reason key portal now flakyPublic Sector09 Apr 2025|60
978 - Search - Pharmacist accused of using webcams to spy on women in intimate moments at work, homeLawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosecCyber-crime09 Apr 2025|20
979 - Search - What native cloud security tools won’t catchNative tools help, but they don’t cover everything - here’s what they miss and how to close the gapsPartner Content
980 - Search - AI entrepreneur sent avatar to argue in court – and the judge shut it down fastInterviewWe hear from court-scolded Jerome Dewald, who insists lawyer-bots have a futureAI + ML09 Apr 2025|24
981 - Search - TSMC blew whistle on suspected verboten exports to Huawei – that may cost it $1B+What did we learn today, hm?On-Prem08 Apr 2025|26
982 - Search - Canada OKs construction of first licensed teeny atomic reactorBuilt by 2028? Maybe. Powering homes? That’s another slip of paper entirelyScience08 Apr 2025|26
983 - Search - Are speedy responses more important than backups for recovery?CTOIndustry approach to keeping top-quality copies may mask importance of other recovery mainstays
984 - Search - Oracle’s masterclass in breach comms: Deny, deflect, repeatOpinionFallout shows how what you say must be central to disaster planning
985 - Search - For healthcare orgs, DR means making sure docs can save lives during ransomware infectionsCXOOrganizational, technological resilience combined defeat the disease that is cybercrime
986 - Search - Heterogeneous stacks, ransomware, and ITaaS: A DR nightmareCommentRecovery’s never been harder in today’s tangled, outsourced infrastructure
987 - Search - Ransomware crews add ‘EDR killers’ to their arsenal – and some aren’t even malwareinterviewCrims are disabling security tools early in attacks, Talos says
988 - Search - Meta accused of Llama 4 bait-and-switch to juice AI benchmark rankDid Facebook giant rizz up LLM to win over human voters? It appears soAI + ML08 Apr 2025|3
989 - Search - Boeing 787 radio software safety fix didn’t work, says Qatar’Loss of safe separation between aircraft, collision, or runway incursion’ is not what we want to hearApplications08 Apr 2025|40
990 - Search - Don’t open that JPEG in WhatsApp for Windows. It might be an .EXEWhat a MIME fieldPatches08 Apr 2025|28
991 - Search - Don’t let cyberattacks keep you downLearn how Infinidat’s enterprise cyber storage solutions can enable near-immediate recoverySponsored Post
992 - Search - Windows Server Update Services live to patch another dayDisconnected device scenarios cause headaches for MicrosoftOSes08 Apr 2025|13
993 - Search - Tariff-ied Framework pulls laptops, Keyboardio warns of keystroke sticker shockWorld War FeeSmall IT hardware firms feel the heat from Trump making prices greatPersonal Tech08 Apr 2025|14
994 - Search - ‘Copilot will remember key details about you’ for a ‘catered to you’ experienceAnd Vision will ‘read’ your screen and interact with the content, says MicrosoftAI + ML08 Apr 2025|59
995 - Search - Scattered Spider stops the Rickrolls, starts the RAT raceDespite arrests, eight-legged menace targeted more victims this yearResearch08 Apr 2025|5
996 - Search - UALink debuts its first AI interconnect spec – usable in just 18 short monthsNo-Nvidia networking club is banking on you running different GPUs on one networkNetworks08 Apr 2025|
997 - Search - Procter & Gamble study finds AI could help make Pringles tastier, spice up Old Spice, sharpen GilletteGo on, then, knock yourself out, palAI + ML08 Apr 2025|41
998 - Search - Boffins turn Moon dirt into glass for solar panels, eye future lunar base powerLugging a solar furnace to melt it could slash the need to launch bulky power gear from EarthScience08 Apr 2025|32
999 - Search - IBM’s z17 mainframe – now with 7.5x more AI performanceWho wouldn’t want predictive business insights in a week like this? (We jest, it can’t solve for Trump tariffs)Systems08 Apr 2025|10
1000 - Search - The smart way to tackle data storage challengesWhy high-performance object storage is needed for modern data-intensive workloads
1001 - Search - Building a better digital future for SMEsHow smaller businesses can grab the opportunities that AI and advanced collaboration and connectivity tools give them
1002 - Search - AI puts value in data. So how do we get it out?How HPE is helping to manage storage complexity
1003 - Search - Data deluge pushes financial services deeper into AIHarnessing AI to optimize applications and services is crucial but building the infrastructure is equally important
1004 - Search - Brit universities told to keep up the world-class research with less cashGovernment boasts of £14B in R&D spending, but grant body takes £300M hitScience08 Apr 2025|53
1005 - Search - UK data watchdog seeks fresh blood as more complaints lie unanswered for up to a yearMultiple red-rated performance metrics blamed on inability to answer rising numbers of data protection worriesPersonal Tech08 Apr 2025|14
1006 - Search - Eight charged with corruption, money laundering, in case linked to Huawei lobbyingChinese tech giant has fired two staff, but Europe’s anti-fraud org isn’t probingNetworks08 Apr 2025|5
1007 - Search - Samsung trumps USA’s tariffs by making displays in Mexico, and elsewhere if neededWorld War FeeMay also have fixed AI memory biz if better-than-expected revenue guidance is anything to go byPersonal Tech08 Apr 2025|43
1008 - Search - As CISA braces for more cuts, threat intel sharing takes a hitAnalysisHow will ‘gutting’ civilian defense agency make American cybersecurity great again?Public Sector08 Apr 2025|9
1009 - Search - Oracle says its cloud was in fact compromisedReliability, honesty, accuracy. And then there’s this lotPaaS + IaaS08 Apr 2025|35
1010 - Search - Microsoft’s AI masterplan: Let OpenAI burn cash, then build on their successesAnalysisRedmond’s not alone: AWS, Alibaba, DeepSeek also rely on others blazing the trailAI + ML07 Apr 2025|8
1011 - Search - Cloud security explained: What’s left exposed?Think AWS has security covered? Think again. Discover real-world examples of what it doesn’t secure and how to protect your environmentPartner Content
1012 - Search - Trump tariffs to make prices great – a gainWorld War FeeAs costs for US shoppers set to rise, markets slump, orange is new red, we speak to economic expertsPublic Sector07 Apr 2025|77
1013 - Search - That massive GitHub supply chain attack? It all started with a stolen SpotBugs tokenBut this mystery isn’t over yet, Unit 42 opinesDevops07 Apr 2025|7
1014 - Search - Trump doubles down, vows to make Chinese imports even more expensive for AmericansWorld War FeePresident to up tariffs on Middle Kingdom goods to 104% from 54%Public Sector07 Apr 2025|226
1015 - Search - Alleged Scattered Spider SIM-swapper must pay back $13.2M to 59 victimsCrummy OPSEC leads to potentially decades in prisonCyber-crime07 Apr 2025|1
1016 - Search - Trump tariffs thwart TikTok takeover as China digs in heelsWorld War FeeVideo app’s future once again caught between trade war and political whiplashApplications07 Apr 2025|23
1017 - Search - SpaceX scores $5.9B lion’s share of Space Force launch contractsULA wins $5.4B and Blue Origin $2.4BPublic Sector07 Apr 2025|45
1018 - Search - Please sir, may we have some Moore? Doesn’t look that wayOpinionWe’re on a roadmap to nowhere. Come on insideColumnists07 Apr 2025|30
1019 - Search - Chrome to patch decades-old flaw that let sites peek at your historyAfter 23 years, the privacy plumber has finally arrived to clean up this messPatches07 Apr 2025|7
1020 - Search - Maximizing ROI with integrated SDNWhy SDN should be front of mind for IT teams evaluating VMware alternativesPartner Content
1021 - Search - UK’s attempt to keep details of Apple ‘backdoor’ case secret… deniedLast month’s secret hearing comes to lightCSO07 Apr 2025|108
1022 - Search - EU may target US tech giants in tariff responseWorld War FeeBy putting services in scope, €18 trillion trade bloc looks to focus tech sector mindsPublic Sector07 Apr 2025|183
1023 - Search - Brit telcos ask suppliers to clean up emissions mess – politely, with no teethDigital Connectivity Forum lays out climate goals, but enforcement is strictly optionalNetworks07 Apr 2025|1
1024 - Search - Bad luck, Windows 10 users. No fix yet for ransomware-exploited bugPatch TuesdayA novel way to encourage upgrades? Microsoft would never stoop so lowPatches08 Apr 2025|12
1025 - Search - Asian tech players react to US tariffs with delays, doubts, deal-makingAsia In BriefPLUS: Qualcomm acquires Vietnamese AI outfit; China claims US hacked winter games; India’s browser challenge winner disputed; and morePublic Sector07 Apr 2025|11
1026 - Search - Signalgate solved? Report claims journalist’s phone number accidentally saved under name of Trump officialInfosec in BriefPLUS: Google re-patches Quick Share flaws; Critical Cisco flaw exploited; WordPress plugin trouble; and moreSecurity07 Apr 2025|41
1027 - Search - Trump fires NSA boss, deputy’Nonpartisan’ intelligence chief booted less than two years into the jobPublic Sector04 Apr 2025|109
1028 - Search - 30 minutes to pwn town: Are speedy responses more important than backups for recovery?The industry’s approach to keeping quality backups may be masking the importance of other recovery mainstaysDisaster Recovery Week04 Apr 2025|4
1029 - Search - Alan Turing Institute: UK can’t handle a fight against AI-enabled crimsLaw enforcement facing huge gap in ‘AI adoption’AI + ML04 Apr 2025|16
1030 - Search - Ex-ASML, NXP staffer accused of stealing chip secrets, peddling them to MoscowWe’re not Putin up with this alleged industrial espionage, say the DutchCyber-crime04 Apr 2025|5
1031 - Search - Retirement funds reportedly raided after unexplained portal probes and data theftAustralians checking their pensions are melting down call centers and websitesCyber-crime04 Apr 2025|9
1032 - Search - Signalgate: Pentagon watchdog probes Defense Sec HegsethClassification compliance? Records retention requirements? How quaintPublic Sector04 Apr 2025|108
1033 - Search - For flux sake: CISA, annexable allies warn of hot DNS threatShape shifting technique described as menace to national securityCSO03 Apr 2025|5
1034 - Search - Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 yearsSimple denial-of-service blunder turned out to be remote unauth code exec disasterCyber-crime03 Apr 2025|3
1035 - Search - When disaster strikes, proper preparation prevents poor performanceIt’s going to happen to you one day, so get your ducks in a rowDisaster Recovery Week03 Apr 2025|10
1036 - Search - Why is someone mass-scanning Juniper and Palo Alto Networks products?UpdatedEspionage? Botnets? Trying to exploit a zero-day?Networks03 Apr 2025|11
1037 - Search - EU: These are scary times – let’s backdoor encryption!ProtectEU plan wants to have its cake and eat it tooSecurity03 Apr 2025|145
1038 - Search - Heterogeneous stacks, ransomware, and ITaaS: A DR nightmareCommentRecovery’s never been harder in today’s tangled, outsourced infrastructureDisaster Recovery Week03 Apr 2025|6
1039 - Search - Customer info allegedly stolen from compromised supplier of Royal Mail, SamsungUpdatedStamp it out: Infostealer malware at German outfit may be culpritCyber-crime03 Apr 2025|9
1040 - Search - Raw Deel: Corporate spy admits role in espionage at HR software biz RipplingDouble-oh-sh…CSO02 Apr 2025|10
1041 - Search - Crimelords at Hunters International tell lackeys ransomware too ‘risky’Bosses say theft now the name of the game with a shift in tactics, apparent brandingCyber-crime02 Apr 2025|6
1042 - Search - Oracle’s masterclass in breach comms: Deny, deflect, repeatOpinionFallout shows how what you say must be central to disaster planningDisaster Recovery Week02 Apr 2025|12
1043 - Search - For healthcare orgs, DR means making sure docs can save lives during ransomware infectionsOrganizational, technological resilience combined defeat the disease that is cybercrimeDisaster Recovery Week02 Apr 2025|6
1044 - Search - Oracle faces Texas-sized lawsuit over alleged cloud snafu and radio silenceVictims expect to spend considerable time and money over privacy incident, lawyers arguePaaS + IaaS02 Apr 2025|9
1045 - Search - One of the last of Bletchley Park’s quiet heroes, Betty Webb, dies at 101ObitTip-lipped for 30 years before becoming an ‘unrivaled advocate’ for the siteSecurity02 Apr 2025|41
1046 - Search - Apple belatedly patches actively exploited bugs in older OSesCupertino already squashed ’em in more recent releases - which this week get a fresh round of fixesPatches02 Apr 2025|10
1047 - Search - North Korea’s fake tech workers now targeting European employersWith help from UK operatives, because it’s getting tougher to run the scam in the USACyber-crime02 Apr 2025|16
1048 - Search - Forget Signal. National Security Adviser Waltz now accused of using Gmail for workBut his emails! Sharing them with Google!Public Sector02 Apr 2025|124
1049 - Search - Microsoft to mark five decades of Ctrl-Alt-Deleting the competitionCopilot told us that half a century is 25 years. It feels much longerSoftware01 Apr 2025|121
1050 - Search - Google makes end-to-end encrypted Gmail easy for all – even Outlook usersThe UK government must be thrilledSecurity01 Apr 2025|27
1051 - Search - UK threatens £100K-a-day fines under new cyber billTech secretary reveals landmark legislation’s full details for first timeCyber-crime01 Apr 2025|44
1052 - Search - GCHQ intern took top secret spy tool home, now faces prisonNot exactly Snowden levels of skillSecurity01 Apr 2025|87
1053 - Search - CISA spots spawn of Spawn malware targeting Ivanti flawResurge an apt name for malware targeting hardware maker that has security bug after security bugCyber-crime01 Apr 2025|1
1054 - Search - Top cybersecurity boffin, wife vanish as FBI raids homesUpdatedIndiana Uni rm -rf online profiles while agents haul boxes of evidenceResearch31 Mar 2025|21
1055 - Search - Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed1990s incident response in 2025PaaS + IaaS31 Mar 2025|8
1056 - Search - Check Point confirms breach, but says it was ‘old’ data and crook made ‘false’ claimsExplanation leaves a ’lot of questions unanswered,’ says infosec researcherCyber-crime31 Mar 2025|4
1057 - Search - China cracks down on personal information collection. No, seriouslyAsia In BriefPLUS: Indonesia crimps social media, allows iPhones; India claims rocket boost; In-flight GenAI for Japan AirlinesSecurity31 Mar 2025|12
1058 - Search - Oracle Health reportedly warns of info leak from legacy serverInfosec in briefPLUS: OpenAI bumps bug bounties bigtime; INTERPOL arrests 300 alleged cyber-scammers; And more!Security30 Mar 2025|3
1059 - Search - Malware in Lisp? Now you’re just being cruelMiscreants warming to Delphi, Haskell, and the like to evade detectionResearch29 Mar 2025|56
1060 - Search - Cardiff’s children’s chief confirms data leak 2 months after cyber risk was ’escalated’Department director admits Welsh capital’s council still trying to get heads around threat of dark web leaksSecurity28 Mar 2025|3
1061 - Search - After Chrome patches zero-day used to target Russians, Firefox splats similar bugSingle click on a phishing link in Google browser blew up sandbox on WindowsPatches28 Mar 2025|10
1062 - Search - Cyber-crew claims it cracked American cableco, releases terrible music video to prove itWOW!DID!SOMEONE!REALLY!STEAL!DATA!ON!400K!USERS?!Cyber-crime28 Mar 2025|7
1063 - Search - China’s FamousSparrow flies back into action, breaches US org after years off the radarCrew also cooked up two fresh SparrowDoor backdoor variants, says ESETNetworks27 Mar 2025|2
1064 - Search - Security shop pwns ransomware gang, passes insider info to authoritiesResearchers say ‘proactive’ approach is needed to combat global cybercrimeSecurity27 Mar 2025|7
1065 - Search - CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bugScreenshot shows company head unhappy, claiming ‘real CVE is pending’Security27 Mar 2025|5
1066 - Search - UK’s first permanent facial recognition cameras installed in South LondonAs if living in Croydon wasn’t bad enoughSecurity27 Mar 2025|162
1067 - Search - Ransomwared NHS software supplier nabs £3M discount from ICO for good behaviorData stolen included checklist for medics on how to get into vulnerable people’s homesCyber-crime27 Mar 2025|3
1068 - Search - Signalgate storm intensifies as journalist releases full secret Houthi airstrike chatUpdatedSo F-18 launch times, weapons, drone support aren’t classified now … who knew?CSO26 Mar 2025|265
1069 - Search - US defense contractor cops to sloppy security, settles after infosec lead blows whistleMORSE to pay – .. .-.. .-.. .. — -. … for failing to meet cyber-gradeCSO26 Mar 2025|11
1070 - Search - Files stolen from NSW court system, including restraining orders for violenceVictims’ details at risk after criminals download 9,000 files from court databaseCyber-crime26 Mar 2025|2
1071 - Search - Credible nerd says stop using atop, doesn’t say why, everyone panicsUpdatedBad news about the Linux system monitor may be on the waySecurity26 Mar 2025|52
1072 - Search - NCSC taps influencers to make 2FA go viralWho knew social media stars had a role to play in building national cyber resilience?Security26 Mar 2025|13
1073 - Search - There are 10,000 reasons to doubt Oracle Cloud’s security breach denialCustomers come forward claiming info was swiped from prodCyber-crime25 Mar 2025|43
1074 - Search - Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish16,000 stolen records pertain to former and active mail subscribersCyber-crime25 Mar 2025|37
1075 - Search - You know that generative AI browser assistant extension is probably beaming everything to the cloud, right?Just an FYI, likeApplications25 Mar 2025|18
1076 - Search - VanHelsing ransomware emerges to put a stake through your Windows heartThere’s only one rule – don’t attack Russia, duhResearch25 Mar 2025|7
1077 - Search - Hm, why are so many DrayTek routers stuck in a bootloop?Time to update your firmware, if you can, to one with the security fixes, cough coughCyber-crime25 Mar 2025|58
1078 - Search - Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flawHow many K8s systems are sat on the internet front porch like that … Oh, thousands, apparentlyPatches25 Mar 2025|1
1079 - Search - OTF, which backs Tor, Let’s Encrypt and more, sues to save its funding from Trump cutsUpdatedKari, are you OK, are you OK, Kari?Networks25 Mar 2025|109
1080 - Search - Top Trump officials text secret Yemen airstrike plans to journo in Signal SNAFUUpdatedMassive OPSEC fail from the side who brought you ’lock her up’Public Sector24 Mar 2025|186
1081 - Search - FCC on the prowl for Huawei and other blocked Chinese makers in AmericaBe vewy vewy quiet, I’m hunting racketsNetworks24 Mar 2025|8
1082 - Search - As nation-state hacking becomes ‘more in your face,’ are supply chains secure?InterviewEx-US Air Force officer says companies shouldn’t wait for govt mandatesCSO24 Mar 2025|10
1083 - Search - AI agents swarm Microsoft Security CopilotLooking to sort through large volumes of security info? Redmond has your backendSecurity24 Mar 2025|13
1084 - Search - 23andMe’s genes not strong enough to avoid Chapter 11CEO steps down after multiple failed attempts to take the DNA testing company privateCyber-crime24 Mar 2025|46
1085 - Search - Is Washington losing its grip on crypto, or is it a calculated pivot to digital dominance?AnalysisIt’s been a very busy week for Digicash Donald’s administrationSecurity24 Mar 2025|17
1086 - Search - Microsoft tastes the unexpected consequences of tariffs on timeOpinionThrow a spanner in the works, best get good at fixing things. Now, where did you put that spanner?Security24 Mar 2025|105
1087 - Search - Mobsters now overlap with cybercrime gangs and use AI for evil, Europol warnsInfosec In BriefPLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more!Security24 Mar 2025|7
1088 - Search - China bans compulsory facial recognition and its use in private spaces like hotel roomsAsia In BriefPLUS: Zoho’s Ulaa anointed India’s most patriotic browser; Typhoon-like gang targets Taiwan; Japan debates offensive cyber-ops; and moreSecurity23 Mar 2025|19
1089 - Search - Oracle Cloud says it’s not true someone broke into its login servers and stole dataDespite evidence to the contrary as alleged pilfered info goes on saleCyber-crime23 Mar 2025|28
1090 - Search - Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with USInterviewPlus AI in the infosec world, why CISA should know its place, and moreCSO23 Mar 2025|43
1091 - Search - AdTech CEO whose products detected fraud jailed for financial fraudMade up revenue and pretended to use non-existent dataCyber-crime21 Mar 2025|9
1092 - Search - Paragon spyware deployed against journalists and activists, Citizen Lab claimsInfosec newsbytesPlus: Customer info stolen from ‘parental control’ software slinger SpyX; F-35 kill switch deniedResearch21 Mar 2025|17
1093 - Search - Capital One cracker could be sent back to prison after judges rule she got off too lightlyFeds want book thrown at Paige Thompson, who pinched 100M customer recordsCyber-crime21 Mar 2025|18
1094 - Search - Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed upSo much for that vacationPublic Sector20 Mar 2025|60
1095 - Search - Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklistPalming off the blame using an ‘unknown’ best practice didn’t go down well eitherPatches20 Mar 2025|7
1096 - Search - Too many software supply chain defense bibles? Boffins distill adviceHow to avoid another SolarWinds, Log4j, and XZ Utils situationSecurity20 Mar 2025|10
1097 - Search - The post-quantum cryptography apocalypse will be televised in 10 years, says UK’s NCSCWow, a government project that could be on time for once … cos it’s gonna be wayyyy more than a decadeSecurity20 Mar 2025|57
1098 - Search - Attackers swipe data of 500k+ people from Pennsylvania teachers unionSSNs, payment details, and health info tooCyber-crime19 Mar 2025|3
1099 - Search - Names, bank info, and more spills from top sperm bankCyber-crime is officially getting out of handBootnotes19 Mar 2025|17
1100 - Search - IBM scores perfect 10 … vulnerability in mission-critical OS AIXBig Blue’s workstation workhorse patches hole in network installation manager that could let the bad guys inPatches19 Mar 2025|5
1101 - Search - Ex-US Cyber Command chief: Europe and 5 Eyes can’t fully replicate US intelCue deepening existential European dread as Rest of World contemplates Trump turning off the info tapSecurity19 Mar 2025|75
1102 - Search - Show top LLMs some code and they’ll merrily add in the bugs they saw in trainingOne more time, with feeling … Garbage in, garbage outAI + ML19 Mar 2025|33
1103 - Search - CISA fires, now rehires and immediately benches security crew on full payDOGE efficiency in actionPublic Sector18 Mar 2025|51
1104 - Search - US tech jobs outlook clouded by DOGE cuts, Trump tariffsHiring remains relatively strong as analysts warn of slowdownResearch18 Mar 2025|57
1105 - Search - How to access the Dark Web using the Tor Browser
1106 - Search - How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11
1107 - Search - How to use the Windows Registry Editor
1108 - Search - How to backup and restore the Windows Registry
1109 - Search - How to start Windows in Safe Mode
1110 - Search - How to remove a Trojan, Virus, Worm, or other Malware
1111 - Search - How to show hidden files in Windows 7
1112 - Search - How to see hidden files in Windows
1113 - Search - Remove the Theonlinesearch.com Search Redirect
1114 - Search - Remove the Smartwebfinder.com Search Redirect
1115 - Search - How to remove the PBlock+ adware browser extension
1116 - Search - Remove the Toksearches.xyz Search Redirect
1117 - Search - Remove Security Tool and SecurityTool (Uninstall Guide)
1118 - Search - How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
1119 - Search - How to remove Antivirus 2009 (Uninstall Instructions)
1120 - Search - How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
1121 - Search - Locky Ransomware Information, Help Guide, and FAQ
1122 - Search - CryptoLocker Ransomware Information Guide and FAQ
1123 - Search - CryptorBit and HowDecrypt Information Guide and FAQ
1124 - Search - CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
1125 - Search - Reach out to get featured—contact us to send your exclusive story idea, research, hacks, or ask us a question or leave a comment/feedback!
1126 - Search - File Integrity and Change Monitoring
1127 - Search - The Cost of Ransomware: Shutdowns & Extortion
1128 - Search - Cyber Fraud: The Primary Culprit in UK Payment Fraud
1129 - Search - April 2025 Patch Tuesday Analysis
1130 - Search - How CEOs Can Embrace GenAI for Business Growth
1131 - Search - Information Security Risk Management (ISRM) Boosts Compliance by Undermining Configuration Drift
1132 - Search - Mastering Cybersecurity Incident Communication Part 1: A Proactive Approach
1133 - Search - Tripwire Patch Priority Index for March 2025
1134 - Search - HellCat Ransomware: What You Need To Know
1135 - Search - Japan Passes Active Cyber Defense Bill
1136 - Search - Top Cybersecurity Considerations When Moving Commercial Premises
1137 - Search - Federal Desktop Core Configuration (FDCC/USGCB) Compliance
1138 - Search - VanHelsing Ransomware: What You Need To Know
1139 - Search - Implementing Privileged Access Workstations: A Step-by-Step Guide
1140 - Search - How to Build a Mature Vulnerability Management Program
1141 - Search - An Introduction to Data Masking in Privacy Engineering
1142 - Search - MAS Compliance 101: Key Regulations for Financial Institutions in Singapore
1143 - Search - Cross-Border Data Compliance: Navigating Public Security Regulations in a Connected World
1144 - Search - Top 10 Scam Techniques: What You Need to Know
1145 - Search - BlackLock Ransomware: What You Need To Know
1146 - Search - CMS ARS: A Blueprint for US Healthcare Data Security and Compliance
1147 - Search - File Integrity & Change Monitoring(55)
1148 - Search - IT Security Operations & Asset Discovery(9)
1149 - Search - A Sneaky Phish Just Grabbed my Mailchimp Mailing List
1150 - Search - Soft-Launching and Open Sourcing the Have I Been Pwned Rebrand
1151 - Search - We’re Backfilling and Cleaning Stealer Logs in Have I Been Pwned
1152 - Search - Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs
1153 - Search - Data breach disclosure 101: How to succeed after you’ve failed
1154 - Search - Data from connected CloudPets teddy bears leaked and ransomed, exposing kids’ voice messages
1155 - Search - Here’s how I verify data breaches
1156 - Search - When a nation is hacked: Understanding the ginormous Philippines data breach
1157 - Search - How I optimised my life to make my job redundant
1158 - Search - AFCEA International and LA Chapter Aid High School Damaged by California Wildfires
1159 - Search - How Generative AI Improves Military Decision-Making
1160 - Search - New DARPA Initiative Challenges the Creation of Operational Quantum Computers
1161 - Search - Annual Assessment Lists Primary Threats to U.S. National Security
1162 - Search - The Risk and Opportunity of Open-Source Intelligence
1163 - Search - The AI Race With China and the Uncertain Future of Truth
1164 - Search - Steely Determination Brings Metal Foam to Production
1165 - Search - Nature Inspires New Drone Technologies
1166 - Search - Experimentation Task Force Improves Long-Range Defense Comms
1167 - Search - On Point: Q&A With Marjorie Quant
1168 - Search - ULA’s Vulcan Rocket Certified for National Security Missions
1169 - Search - Secure View Presents What Is Needed
1170 - Search - DoD Appoints Army Col. Laurie Buckhout (Ret.) to Cyber Defense Policy Position
1171 - Search - New Flat-Panel Satellite Antenna Technology Available To Support European Allies
1172 - Search - Cybersecurity Is at the Heart of the Army’s Network Plan
1173 - Search - Greater Emphasis on AI at NGA
1174 - Search - DoD Reaffirms Software Acquisition Pathway Use
1175 - Search - UK Details New Cybersecurity Legislation To Promote Economic Growth
1176 - Search - Cyber Command 2.0 Eyes Creation of a Cyber Innovation Warfare Center
1177 - Search - Katie Arrington: Change Is Good and Change Is Coming
1178 - Search - The PRC Continues Its Authoritarian Repression Abroad
1179 - Search - Intelligence Community AI Cybersecurity Program Achieves ‘Massive Scientific Impact’
1180 - Search - Finland Aims High With Its 2030 Drone Development Goals
1181 - Search - President’s Commentary: The Chinese Communist Party’s Big Bad Wolf Transformation
1182 - Search - The Importance of Wireless Airspace Defense in Today’s Enterprise Environment
1183 - Search - For Pentagon’s AI programs, It’s Time for Boots on the Ground
1184 - Search - Seesaw Training: Balancing Training of Your Current Role With Career Development
1185 - Search - Data Interoperability Unlocked: Empowering the Air Force for Fifth- and Sixth-Generation Warfare
1186 - Search - ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation
1187 - Search - Why Cybersecurity Leaders Trust the MITRE ATT&CK Evaluations
1188 - Search - Cynet Enables 426% ROI in Forrester Total Economic Impact Study
1189 - Search - Standing Up to Disinformation and Its Unprecedented Threats
1190 - Search - Empowering Troops, Enhancing Battlespace Awareness With Private Wireless
1191 - Search - Bringing U.S. Dominance to the Spectrum
1192 - Search - All-in-One: How Cynet Is Revolutionizing Cybersecurity for MSPs
1193 - Search - Is It Finally Time to Say Goodbye to Unsafe Mobile Communication Practices?
1194 - Search - Disruptive By Design: Is it Possible the United States and China Are Already at War?
1195 - Search - Cross-Cloud Collaboration Paves the Way for Data Transparency: OPM’s Groundbreaking Analytics Solution
##
Krebs on Security
View Articles
1196 - Search - Patch Tuesday, April 2025 Edition
1197 - Search - Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
1198 - Search - had no record of transcripts for Lanterman
1199 - Search - How Each Pillar of the 1st Amendment is Under Attack
1200 - Search - When Getting Phished Puts You in Mortal Danger
1201 - Search - Arrests in Tap-to-Pay Scheme Powered by Phishing
1202 - Search - a deep dive into the operations of China-based phishing cartels
1203 - Search - DOGE to Fired CISA Staff: Email Us Your Personal Data
1204 - Search - ClickFix: How to Infect Your PC in Three Easy Steps
1205 - Search - first spotted in targeted attacks last year
1206 - Search - Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
1207 - Search - Alleged Co-Founder of Garantex Arrested in India
1208 - Search - Feds Link $150M Cyberheist to 2022 LastPass Hacks
1209 - Search - the LastPass breach story published here in September 2023
##
Industrial Cyber
View Articles
1211 - Search - House Democrats urge DHS secretary to halt reported plan to dismantle FEMAU.S. House Committee members have urged the Secretary of the Department of Homeland Security (DHS) not to proceed with the reported plan of the administration of President Donald Trump to dismantle the Federal Emergency Management Agency (FEMA). The members identified…
1212 - Search - House Republicans reintroduce bill to counter Chinese cyber threats to critical infrastructureMembers of the U.S. House Committee on Homeland Security reintroduced legislation this week to combat growing cyber threats from the Chinese Communist Party (CCP) against the nation’s critical infrastructure sector. The bill would require the federal government to assess and…
1213 - Search - Munich Re sees untapped potential in $15.3B cyber insurance market amid rising threats and evolving risksGerman multinational insurance company Munich Re estimates that the global cyber insurance market totaled US$15.3 billion in 2024, corresponding to less than one percent of the global premium volume for property and casualty insurance in 2024, though underscoring the potential…
1214 - Search - European Commission launches consultation on strengthening healthcare cyber defenses, seeks input by Jun. 30The European Commission has initiated a consultation on its January Action Plan, which was designed to enhance cybersecurity measures for hospitals and healthcare providers. This process seeks input from healthcare professionals, cybersecurity experts, policymakers, and the public to develop effective…
1215 - Search - US DOE unveils plans to co-locate data centers and energy infrastructure, seeks input on AI infrastructure developmentThe U.S. Department of Energy (DOE) has announced plans to help ensure America leads the world in Artificial Intelligence (AI) and lower energy costs by co-locating data centers and new energy infrastructure on DOE lands. DOE has released a Request…
1216 - Search - European Commission rolls out ProtectEU strategy to boost internal security, resilience against hybrid threatsThe European Commission has released ProtectEU, a comprehensive European Internal Security Strategy designed to assist Member States and enhance the EU’s capacity to ensure the safety of its citizens. The strategy outlines a vision and work plan for the future,…
1217 - Search - Hardware vulnerabilities in Hitachi Energy, ABB, B&R ICS devices pose critical infrastructure threatLast week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five ICS (industrial control systems) advisories providing timely information about current security issues, vulnerabilities, and exploits. The agency warned of the presence of hardware vulnerabilities in equipment from Hitachi…
1218 - Search - Urgent need for resilient industrial cybersecurity professionals to defend ICS/OT systems from rising cyber attacksSafeguarding digital frontiers in rapidly evolving industrial environments has become supremely crucial nowadays. Advances in interconnected ICS (industrial…Apr 06, 202514 min read
1219 - Search - Industrial Cybersecurity Market Outlook 2025: Focus on quantifying risk, embracing AI, building operational resilienceAs the digital transformation shapes the industrial cybersecurity sector, organizations must increasingly be prepared to adopt cyber risk…Mar 30, 202515 min read
1220 - Search - Choosing consequence-based cyber risk management to prioritize impact over probability, redefine industrial securityWith cyber attacks and threats continuing to escalate in tandem with geopolitical tensions, consequence-based cyber risk management has…Mar 23, 202518 min read
1221 - Search - Strengthening OT/ICS incident response to address growing complexity of cyber threats, deliver business continuityEvolving cyber threat landscapes have led to OT/ICS incident response priorities being under significant pressure. By stressing the…Mar 16, 202516 min read
1222 - Search - Empowering organizations to protect critical infrastructure with advanced OT network monitoring for cyber threat defenseIncreasing cyber threats and attacks have led modern organizations to focus on OT network monitoring, as it has…Mar 09, 202520 min read
1223 - Search - Highlighting focus on rise of industrial CISOs to balance organizational cybersecurity, operations, resilienceAs the boundaries between IT and OT environments blur and regulators move to bolster ICS cybersecurity across critical…Mar 02, 202515 min read
1224 - Search - Prioritizing organizational cybersecurity governance, boosting operational resilience across OT, ICS environmentsIn a world of advancing technological progress, the role of cybersecurity governance across OT (operational technology) and ICS…Feb 23, 202519 min read
1225 - Search - Roping in cyber risk quantification across industrial networks to safeguard OT asset owners amid rising threatsWith the changing threat environment, industrial and operational environments are under greater pressure than ever to reconcile operational…Feb 16, 202514 min read
1226 - Search - S4x25 and BSidesICS: Where industrial cybersecurity experts converge to foster collaboration and innovationAs the industrial cybersecurity community converges in Tampa, Florida for the upcoming S4x25 and BSidesICS events, there is…Feb 09, 202515 min read
1227 - Search - Evolving role of women in OT/ICS cybersecurity, as S4x25 and BSides for ICS 2025 address inclusion, resilienceAs the OT and ICS cybersecurity landscape continues to evolve, so does the role of women as they…Feb 02, 202514 min read
1228 - Search - Forescout launches eyeScope, a cloud-based solution for enhanced asset visibility, cybersecurity monitoring
1229 - Search - Xage Security appoints Susanto Irwan as president and CTO to lead AI-driven innovation
1230 - Search - Ontinue rolls out ION for improved phishing protection to reduce risk, strengthen cyber resilience
1231 - Search - Strengthening ICS resilience with ISA/IEC 62443 standards and configuration management
1232 - Search - How to Communicate Cyber & Operational Risk to Your Board
##
Cybersecurity News
View Articles
1234 - Search - Russian APT Hackers Using Device Code Phishing Technique to Bypass MFA
1235 - Search - Threat Actors Turning Messaging Service into a Cash Making Machine
1236 - Search - Hackers Allegedly Claiming WooCommerce Breach, 4.4 Million Customer Details Stolen
1237 - Search - New Double-Edged Email Attack Stealing Office365 Credentials and Deliver Malware
1238 - Search - CISA Warns of Linux USB-Audio Driver Out-of-Bounds Vulnerability Exploited in the Wild
1239 - Search - Weaponized PDF-based Attacks Accounts 22% Out of 68%…
1240 - Search - Secure Ideas Achieves CREST Accreditation and CMMC Level…
1241 - Search - NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords…
1242 - Search - New Sakura RAT Emerges on GitHub, Successfully Evading…
1243 - Search - Scattered Spider Employs Sophisticated Attacks to Steal Login Credentials & MFA Tokens
1244 - Search - North Korean Hackers Employs Social Engineering Tactics & Python Script to Execute Hidden Commands
1245 - Search - NCSC Warns of MOONSHINE & BADBAZAAR Malware Attacking Mobile Devices Worldwide
1246 - Search - Hackers Actively Scanning for Juniper’s Smart Router With Default Password
1247 - Search - Qilin Operators Mimic ScreenConnect Login Page to Deliver Ransomware & Gain Admin Access
1248 - Search - ToddyCat Hackers Exploit ESET Scanner Vulnerability to Evade Detection
1249 - Search - CISA Releases NICE Workforce Framework Version 2.0.0 Released – What’s New
1250 - Search - Russian Seashell Blizzard Attacking Organizations With Custom-Developed Hacking Tools
1251 - Search - Fortinet Addresses Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products
1252 - Search - Adobe Security Update – Patch for Multiple Vulnerabilities Across…
1253 - Search - Kibana Security Update – Patch for Vulnerability Leads to…
1254 - Search - Windows Common Log File System 0-Day Vulnerability Exploited in…
1255 - Search - 10 Best Data Loss Prevention Software – 2024
1256 - Search - Apple Released Security Updates For iOS, iPadOS, macOS, tvOS, and watchOS…
1257 - Search - Session Smart Routers With Default Passwords Hacked By Mirai Malware
1258 - Search - Tips How to Survive at Your First Job: The Adaptability of…
1259 - Search - ‘BouldSpy’ Android Malware Used by Iranian Government for Surveillance Operations
1260 - Search - What is Brute Force Attacks?
1261 - Search - Top 15 Best Security Incident Response Tools In 2025
1262 - Search - 10 Best Cloud Security Companies In 2025
1263 - Search - Top 11 Best SysAdmin Tools in 2025
1264 - Search - 10 Best Ransomware File Decryptor Tools – 2025
1265 - Search - Top 10 Programming Languages For Cyber Security – 2025
1266 - Search - 10 Best Kubernetes Container Scanners In 2025
##
Varonis Blog
View Articles
1267 - Search - Read all the latest research
1268 - Search - Ghost Sites: Stealing Data From Deactivated Salesforce Communities
1269 - Search - Defending Your Cloud Environment Against LAPSUS$ Style Threats
1270 - Search - Abusing Misconfigured Salesforce Communities for Recon and Data Theft
1271 - Search - Cloud SecurityVaronis Acquires Cyral to Reinvent Database Activity MonitoringYaki Faitelson3 min readStrategic DAM acquisition accelerates our mission to deliver AI-powered data security for all data, everywhere.Yaki Faitelson3 min read
1272 - Search - Data SecurityVaronis Named a Leader and Customer Favorite in The Forrester Wave™: Data Security Platforms, Q1 2025Avia Navickas3 min read
1273 - Search - Data SecurityMind Games: How Social Engineering Tactics Have EvolvedVaronis Threat Labs7 min read
1274 - Search - Data SecurityWhy Your Org Needs a Copilot Security Scan Before Deploying AI ToolsLexi Croisdale2 min read
1275 - Search - Introducing the Azure Access Graph to Find and Fix Cloud Security Issues
1276 - Search - From Table Stakes to a Team Sport: Rethinking Cybersecurity
1277 - Search - Data Breaches in Healthcare: Why Identity Protection and Data Security are More Important Than Ever
1278 - Search - Cloud SecurityData SecurityApr 08, 2025Data Discovery and Classification: The Importance of How Data is ScannedData discovery and classification are the foundations for DSPM and data security, but how your data is scanned is more important than you may think.Nolan Necoechea3 min read
1279 - Search - Varonis ProductsMar 27, 2025What’s New in Varonis: March 2025Discover Varonis’ latest features, including new data governance, labeling, and AI security capabilities.Nathan Coppinger2 min read
1280 - Search - Cloud SecurityMar 26, 2025Navigating the Cloud: Kubernetes Trends in 2025As 2025 unfolds, the world of cloud security and Kubernetes is rapidly transforming, presenting exciting new challenges and opportunities for growth.Daniel Miller3 min read
1281 - Search - DSPMData SecurityMicrosoft 365Mar 25, 2025The Folder Fallacy - Unmasking Hidden Permissions in Microsoft 365With the passing of time, admins and users lose sight of inherited sharing from SharePoint sites and folders, and this lack of visibility creates data risk. This article discusses one such scenario known as the ‘folder fallacy’.Shawn Hays3 min read
1282 - Search - Cloud SecurityMar 20, 2025Why Cloud Security Programs FailUnlock the secrets to robust cloud security. Learn how to tackle common challenges and protect your organization from data breaches and cyber threats.Daniel Miller4 min read
1283 - Search - Cloud SecurityData SecurityMar 19, 2025Rippling Believe it or Not: How the Largest Corporate Espionage Case this Century HappenedRippling, a leader in workforce management software, filed a lawsuit against its competitor, Deel, accusing it of planting a spy and exfiltrating customer and competitive information. This blog unpacks how it happened and how it could have been prevented.Shawn Hays5 min read
1284 - Search - Varonis ProductsMar 19, 2025Streamline Data Governance with Varonis Data Lifecycle AutomationAutomatically enforce data governance, lifecycle, and compliance policies without writing any code. Seamlessly copy and move data—cross-domain or cross-platform—without the risk of breaking permissions or interrupting business.Nathan Coppinger4 min read
1285 - Search - AI SecurityCloud SecurityData SecurityMar 12, 2025Federal Data Security Challenges in the Age of AIInsights from Varonis’ Craig Mueller’s on the rise in AI and the need for data security in the public sector.Craig Mueller3 min read
##
Pentest Partners Blog
View Articles
1286 - Search - How-TosDon’t use corporate email for your personal life09 Apr 2025
1287 - Search - Internet Of ThingsPreparing for the EU Radio Equipment Directive security requirements03 Apr 2025
1288 - Search - How-TosBackdoor in the Backplane. Doing IPMI security better31 Mar 2025
1289 - Search - DFIRThe first 24 hours of a cyber incident. A practical playbook24 Mar 2025
1290 - Search - OpinionsCybersecurity communities. Small hacker groups, big impact19 Mar 2025
1291 - Search - How-TosTake control of Cache-Control and local caching12 Mar 2025
1292 - Search - Consultancy adviceHow I became a Cyber Essentials Plus assessor06 Mar 2025
1293 - Search - DNSSEC NSEC. The accidental treasure map to your subdomains04 Mar 2025
1294 - Search - Hardware HackingA dive into the Rockchip Bootloader26 Feb 2025
1295 - Search - Aviation Cyber SecurityPen testing avionics under ED-203a21 Feb 2025
1296 - Search - How-TosWatch where you point that cred! Part 118 Feb 2025
1297 - Search - Maritime Cyber SecurityNew mandatory USCG cyber regulations. What you need to know14 Feb 2025
1298 - Search - Consultancy advicePCI DSS v4.0 Evidence and documentation requirements checklist13 Feb 2025
1299 - Search - Consultancy advicePCI DSS. Where to start?11 Feb 2025
1300 - Search - OT, ICS, IIoT, SCADAICS testing best results. Hint: Blend your approach07 Feb 2025
1301 - Search - How-TosA tale of enumeration, and why pen testing can’t be automated05 Feb 2025
1302 - Search - DFIRHow Garmin watches reveal your personal data, and what you can do28 Jan 2025
1303 - Search - Maritime Cyber SecurityCyber security guidance for small fleet operators24 Jan 2025
1304 - Search - Hardware HackingHow to secure body-worn cameras and protect footage from cyber threats21 Jan 2025
1305 - Search - Consumer AdviceSecurity flaws found in tiny phones promoted to children15 Jan 2025
1306 - Search - DFIRTackling AI threats. Advanced DFIR methods and tools for deepfake detection13 Jan 2025
1307 - Search - Aviation Cyber SecurityThe unexpected effects of GPS spoofing on aviation safety09 Jan 2025
1308 - Search - DFIR10 Non-tech things you wish you had done after being breached07 Jan 2025
1309 - Search - Aviation Cyber SecurityThe surprising existence of the erase button on cockpit voice recorders03 Jan 2025
1310 - Search - Internet Of ThingsHeels on fire. Hacking smart ski socks23 Dec 2024
1311 - Search - DFIRPractice being punched in the face. The realities of incident response preparation20 Dec 2024
1312 - Search - Hardware HackingHow easily access cards can be cloned and why your PACS might be vulnerable11 Dec 2024
1313 - Search - Hardware HackingMaking sure your door access control system is secure: Top 5 things to check09 Dec 2024
1314 - Search - Hardware HackingIs secure boot on the main application processor enough?05 Dec 2024
1315 - Search - DFIR6 non tech things you wish you had done before being breached03 Dec 2024
1316 - Search - DFIRBEC-ware the Phish (part 3): Detect and Prevent Incidents in M36527 Nov 2024
1317 - Search - Consumer AdviceHow we helped expose a £12 million rental scam19 Nov 2024
1318 - Search - Maritime Cyber SecurityIACS UR E26 and E27 guidance14 Nov 2024
1319 - Search - Maritime Cyber SecurityDid security gaps at Antwerp port enable drug smuggling operations?12 Nov 2024
1320 - Search - DFIRBEC-ware the Phish (part 2): Respond and Remediate Incidents in M36508 Nov 2024
1321 - Search - DFIRYou lost your iPhone, but it’s locked. That’s fine, right?06 Nov 2024
1322 - Search - Maritime Cyber SecurityMaritime lawyers assemble!05 Nov 2024
1323 - Search - Maritime Cyber SecurityWhat goes into testing a ship?05 Nov 2024
1324 - Search - DFIRMounting memory with MemProcFS for advanced memory forensics31 Oct 2024
1325 - Search - OpinionsTesting the security of CCTV systems30 Oct 2024
1326 - Search - DFIRUsing Volatility for advanced memory forensics24 Oct 2024
1327 - Search - DFIRBEC-ware the phish (part 1). Investigating incidents in M36515 Oct 2024
1328 - Search - OpinionsImposter syndrome in cyber security10 Oct 2024
1329 - Search - Aviation Cyber SecurityHow to handle vulnerability reports in aviation09 Oct 2024
1330 - Search - Aviation Cyber SecurityAirbus Navblue Flysmart LPC-NG issues01 Oct 2024
1331 - Search - Consumer AdviceHow can you protect your data, privacy, and finances if your phone gets lost or stolen?30 Sep 2024
1332 - Search - Hardware HackingDirect Memory Access (DMA) attacks. Risks, techniques, and mitigations in hardware hacking26 Sep 2024
1333 - Search - Vulnerability AdvisoryProroute H685 4G router vulnerabilities19 Sep 2024
1334 - Search - Maritime Cyber SecurityCyber threats to shipping explained18 Sep 2024
1335 - Search - Red TeamingLiving off the land, GPO style12 Sep 2024
1336 - Search - Consumer AdviceSmart home security advice. Ring, SimpliSafe, Swann, and Yale10 Sep 2024
1337 - Search - DFIRAdvanced forensic techniques for recovering hidden data in wearable devices04 Sep 2024
1338 - Search - How-TosHow to enhance the security of your social media accounts30 Aug 2024
1339 - Search - How-TosHow to root an Android device for analysis and vulnerability assessment23 Aug 2024
1340 - Search - Shameless Self PromotionInsights and highlights from DEF CON 3216 Aug 2024
1341 - Search - Red TeamingLiving off the land with Bluetooth PAN12 Aug 2024
1342 - Search - OpinionsKey safe security, or the lack of it07 Aug 2024
1343 - Search - Hardware HackingFuzzy matching with Ghidra BSim, a guide05 Aug 2024
1344 - Search - Maritime Cyber SecurityLeave the World Behind, or don’t24 Jul 2024
1345 - Search - Maritime Cyber SecurityPen testing cruise ships08 Jul 2024
1346 - Search - Vulnerability AdvisoryRCE vulnerability in OpenSSH – RegreSSHion (CVE-2024-6387)02 Jul 2024
1347 - Search - Vulnerability DisclosureGlastonbury ticket hijack vulnerability fixed28 Jun 2024
1348 - Search - How-TosDodgy disks. My 32TB SSD Adventure21 Jun 2024
1349 - Search - OPSECHUMINT in a cyber world20 Jun 2024
1350 - Search - Vulnerability DisclosureUK PSTI? You’ll need a Vulnerability Disclosure Program!24 May 2024
1351 - Search - OT, ICS, IIoT, SCADAImpacts on ICS from the updated Cyber Assessment Framework (CAF)17 May 2024
1352 - Search - DFIRPipedream ICS malware toolkit is a nightmare09 May 2024
1353 - Search - Vulnerabilities that aren’tVulnerabilities that (mostly) aren’t: LUCKY1303 May 2024
1354 - Search - How-TosBypassing MFA on Microsoft Azure Entra ID01 May 2024
1355 - Search - Maritime Cyber SecurityCan ships be hacked?12 Apr 2024
1356 - Search - OpinionsNavigating the perilous waters of conference invitations14 Mar 2024
1357 - Search - Automotive SecurityThe big play of autonomous vehicles12 Mar 2024
1358 - Search - Red TeamingLiving off the land with native SSH and split tunnelling06 Mar 2024
1359 - Search - Internet Of ThingsAdvice for manufacturers on the coming PSTI regulation23 Feb 2024
1360 - Search - Vulnerability AdvisoryNo fix KrbRelay VMware style21 Feb 2024
1361 - Search - How-TosCyber security for Credit Unions 10120 Feb 2024
1362 - Search - Social EngineeringQR Phishing. Fact or Fiction?15 Feb 2024
1363 - Search - AndroidAndroid Content Providers 10113 Feb 2024
1364 - Search - Internet Of ThingsSki & bike helmets protect your head, not location or voice07 Feb 2024
1365 - Search - Aviation Cyber SecurityHacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager01 Feb 2024
1366 - Search - OPSECOSINT in 60 seconds. Mind reading on TV30 Jan 2024
1367 - Search - OT, ICS, IIoT, SCADA10 years on from the Target breach. Has building cyber security improved?24 Jan 2024
1368 - Search - Aviation Cyber SecurityCockpit door lock auto-unlock is no surprise10 Jan 2024
1369 - Search - OpinionsListening in at Latimer House. RF emissions and more09 Jan 2024
1370 - Search - DFIRRAID Technology and the importance of disk encryption in data security04 Jan 2024
1371 - Search - Consumer AdviceMobile malware analysis for the BBC02 Jan 2024
1372 - Search - Consumer AdviceHelping a banking fraud victim02 Jan 2024
1373 - Search - Consumer AdviceHelping a mobile malware fraud victim02 Jan 2024
1374 - Search - Shameless Self PromotionSocks! Our cyber prediction for 202422 Dec 2023
1375 - Search - DFIRIntercepting MFA. Phishing and Adversary in The Middle attacks12 Dec 2023
1376 - Search - Medical Device SecurityNavigate FDA 524b to get your medical cyber device to market07 Dec 2023
1377 - Search - OPSECOSINT. What can you find from a domain or company name05 Dec 2023
1378 - Search - OPSECOPSEC failures when threat hunting30 Nov 2023
1379 - Search - Automotive SecurityAre Vehicle to Grid spikes coming?27 Nov 2023
1380 - Search - Red TeamingCap Dev. Better red teaming with continuous Capability Development23 Nov 2023
1381 - Search - Vulnerability DisclosureFujiFilm printer credentials encryption issue fixed31 Oct 2023
1382 - Search - Medical Device SecurityFDA medical IoT cyber device compliance. FD&C 524b31 Oct 2023
1383 - Search - DFIRUsing Velociraptor for large-scale endpoint visibility and rapid threat hunting12 Oct 2023
1384 - Search - Internet Of ThingsIoT Secure Development Guide10 Oct 2023
1385 - Search - Macs / AppleThe reality of Apple watch pen testing09 Oct 2023
1386 - Search - How-TosCall centres. Outbound call verification03 Oct 2023
1387 - Search - Hardware HackingFastboot Fuzzing29 Sep 2023
1388 - Search - Consultancy adviceWhich security framework? All of them, in the SCF27 Sep 2023
1389 - Search - Consultancy advice3yrs of CAA ASSURE assessments. What we’ve learned20 Sep 2023
1390 - Search - Consultancy advicePCI v4 is coming. Are you ready?14 Sep 2023
1391 - Search - How-TosInformation disclosure through insecure design07 Sep 2023
1392 - Search - Vulnerability DisclosureA broken marriage. Abusing mixed vendor Kerberos stacks25 Aug 2023
1393 - Search - How-TosThe most hated man on the internet. Lessons to learn22 Aug 2023
1394 - Search - Aviation Cyber SecurityScorpion CBS show. Plane hack14 Aug 2023
1395 - Search - Aviation Cyber SecurityDie Hard 2. Or how not to hack airplanes14 Aug 2023
1396 - Search - Aviation Cyber SecurityVulnerability disclosure in aviation09 Aug 2023
1397 - Search - Shameless Self PromotionPTP at DEF CON 31 202303 Aug 2023
1398 - Search - How-Tosn00b’s guide to DEF CON. Surviving the Matrix of the underground03 Aug 2023
1399 - Search - DFIRHave you been compromised?02 Aug 2023
1400 - Search - How-TosExposed Gits: 10 Years on19 Jul 2023
1401 - Search - DFIRBlack Basta ransomware28 Jun 2023
1402 - Search - Vulnerability DisclosureWhosHere Plus. Trilateration vulnerability12 Jun 2023
1403 - Search - Aviation Cyber SecurityEFB vulnerability in Lufthansa’s Lido eRouteManual24 May 2023
1404 - Search - OT, ICS, IIoT, SCADAAll your building are belong to us19 May 2023
1405 - Search - How-TosIt’s always DNS, here’s why…16 May 2023
1406 - Search - Aviation Cyber SecurityNetflix MH370: The plane that wasn’t hacked12 May 2023
1407 - Search - Vulnerability DisclosureBullied by Bugcrowd over Kape CyberGhost disclosure05 May 2023
1408 - Search - How-TosLondon Councils & pirate books. Google dorking for subdomain takeovers11 Apr 2023
1409 - Search - DFIRNot everything in a data leak is real09 Apr 2023
1410 - Search - Maritime Cyber SecurityHow to pen test cargo vessels25 Mar 2023
1411 - Search - SustainabilityCarbon reduction at PTP17 Mar 2023
1412 - Search - Maritime Cyber SecurityMonetising hacking by shorting commodity shipments08 Mar 2023
1413 - Search - DFIRFinding forensics breadcrumbs in Android image storage20 Feb 2023
1414 - Search - Aviation Cyber SecurityCausing incidents with in-flight entertainment systems07 Feb 2023
1415 - Search - OT, ICS, IIoT, SCADAOSINT your OT suppliers24 Jan 2023
1416 - Search - Vulnerability DisclosureUK gov website being used to redirect to porn sites09 Jan 2023
1417 - Search - Vulnerability DisclosureRCE on Steam through the Cultist Simulator game02 Jan 2023
1418 - Search - Vulnerability DisclosureWhat’s My Name Again? Reolink camera command injection13 Dec 2022
1419 - Search - Consumer AdviceConsumer advice for buying smart IoT devices this Christmas02 Dec 2022
1420 - Search - DFIRHive Ransomware is on the rise. How should you deal with it?18 Nov 2022
1421 - Search - Internet Of ThingsEffecting positive change in the Internet of Things21 Oct 2022
1422 - Search - Social EngineeringSocial Engineering dos and don’ts20 Oct 2022
1423 - Search - Vulnerability DisclosureMoto E20 Readback Vulnerability19 Oct 2022
1424 - Search - Vulnerability AdvisoryMS Enterprise app management service RCE. CVE-2022-3584113 Oct 2022
1425 - Search - Cloud SecurityLiving off the Cloud. Cloudy with a Chance of Exfiltration11 Oct 2022
1426 - Search - Aviation Cyber SecurityAirbus AoA – Angle of Attack sensor issue03 Oct 2022
1427 - Search - How-TosAttacking Encrypted HTTP Communications28 Sep 2022
1428 - Search - Vulnerability AdvisoryYou can’t stop me. MS Teams session hijacking and bypass22 Sep 2022
1429 - Search - Aviation Cyber SecurityDEF CON 30. Hacking EFBs. Engine Performance08 Sep 2022
1430 - Search - Vulnerability DisclosureWhen disclosure goes wrong. People02 Sep 2022
1431 - Search - Red TeamingLiving off the land, AD CS style26 Aug 2022
1432 - Search - OT, ICS, IIoT, SCADABluetooth + Electrical switchgear25 Aug 2022
1433 - Search - Aviation Cyber SecurityDatabase Integrity Vulnerabilities in Boeing’s Onboard Performance Tool13 Aug 2022
1434 - Search - Maritime Cyber SecurityMaritime regulation. All Hands-on Deck!05 Aug 2022
1435 - Search - How-TosEfficient Infrastructure Testing01 Aug 2022
1436 - Search - Aviation Cyber SecurityAttacking EFB updates27 Jul 2022
1437 - Search - Aviation Cyber SecurityEFB ePIL. Pinching passenger PII from pilots15 Jul 2022
1438 - Search - How-TosStop using phishing as a measure of your cyber awareness culture12 Jul 2022
1439 - Search - Aviation Cyber SecurityEFB Tampering. Holdover Time06 Jul 2022
1440 - Search - Cloud SecurityCloud OSINT. Finding Interesting Resources04 Jul 2022
1441 - Search - Aviation Cyber SecurityCMC Electronics EFB breakout vulnerability28 Jun 2022
1442 - Search - DFIRFollina 0day exploit. Malicious code execution in Office docs01 Jun 2022
1443 - Search - Cloud SecurityAzure Cloud Takeover31 May 2022
1444 - Search - Aviation Cyber Security747 Hackathon25 May 2022
1445 - Search - PasswordsPassword policy guidance23 May 2022
1446 - Search - Internet Of ThingsWe need to talk about sex toys and cyber security23 May 2022
1447 - Search - Vulnerability DisclosureGalleon NTS-6002-GPS Command Injection vulnerability (CVE-2022-27224)20 May 2022
1448 - Search - OT, ICS, IIoT, SCADAGot the security controls wrong in OT and maritime? Watch as engineers work around them16 May 2022
1449 - Search - How-TosConstrained environment breakout. .NET Assembly exfiltration via Internet Options09 May 2022
1450 - Search - DFIRReporting of cyber incidents becomes law in the USA13 Apr 2022
1451 - Search - OT, ICS, IIoT, SCADAThe reality of OT segregation31 Mar 2022
1452 - Search - DFIRTo Pay or Not to Pay? That is the Ransomware question21 Mar 2022
1453 - Search - Red TeamingRed Team lab automation03 Mar 2022
1454 - Search - DFIROAuth consent phishing, in the wild21 Feb 2022
1455 - Search - OPSECOpSec. Hunting wireless access points16 Feb 2022
1456 - Search - Vulnerabilities that aren’tVulnerabilities that aren’t. Unquoted Spaces14 Feb 2022
1457 - Search - Vulnerability DisclosureDPD package sniffing07 Feb 2022
1458 - Search - Vulnerabilities that aren’tVulnerabilities that aren’t. ETag headers04 Feb 2022
1459 - Search - Automotive SecurityWho has access to your leased Tesla?01 Feb 2022
1460 - Search - Vulnerabilities that aren’tVulnerabilities that aren’t. Cross Site Tracing / XST25 Jan 2022
1461 - Search - Consumer AdviceDomestic CCTV and audio recording17 Jan 2022
1462 - Search - Consumer AdviceAudio bugging with the Fisher Price Chatter Bluetooth Telephone22 Dec 2021
1463 - Search - Vulnerability AdvisoryGumtree – leaking your data and not really listening15 Dec 2021
1464 - Search - Vulnerability DisclosureA masterclass in responding to vulnerability disclosure: The Buddi app and tracker29 Nov 2021
1465 - Search - Internet Of ThingsWhat does the Product Security and Telecommunications Infrastructure bill mean for me?25 Nov 2021
1466 - Search - Vulnerability AdvisorySkyFail. 6 million routers left exposed19 Nov 2021
1467 - Search - Internet Of ThingsHijacking smart luggage11 Nov 2021
1468 - Search - Vulnerability AdvisoryPun-free Cylance vulnerability, fixed10 Nov 2021
1469 - Search - How-TosTime based username enumeration09 Nov 2021
1470 - Search - Consumer AdviceLimiting your exposure to location data resellers08 Nov 2021
1471 - Search - How-TosDCOM abuse and lateral movement with Cobalt Strike03 Nov 2021
1472 - Search - RansomwareGerm-term, but all year. How criminals are hacking schools13 Oct 2021
1473 - Search - Vulnerability AdvisoryFree BrewDog beer with a side order of shareholder PII?08 Oct 2021
1474 - Search - PasswordsHow to build a password cracking rig during a worldwide chip shortage05 Oct 2021
1475 - Search - Internet Of ThingsWhen the IoT vendor goes bust28 Sep 2021
1476 - Search - How-TosSecuring mobile devices. A timely reminder28 Sep 2021
1477 - Search - Aviation Cyber SecurityCommercial Air Transport EFB Regulation23 Sep 2021
1478 - Search - EFB Tampering. Approach and Landing Performance Part 214 Sep 2021
1479 - Search - Aviation Cyber SecurityEFB Tampering. Approach and Landing Performance Part 114 Sep 2021
1480 - Search - Aviation Cyber SecurityEFB Tampering. The Human Factor10 Sep 2021
1481 - Search - Consultancy adviceASSURE Case Study: Two03 Sep 2021
1482 - Search - Consultancy adviceASSURE Case Study: One03 Sep 2021
1483 - Search - OT, ICS, IIoT, SCADAFrom open Guest Wi-Fi to pwning a lift03 Sep 2021
1484 - Search - OPSECOpSec. Expanding your search: Hunting domains02 Sep 2021
1485 - Search - Internet Of ThingsWhy the Raspberry Pi isn’t suitable for IoT01 Sep 2021
1486 - Search - PasswordsAdmin password re-use. Don’t do it26 Aug 2021
1487 - Search - AndroidHow to install Frida into an Android application20 Aug 2021
1488 - Search - How-TosBreaking the NFC chips in tens of millions of smart phones, and a few PoS systems18 Aug 2021
1489 - Search - Red TeamingThe value of regulator-driven red teaming: CBEST12 Aug 2021
1490 - Search - AndroidBreaking the Android Bootloader on the Qualcomm Snapdragon 66009 Aug 2021
1491 - Search - OPSECOpSec Leaky Images04 Aug 2021
1492 - Search - Automotive SecuritySmart car chargers. Plug-n-play for hackers?30 Jul 2021
1493 - Search - Consumer AdviceAre you sharing your address on social media?30 Jul 2021
1494 - Search - Aviation Cyber SecurityThe Cloud in the clouds14 Jul 2021
1495 - Search - Cloud SecurityTop 10 Cloud security tips08 Jul 2021
1496 - Search - How-TosSNMP – Simply Not My Problem. Or is it?02 Jul 2021
1497 - Search - Aviation Cyber SecurityRansomware. In the air?02 Jul 2021
1498 - Search - OPSECGoogle for OpSec data discovery29 Jun 2021
1499 - Search - Red TeamingRed Teaming. Practice what you preach24 Jun 2021
1500 - Search - Vulnerability AdvisoryTracking Amazon delivery staff15 Jun 2021
1501 - Search - Aviation Cyber SecurityWhy hackers don’t fly coach11 Jun 2021
1502 - Search - Aviation Cyber SecurityDeploying EFBs securely04 Jun 2021
1503 - Search - OPSECDo you know your OpSec?28 May 2021
1504 - Search - How-TosSmart lighting security21 May 2021
1505 - Search - Aviation Cyber SecurityGetting a persistent shell on a 747 IFE21 May 2021
1506 - Search - Aviation Cyber SecurityEFB Tampering 3. Take-off pt117 May 2021
1507 - Search - Aviation Cyber SecurityEFB Tampering 3. Take-off pt217 May 2021
1508 - Search - Vulnerability AdvisoryEchelon PII Leak and Disclosure Fail14 May 2021
1509 - Search - Aviation Cyber SecurityEFB Safety Advice for Pilots07 May 2021
1510 - Search - Consumer AdviceTour de Peloton: Exposed user data05 May 2021
1511 - Search - Opinions2021. The age of the super vulnerability?26 Apr 2021
1512 - Search - Careers At PTPWe’re Hiring!23 Apr 2021
1513 - Search - Consumer AdviceTraining apps. Have their privacy settings improved in 5 years?21 Apr 2021
1514 - Search - Consumer AdviceHomeworking vs Homeschooling. The cyber challenge21 Apr 2021
1515 - Search - Aviation Cyber SecurityEFB Tampering 2. Device Integrity19 Apr 2021
1516 - Search - How-TosSecurity vs User Journey16 Apr 2021
1517 - Search - Red TeamingDumping LSASS in memory undetected using MirrorDump26 Mar 2021
1518 - Search - Red TeamingMulti-factor Authentication. Reset MFA you say?22 Mar 2021
1519 - Search - Maritime Cyber SecurityOut of cyber class. Maritime compliance.15 Mar 2021
1520 - Search - Internet Of ThingsIs IoT ever really yours?08 Mar 2021
1521 - Search - Aviation Cyber SecurityEFB Tampering 1. Introduction and Class Differences05 Mar 2021
1522 - Search - OT, ICS, IIoT, SCADAGrid. Locked.04 Mar 2021
1523 - Search - How-TosFeature and Permission Policies. Security issues23 Feb 2021
1524 - Search - Cyber Liability InsuranceK&R insurance. Kidnap and Ransom(ware)22 Feb 2021
1525 - Search - Reverse EngineeringReverse Engineering Keys from Firmware. A how-to08 Feb 2021
1526 - Search - Red TeamingEmail Relaying. A how-to and a reminder05 Feb 2021
1527 - Search - Cyber EssentialsCyber Essentials and the New Normal26 Jan 2021
1528 - Search - PasswordsThree Word Passwords19 Jan 2021
1529 - Search - How-TosCyber Security advice for Finance staff15 Jan 2021
1530 - Search - Cloud SecurityAzure AD. Attack of the Default Config12 Jan 2021
1531 - Search - Maritime Cyber SecurityWhere maritime cyber checklists fail11 Jan 2021
1532 - Search - OT, ICS, IIoT, SCADASchneider T200 RTU vulnerabilities07 Jan 2021
1533 - Search - How-TosHow to make a software BTRFS RAID1 with LUKS2 FDE22 Dec 2020
1534 - Search - How-TosHow to use Keepalived for high availability and load balancing22 Dec 2020
1535 - Search - How-TosA Logical Volume Manager / LVM primer for Linux21 Dec 2020
1536 - Search - Vulnerability AdvisoryMimosa Cloud. Invite friends, not hackers21 Dec 2020
1537 - Search - Vulnerability AdvisorySerious Vulnerabilities in Dualog Connection Suite10 Dec 2020
1538 - Search - Consumer AdviceLocking down your cyber life in lockdown04 Dec 2020
1539 - Search - Consumer AdviceWhat the cluck?! Cyber hygiene when eating out.02 Dec 2020
1540 - Search - How-TosUnderstanding Binary and Data Representation with CyberChef24 Nov 2020
1541 - Search - Automotive SecurityOBDeleven vulnerability18 Nov 2020
1542 - Search - How-TosBrute forcing device passwords16 Nov 2020
1543 - Search - DFIRDigital Forensics acquisition14 Nov 2020
1544 - Search - OT, ICS, IIoT, SCADASnakes and Ladder Logic10 Nov 2020
1545 - Search - Red TeamingPassword choice06 Nov 2020
1546 - Search - Red TeamingAbusing RDP’s Remote Credential Guard with Rubeus PTT22 Oct 2020
1547 - Search - How-TosCyber Security Month. What can you do?08 Oct 2020
1548 - Search - Internet Of ThingsSmart male chastity lock cock-up06 Oct 2020
1549 - Search - Red TeamingDLL Hijacking in NVIDIA SMI01 Oct 2020
1550 - Search - Vulnerability AdvisoryCloud-y, with a chance of hacking all the wireless things29 Sep 2020
1551 - Search - How-TosCVE-2020-1472/Zerologon. As an IT manager should I worry?23 Sep 2020
1552 - Search - Red TeamingThe Return of Raining SYSTEM Shells with Citrix Workspace app21 Sep 2020
1553 - Search - Maritime Cyber SecuritySpeed 2 – The Poseidon Adventure – Part Two17 Sep 2020
1554 - Search - Consumer AdviceConsumer advice: Giggle vulnerability14 Sep 2020
1555 - Search - Internet Of Things360lock Smart Lock Review11 Sep 2020
1556 - Search - Maritime Cyber SecuritySpeed 2 – The Poseidon Adventure – Part One08 Sep 2020
1557 - Search - Vulnerability AdvisoryCloud firewall management API SNAFU put 500k SonicWall customers at risk02 Sep 2020
1558 - Search - Vulnerability DisclosureA Vulnerability Disclosure Program is not just a page on a web site26 Aug 2020
1559 - Search - How-TosScanning for UK gov security.txt files26 Aug 2020
1560 - Search - Hardware HackingBreaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”18 Aug 2020
1561 - Search - Aviation Cyber SecurityDEF CON 28: 747 Walkthrough from a Hacker’s Perspective12 Aug 2020
1562 - Search - Aviation Cyber SecurityDEF CON 28: ILS and TCAS Spoofing11 Aug 2020
1563 - Search - Aviation Cyber SecurityDEF CON 28: Introduction to ACARS10 Aug 2020
1564 - Search - How-TosSecurity Awareness is as valuable today as ever07 Aug 2020
1565 - Search - How-TosBuilding a lab with Server 2019 Server Core and PowerShell …then attacking it!03 Aug 2020
1566 - Search - Vulnerability AdvisoryRaining SYSTEM Shells with Citrix Workspace app21 Jul 2020
1567 - Search - Internet Of ThingsThreat modelling and IoT hubs17 Jul 2020
1568 - Search - Red TeamingBridging the gaps between Red and Blue teaming13 Jul 2020
1569 - Search - Internet Of ThingsHacking smart devices to convince dementia sufferers to overdose09 Jul 2020
1570 - Search - Red TeamingPatchless AMSI bypass using SharpBlock07 Jul 2020
1571 - Search - Internet Of ThingsPwning smart garage door openers07 Jul 2020
1572 - Search - Internet Of ThingsIdentity in IoT01 Jul 2020
1573 - Search - Internet Of ThingsWhat an IoT assurance scheme could look like30 Jun 2020
1574 - Search - How-TosScams and how to spot them30 Jun 2020
1575 - Search - How-TosCongrats, you got everyone remote. But did you do it securely?29 Jun 2020
1576 - Search - OT, ICS, IIoT, SCADAEmbedded security fails in ICS17 Jun 2020
1577 - Search - How-TosRevisiting old tools12 Jun 2020
1578 - Search - OpinionsA cyber warning light. The canary in the mine11 Jun 2020
1579 - Search - Internet Of ThingsUnclamping the Barnacle04 Jun 2020
1580 - Search - OT, ICS, IIoT, SCADAIntroduction to PLCs and Ladder Logic01 Jun 2020
1581 - Search - Reverse EngineeringReverse Engineering a 5g ‘Bioshield’28 May 2020
1582 - Search - Aviation Cyber SecurityIn Flight Entertainment System Security27 May 2020
1583 - Search - Vulnerability AdvisoryDocker Desktop for Windows PrivEsc (CVE-2020-11492)22 May 2020
1584 - Search - Vulnerability DisclosureEthical dilemmas with responsible disclosure22 May 2020
1585 - Search - Macs / AppleShort beacon analysis on the NHS iOS Tracking application12 May 2020
1586 - Search - Red TeamingHousemates. The new Red Team?06 May 2020
1587 - Search - DFIRHow quickly can you respond?05 May 2020
1588 - Search - How-TosSpeaking at security events04 May 2020
1589 - Search - Aviation Cyber SecurityJeopardising aircraft through TCAS spoofing01 May 2020
1590 - Search - Vulnerability AdvisoryGDPR.EU has er… a data leakage issue27 Apr 2020
1591 - Search - Automotive SecurityFrom a TCU to Corporate Domain Admin24 Apr 2020
1592 - Search - Maritime Cyber SecurityAre you cyber seaworthy?17 Apr 2020
1593 - Search - Internet Of ThingsYou can’t build a great IoT system without a strong foundation17 Apr 2020
1594 - Search - Red TeamingSweetPotato – Service to SYSTEM14 Apr 2020
1595 - Search - Red TeamingAuthenticating your call centre when everyone is remote06 Apr 2020
1596 - Search - How-TosHoneyroasting. How to detect Kerberoast breaches with honeypots01 Apr 2020
1597 - Search - How-TosQuick wins with Adobe Experience Manager27 Mar 2020
1598 - Search - Hardware HackingTurning an OBD-II reader into a USB / NFC attack tool25 Mar 2020
1599 - Search - Vulnerability AdvisorySpying on old folks23 Mar 2020
1600 - Search - Vulnerability AdvisoryPrivEsc in Lenovo Vantage. Two minutes later20 Mar 2020
1601 - Search - Hardware HackingIntroduction to Bluetooth Low Energy12 Mar 2020
1602 - Search - How-Tos9 things to consider when staff work from home unexpectedly10 Mar 2020
1603 - Search - Hardware HackingHardware Router CTF10 Mar 2020
1604 - Search - PasswordsFill your Boots with credential stuffing protections06 Mar 2020
1605 - Search - A not so Clearview?04 Mar 2020
1606 - Search - How-TosFrom Minecraft to Metasploit. Game hacking could start your cyber security career03 Mar 2020
1607 - Search - Reverse EngineeringHardcoding Keys. Is that Wyse?25 Feb 2020
1608 - Search - Maritime Cyber SecurityShips can’t be hacked. Wrong20 Feb 2020
1609 - Search - Maritime Cyber SecurityOut Of Band, Out Of Sight, Out Of Mind17 Feb 2020
1610 - Search - How-TosBusiness Email Compromise. What to do14 Feb 2020
1611 - Search - Automotive SecurityReverse Engineering the Tesla Firmware Update Process12 Feb 2020
1612 - Search - Automotive SecurityReverse Engineering Tesla Hardware12 Feb 2020
1613 - Search - PasswordsPassword managers for all staff. Why the resistance?!10 Feb 2020
1614 - Search - PCI Advice2×4 Security07 Feb 2020
1615 - Search - Maritime Cyber SecurityPen Testing Ships. A year in review04 Feb 2020
1616 - Search - How-TosHTTP Request Smuggling. A how-to31 Jan 2020
1617 - Search - Aviation Cyber SecurityASSURE Aviation Cyber Security Testing30 Jan 2020
1618 - Search - Internet Of ThingsEmbedded devices. Typical security issues26 Jan 2020
1619 - Search - DFIRIR & Forensics in the Cloud10 Jan 2020
1620 - Search - How-TosQuick Wins to Combat Data Leaks08 Jan 2020
1621 - Search - Internet Of ThingsKids Tracker Watches: CloudPets, exploiting athletes and hijacking reality TV17 Dec 2019
1622 - Search - Internet Of ThingsXmas Light Security Improves… a bit10 Dec 2019
1623 - Search - Hardware HackingHacking Hardware Password Managers: The RecZone06 Dec 2019
1624 - Search - Hardware HackingHacking Hardware Password Managers: passwordsFAST06 Dec 2019
1625 - Search - Hardware HackingHacking Hardware Password Managers: Royal Vault Password Keeper06 Dec 2019
1626 - Search - OT, ICS, IIoT, SCADANuclear Satcoms04 Dec 2019
1627 - Search - Reverse EngineeringCommands and Tools for Embedded Reverse Engineering03 Dec 2019
1628 - Search - OT, ICS, IIoT, SCADAAnalysing the Attack Surface of an Industrial Data Acquisition Device03 Dec 2019
1629 - Search - How-TosThe snooping girl on a train, again. How to compromise a business02 Dec 2019
1630 - Search - Hardware HackingEmbedded device research. The tools you’ll need29 Nov 2019
1631 - Search - Maritime Cyber SecurityShips engines, a guide for pen testers29 Nov 2019
1632 - Search - How-TosChristmas socialising. Goodwill to all, and keep your devices safe28 Nov 2019
1633 - Search - DFIRThe Disgruntled Employee?15 Nov 2019
1634 - Search - Aviation Cyber SecurityUpdating Airplanes11 Nov 2019
1635 - Search - Aviation Cyber SecuritySchiphol hijack false alarm. An insiders view of what happened07 Nov 2019
1636 - Search - Internet Of ThingsPwning a Smart Car Charger, Building a Botnet06 Nov 2019
1637 - Search - Internet Of ThingsObjections to IoT regulation. A rational reply24 Oct 2019
1638 - Search - Maritime Cyber SecurityUnmasking mystery boxes on ship’s bridges14 Oct 2019
1639 - Search - Aviation Cyber SecurityMapping the Attack Surface of an Airport11 Oct 2019
1640 - Search - Consumer AdviceHelp, my accounts have been hacked! What should I do?10 Oct 2019
1641 - Search - Social EngineeringReal-life social engineering. Another two days in tweets04 Oct 2019
1642 - Search - Aviation Cyber SecurityOSINT for Avionics04 Oct 2019
1643 - Search - DFIRThe 5 breach readiness mistakes30 Sep 2019
1644 - Search - SustainabilityMy environmental journey28 Sep 2019
1645 - Search - How-TosA security researcher has made contact. What do I do?27 Sep 2019
1646 - Search - Breach HandlingThink you’ve had a breach? Top 5 things to do23 Sep 2019
1647 - Search - Internet Of ThingsDrilling open a smart door lock in 4 seconds23 Sep 2019
1648 - Search - Aviation Cyber SecurityA Pen Tester’s First Solo: Aviation Security 10120 Sep 2019
1649 - Search - Red TeamingHow to: Kerberoast like a boss18 Sep 2019
1650 - Search - Internet Of ThingsIoT security. A retrospective17 Sep 2019
1651 - Search - Red TeamingReal-life social engineering. Two days in tweets16 Sep 2019
1652 - Search - OT, ICS, IIoT, SCADAPwning a Siemens Scalance ICS switch through ARM reversing03 Sep 2019
1653 - Search - Internet Of ThingsA Secure “Smart” Kettle?30 Aug 2019
1654 - Search - Vulnerability AdvisoryPrivEsc in Lenovo Solution Centre, 10 minutes later22 Aug 2019
1655 - Search - Automotive SecurityLojack’d: Pwning Smart vehicle trackers14 Aug 2019
1656 - Search - Vulnerability AdvisoryDating apps that track users from home to work and everywhere in-between11 Aug 2019
1657 - Search - Hardware HackingReverse Engineering 4G Hotspots for fun, bugs and net financial loss10 Aug 2019
1658 - Search - Hardware HackingBreaking (Bad) Cross-Site Request Forgery Protection – The Netgear Nighthawk M110 Aug 2019
1659 - Search - Hardware HackingCVE-2019-12103 – Analysis of a Pre-Auth RCE on the TP-Link M7350, with Ghidra!10 Aug 2019
1660 - Search - Hardware HackingBreaking (bad) firmware encryption. Case study on the Netgear Nighthawk M110 Aug 2019
1661 - Search - Internet Of ThingsZTE MF910 – An end of life router, running lots of vivacious hidden code10 Aug 2019
1662 - Search - Internet Of ThingsGroup sex app leaks locations, pics and personal details. Identifies users in White House and Supreme Court08 Aug 2019
1663 - Search - Shameless Self PromotionPTP at DEF CON 2705 Aug 2019
1664 - Search - Internet Of ThingsDCMS Practical Guidelines. Actionable information02 Aug 2019
1665 - Search - Automotive SecurityVehicle Telematics Security; getting it right26 Jul 2019
1666 - Search - Social EngineeringSocial engineering. When you’re the mark…23 Jul 2019
1667 - Search - Internet Of ThingsFails and Fixes with IoT19 Jul 2019
1668 - Search - Internet Of ThingsBurning down the house with IoT12 Jul 2019
1669 - Search - Automotive SecurityGetting your head under the hood and out of the sand: Automotive security testing05 Jul 2019
1670 - Search - Vulnerability AdvisorySlok API03 Jul 2019
1671 - Search - Social EngineeringThe null choice. A social engineering example in the wild02 Jul 2019
1672 - Search - Red TeamingNinja Turtles in your network: LAN Turtle 3G. A how-to for red teaming01 Jul 2019
1673 - Search - Vulnerability AdvisoryDon’t ‘Roley’ your own encryption, says Bob the Builder28 Jun 2019
1674 - Search - Vulnerability AdvisoryThe not so ultra lock27 Jun 2019
1675 - Search - Vulnerability AdvisoryF5 Networks Endpoint Inspector – Browser-to-RCE?26 Jun 2019
1676 - Search - How-TosDouble-Free RCE in VLC. A honggfuzz how-to21 Jun 2019
1677 - Search - OpinionsWhy we shouldn’t use sequential booking references19 Jun 2019
1678 - Search - OT, ICS, IIoT, SCADAEwon Flexy IoT Router. A Deep dive18 Jun 2019
1679 - Search - OT, ICS, IIoT, SCADASharing the Secrets: Pwning an industrial IoT router18 Jun 2019
1680 - Search - How-TosCovert Keylogging: Sniping your Typing13 Jun 2019
1681 - Search - Red TeamingBloodhound walkthrough. A Tool for Many Tradecrafts07 Jun 2019
1682 - Search - Consumer AdviceDon’t get burnt on pay day. How to buy IoT gadgets sensibly31 May 2019
1683 - Search - Red TeamingSecuring your red team kit with Uncomplicated Firewall29 May 2019
1684 - Search - Vulnerability AdvisoryPwning the Nokelock API24 May 2019
1685 - Search - Automotive SecurityTesla Killer: The Fuzzed and the Furious16 May 2019
1686 - Search - Medical Device SecurityFUD 101: How not to report healthcare cybersecurity issues15 May 2019
1687 - Search - Vulnerability AdvisoryeyeDisk. Hacking the unhackable. Again09 May 2019
1688 - Search - Vulnerability AdvisoryPwning WordPress GraphQL08 May 2019
1689 - Search - How-TosHow To Do Firmware Analysis. Tools, Tips, and Tricks03 May 2019
1690 - Search - Consumer AdviceUK Government gets serious about consumer IoT security. Legislation on the way01 May 2019
1691 - Search - Internet Of ThingsTic Toc Pwned15 Apr 2019
1692 - Search - Red TeamingCobalt Strike. Walkthrough for Red Teamers15 Apr 2019
1693 - Search - Maritime Cyber SecurityHacking Superyachts. Advice for integrators01 Apr 2019
1694 - Search - Maritime Cyber SecurityHacking Superyachts. Advice for captains01 Apr 2019
1695 - Search - Maritime Cyber SecurityHacking Superyachts. Advice for owners01 Apr 2019
1696 - Search - OpinionsBusiness banking fraud. Keep your eggs in TWO baskets. Here’s why…26 Mar 2019
1697 - Search - Vulnerability AdvisoryRemote command injection through an endpoint security product21 Mar 2019
1698 - Search - Internet Of ThingsConnected camera cock up20 Mar 2019
1699 - Search - How-TosWalkthrough. Investigating an SSD15 Mar 2019
1700 - Search - Automotive SecurityGone in six seconds? Exploiting car alarms08 Mar 2019
1701 - Search - Internet Of ThingsHacking ski helmet audio04 Mar 2019
1702 - Search - Vulnerability AdvisoryCisco RV130 – It’s 2019, but yet: strcpy28 Feb 2019
1703 - Search - Internet Of ThingsDifferent ‘smart’ lock, similar security issues18 Feb 2019
1704 - Search - Maritime Cyber SecuritySinking a ship and hiding the evidence18 Feb 2019
1705 - Search - How-TosOracle MAF store bypass, a how-to15 Feb 2019
1706 - Search - Vulnerability DisclosureVulnerability disclosure buzzword bingo!14 Feb 2019
1707 - Search - Consumer AdviceBBC Inside Out. Consumer advice for the ‘smart’ homeowner11 Feb 2019
1708 - Search - How-TosBurp HMAC header extensions, a how-to07 Feb 2019
1709 - Search - Internet Of ThingsSuper-systemic IoT flaws05 Feb 2019
1710 - Search - Maritime Cyber SecurityHacking floating hotels. Cruise ship compromise on the high seas30 Jan 2019
1711 - Search - Internet Of ThingsGPS watch issues… AGAIN29 Jan 2019
1712 - Search - Internet Of ThingsIoT: OFF by default11 Jan 2019
1713 - Search - Maritime Cyber SecurityShipping operators, what you need to know about phishing and CEO fraud08 Jan 2019
1714 - Search - Internet Of ThingsHacking the Echo echo echo02 Jan 2019
1715 - Search - Internet Of ThingsHackers in Hot Water. Pwning smart hot tubs, yes really22 Dec 2018
1716 - Search - Maritime Cyber SecuritySatellite communications equipment security13 Dec 2018
1717 - Search - Consumer AdviceWorried about Spouseware?05 Dec 2018
1718 - Search - Consumer AdviceBBC: MiSafes’ child-tracking smartwatches are ‘easy to hack’26 Nov 2018
1719 - Search - Consumer AdviceITV: New rules to prevent children’s ‘smart’ toys from being hacked26 Nov 2018
1720 - Search - Consumer AdviceAdvice on buying ‘smart’ gadgets for Christmas21 Nov 2018
1721 - Search - Consumer AdviceConsumer Advice: Kids GPS tracker watch security15 Nov 2018
1722 - Search - Internet Of ThingsTracking and snooping on a million kids15 Nov 2018
1723 - Search - Internet Of ThingsFlogging a dead smart horse09 Nov 2018
1724 - Search - How-TosNo need for lock picking tools02 Nov 2018
1725 - Search - Ghost hardware. Device No.1, the Ghost Pro31 Oct 2018
1726 - Search - Internet Of ThingsGhost hardware. Device No.3, the Ghost Rover31 Oct 2018
1727 - Search - Ghost hardware. Device No.2, the Boo Buddy31 Oct 2018
1728 - Search - Internet Of ThingsHacking ghost hunters30 Oct 2018
1729 - Search - How-TosCisco device config dumping26 Oct 2018
1730 - Search - Vulnerability AdvisoryTime Travel Debugging: finding Windows GDI flaws10 Oct 2018
1731 - Search - Internet Of Things‘Secure by Design’ & SB-327. Standards for a secure IoT?09 Oct 2018
1732 - Search - Internet Of ThingsSmart male chastity lock cock-up – plot thickening09 Oct 2018
1733 - Search - Internet Of ThingsWhich? Magazine recommends vulnerable smart home camera08 Oct 2018
1734 - Search - How-TosRunning a security awareness program01 Oct 2018
1735 - Search - Internet Of ThingsSpeaking at TEDx28 Sep 2018
1736 - Search - Maritime Cyber SecurityContainer theft, the legal system and poor maritime security21 Sep 2018
1737 - Search - Maritime Cyber SecurityHacking AIS18 Sep 2018
1738 - Search - Internet Of ThingsHacking an assault tank… A Nerf one13 Sep 2018
1739 - Search - Maritime Cyber SecurityAutomotive theft affects shipping security07 Sep 2018
1740 - Search - Internet Of ThingsSmart Locks: Dumb Security31 Aug 2018
1741 - Search - Internet Of ThingsSmart Lock Security: Interview with hardware.io30 Aug 2018
1742 - Search - Internet Of ThingsPTP, IoT & the Norwegian Government15 Aug 2018
1743 - Search - OpinionsHacking the Bitfi Part 5: MITM transactions14 Aug 2018
1744 - Search - OpinionsBitfi research receives Pwnie Award for ‘lamest vendor response’09 Aug 2018
1745 - Search - How-TosTamper proofing review: the iZettle card payment terminal08 Aug 2018
1746 - Search - How-TosCopycat Kali, with mykali for Kali Linux07 Aug 2018
1747 - Search - OpinionsHacking the Bitfi Part 3: The device with no storage03 Aug 2018
1748 - Search - Maritime Cyber SecurityCOSCO incident. Phishing frenzy and exploding goods?03 Aug 2018
1749 - Search - OpinionsHacking the Bitfi. Part 2: John McAfee’s video02 Aug 2018
1750 - Search - OpinionsHacking the Bitfi. Part 131 Jul 2018
1751 - Search - Opinions“Unhackable” Bitfi crypto wallet. What’s all the fuss about?30 Jul 2018
1752 - Search - Internet Of ThingsSecurity Alarm Round-up30 Jul 2018
1753 - Search - Internet Of ThingsFLIR FX / Lorex video stream hijack: Disclosure train wreck26 Jul 2018
1754 - Search - Internet Of ThingsHacking Swann & FLIR/Lorex home security camera video26 Jul 2018
1755 - Search - Vulnerability AdvisoryBluetooth vuln CVE-2018-5383 explained24 Jul 2018
1756 - Search - Internet Of ThingsEU Cybersecurity Act IoT FAIL19 Jul 2018
1757 - Search - How-TosData exfiltration techniques11 Jul 2018
1758 - Search - Internet Of ThingsBreaking up is hard to do… with IoT06 Jul 2018
1759 - Search - Maritime Cyber SecurityHacking Navtex maritime warning messages03 Jul 2018
1760 - Search - Maritime Cyber SecurityHacking Serial Networks on Ships25 Jun 2018
1761 - Search - Reverse EngineeringHardware reverse engineering. A tale from the workbench22 Jun 2018
1762 - Search - How-TosWindows Server settings. Administrative Templates – Network Items. A security how-to21 Jun 2018
1763 - Search - Internet Of ThingsTotally Pwning the Tapplock (the API way)15 Jun 2018
1764 - Search - Internet Of ThingsTotally Pwning the Tapplock Smart Lock13 Jun 2018
1765 - Search - Maritime Cyber SecurityHacking, tracking, stealing and sinking ships04 Jun 2018
1766 - Search - How-TosSo, you just caused a data breach, by CCing the wrong person in an email…01 Jun 2018
1767 - Search - Internet Of ThingsZ-Shave. Exploiting Z-Wave downgrade attacks23 May 2018
1768 - Search - How-TosPenetration Testing Requirements for GDPR18 May 2018
1769 - Search - Internet Of ThingsHijacking Philips Hue16 May 2018
1770 - Search - Maritime Cyber SecurityStealing container ship cargo through LOC messaging15 May 2018
1771 - Search - Maritime Cyber SecurityWhat can maritime insurers learn from cyber liability insurers?10 May 2018
1772 - Search - How-TosHacking train passenger Wi-Fi08 May 2018
1773 - Search - Social EngineeringMan Climbs Severn Bridge. Your office is twice as easy and half as scary03 May 2018
1774 - Search - Internet Of Things‘Hacking’ the Nespresso Prodigio and Jura E8 coffee machines17 Apr 2018
1775 - Search - How-TosSoldering for Reverse Engineering. Swapping out eSIMs with “normal” SIMs13 Apr 2018
1776 - Search - How-TosAccidentally “hacking” Red Hat08 Apr 2018
1777 - Search - Consumer AdviceA day in the life of Open Banking06 Apr 2018
1778 - Search - How-TosFrom PNG tEXt to Persistent XSS06 Apr 2018
1779 - Search - Maritime Cyber SecurityMaersk wasn’t hacked03 Apr 2018
1780 - Search - Maritime Cyber SecurityCrashing ships by hacking NMEA sentences26 Mar 2018
1781 - Search - Internet Of ThingsPTP and Microsoft to brief EU Parliament19 Mar 2018
1782 - Search - How-TosAbusing Duo 2FA16 Mar 2018
1783 - Search - Maritime Cyber SecurityTactical Advice for Maritime Cyber Security – Top 1012 Mar 2018
1784 - Search - How-TosIf you aren’t soldering, you probably aren’t testing IoT thoroughly08 Mar 2018
1785 - Search - How-TosDocker for Hackers? A pen tester’s guide08 Mar 2018
1786 - Search - Internet Of ThingsWHY is consumer IoT insecure?07 Mar 2018
1787 - Search - Internet Of ThingsSecurity by Design. UK Gov’s first stab at IoT consumer protection isn’t good enough07 Mar 2018
1788 - Search - Internet Of ThingsHijacking & rick rolling a smart guitar amp26 Feb 2018
1789 - Search - Internet Of ThingsReverse Engineering BLE from Android apps with Frida23 Feb 2018
1790 - Search - Internet Of ThingsIoT vulns are unexploitable by the masses. Wrong21 Feb 2018
1791 - Search - Internet Of ThingsXiong Mai DVR Revisited19 Feb 2018
1792 - Search - Internet Of ThingsHacking / ruining the Samsung Smart Fridge14 Feb 2018
1793 - Search - Maritime Cyber SecurityHacking maritime blockchains12 Feb 2018
1794 - Search - Internet Of ThingsA smart sex toy that pings your employer?12 Feb 2018
1795 - Search - Reverse EngineeringReverse engineering microcontrollers WITHOUT a datasheet09 Feb 2018
1796 - Search - Internet Of ThingsWant entropy? Don’t use a floating ADC input06 Feb 2018
1797 - Search - Internet Of ThingsRuntastic deserves more ‘heat’ than Strava!02 Feb 2018
1798 - Search - BlockchainBlockchain. Changing the attackers aim26 Jan 2018
1799 - Search - Internet Of ThingsNoT: Taking the ‘internet’ out of IoT25 Jan 2018
1800 - Search - OpinionsVTech strikes again18 Jan 2018
1801 - Search - How-TosBuilding half a ‘Proxmark’ for $1018 Jan 2018
1802 - Search - Maritime Cyber SecurityHacking maritime IFTFCC messaging for invoice fraud09 Jan 2018
1803 - Search - How-TosNRF51822 code readout protection bypass- a how-to05 Jan 2018
1804 - Search - Maritime Cyber SecurityTracking & hacking ships with Shodan & AIS03 Jan 2018
1805 - Search - OT, ICS, IIoT, SCADATop 10 things to improve OT security03 Jan 2018
1806 - Search - Internet Of ThingsThe most common IoT device security failings of 201702 Jan 2018
1807 - Search - Maritime Cyber SecuritySinking bulk carrier ships by hacking HSMS13 Dec 2017
1808 - Search - OT, ICS, IIoT, SCADAToo cold to work? School closed? Sure your BMS hasn’t been hacked?11 Dec 2017
1809 - Search - How-TosHacking a talking toy parrot01 Dec 2017
1810 - Search - Internet Of ThingsThis week’s IoT security news27 Nov 2017
1811 - Search - Automotive SecurityPractical security advice for keyless cars27 Nov 2017
1812 - Search - How-TosHacking your office through your screen caster24 Nov 2017
1813 - Search - Internet Of ThingsDestroy kids GPS watches says German Federal Network Agency17 Nov 2017
1814 - Search - Internet Of ThingsIoT vendors. Avoid recalls, choose a secure chip17 Nov 2017
1815 - Search - Maritime Cyber SecurityMaking prawn espressos, or hacking ships by deciphering BAPLIE EDIFACT messaging17 Nov 2017
1816 - Search - Maritime Cyber SecuritySinking container ships by hacking load plan software16 Nov 2017
1817 - Search - How-TosExfiltration by encoding data in pixel colour values08 Nov 2017
1818 - Search - How-TosHow to crack private APN keys with hashcat31 Oct 2017
1819 - Search - Automotive SecurityHacking IoT vendors & smart cars via private APNs23 Oct 2017
1820 - Search - Vulnerability AdvisoryCompromising unencrypted butt plug comms18 Oct 2017
1821 - Search - Maritime Cyber SecurityOSINT from ship satcoms13 Oct 2017
1822 - Search - How-TosGirl on a train. The snooping girl on a train: The Sequel12 Oct 2017
1823 - Search - Maritime Cyber SecurityMaritime OT networks. A Primer10 Oct 2017
1824 - Search - Internet Of ThingsThe art of finding JTAG on PCBs04 Oct 2017
1825 - Search - Internet Of ThingsScrewdriving. Locating and exploiting smart adult toys29 Sep 2017
1826 - Search - Internet Of ThingsDumping CC2540 Firmware. An IoT how-to18 Sep 2017
1827 - Search - Social EngineeringSocial engineering in the (festival) field05 Sep 2017
1828 - Search - Internet Of ThingsTearing down the Star Wars Battle Drone toy from Propel01 Sep 2017
1829 - Search - How-TosBypass Windows auth & BitLocker with forgotten password function25 Aug 2017
1830 - Search - Internet Of ThingsIoT: Convenience vs. Privacy. Where do you draw the line?24 Aug 2017
1831 - Search - BlockchainBlockchain Implementation Security. A hardening how-to22 Aug 2017
1832 - Search - Internet Of ThingsBrick or Bot? Solving OTA update issues16 Aug 2017
1833 - Search - Internet Of ThingsAnalysis: Draft US Senate IoT security bill10 Aug 2017
1834 - Search - Internet Of Things“Alexa, use IoT to kill the power grid”07 Aug 2017
1835 - Search - Consumer AdviceWhich IoT product should I buy?01 Aug 2017
1836 - Search - OT, ICS, IIoT, SCADAUpdate your PLC firmware. A reminder25 Jul 2017
1837 - Search - Internet Of ThingsAdult IoT toys. Privacy invasion or worse?24 Jul 2017
1838 - Search - Internet Of ThingsIoT security testing methodologies20 Jul 2017
1839 - Search - How-TosProject Dumb2Smart. How to build a secure IoT device. Part One: Dumb18 Jul 2017
1840 - Search - Internet Of ThingsCould ‘Right to Repair’ heighten the risk for IoT and smart devices?12 Jul 2017
1841 - Search - Internet Of ThingsUnBrickerBot? XiongMai fix Mirai DVR security issues… and fail03 Jul 2017
1842 - Search - Hardware HackingObfuscating consumer IoT hardware. Is it worth it?29 Jun 2017
1843 - Search - OpinionsPetya/NotPetya. What you need to know28 Jun 2017
1844 - Search - OpinionsCyber Mum Vs Cyber Daughter28 Jun 2017
1845 - Search - Consumer AdviceHome Wi-Fi routers. Is yours secure?23 Jun 2017
1846 - Search - Internet Of ThingsWhat did Mirai Miss? Making a better, bigger botnet06 Jun 2017
1847 - Search - Internet Of ThingsHacking wireless house alarms05 Jun 2017
1848 - Search - Internet Of ThingsIN THE NEWS: BBC Click. The IoT at Dover Castle24 May 2017
1849 - Search - OpinionsIN THE NEWS: Samsung’s S8 Iris and biometric revocation24 May 2017
1850 - Search - How-TosWhat I learned about managing worm outbreaks… 14 years ago16 May 2017
1851 - Search - OpinionsWannaCry ransomware. It’s not all bad news15 May 2017
1852 - Search - How-TosHow to reverse engineer MSWord malware08 May 2017
1853 - Search - Vulnerability DisclosureResponsible disclosure didn’t work? How to get an IoT vendor to take notice05 May 2017
1854 - Search - How-TosFaster EEPROM firmware reads? Use a Pi!04 May 2017
1855 - Search - How-TosGirl on a train. The snooping girl on a train28 Apr 2017
1856 - Search - Automotive SecurityHacking tractors is a thing. Is it the start of something else for connected cars?26 Apr 2017
1857 - Search - AndroidDecoding React Native creds on Android21 Apr 2017
1858 - Search - Internet Of ThingsKeep your IoT schematics private19 Apr 2017
1859 - Search - Internet Of ThingsIoT Aga. Cast iron Security Flaw12 Apr 2017
1860 - Search - Internet Of ThingsVulnerable Wi-Fi dildo camera endoscope. Yes really03 Apr 2017
1861 - Search - Internet Of ThingsNifty XSS in Annke SP1 HD wireless camera23 Mar 2017
1862 - Search - Internet Of ThingsJurassic Poke: Hacking a Dino toy16 Mar 2017
1863 - Search - Automotive SecurityIn The News. DW TV. Driverless/connected car security14 Mar 2017
1864 - Search - How-TosLAN surfing. How to use JavaScript to Execute Arbitrary Code on Routers13 Mar 2017
1865 - Search - Internet Of ThingsWeeping Angel / Fake OFF for Android TV08 Mar 2017
1866 - Search - Internet Of ThingsWeeping Angel. Old News?08 Mar 2017
1867 - Search - Internet Of ThingsNo Genesis Toys, My Friend Cayla can be hacked even if you do follow the instructions!06 Mar 2017
1868 - Search - OpinionsYou can have your cookie and eat it!03 Mar 2017
1869 - Search - Consumer AdviceCloudPets data breach28 Feb 2017
1870 - Search - Automotive SecurityPathway to driverless cars. UK law and liability.27 Feb 2017
1871 - Search - OpinionsPTP brief UK Government on Cyber Security and call for IoT legislation23 Feb 2017
1872 - Search - Internet Of ThingsMyFriendCayla banned. Are all listening Bluetooth devices set for the bin?21 Feb 2017
1873 - Search - Internet Of ThingsOur Friend Cayla: No Longer Welcome in Germany!17 Feb 2017
1874 - Search - How-TosHelp users spot phishing. Tag fake “internal” emails for them16 Feb 2017
1875 - Search - Internet Of ThingsScrew Cayla: Use Chromecast for rogue Amazon Echo voice control!14 Feb 2017
1876 - Search - BlockchainSecure all the things with other things via the Blockchain!10 Feb 2017
1877 - Search - Internet Of ThingsEnd of the line, Internet of Things02 Feb 2017
1878 - Search - Consumer AdviceHow to avoid blowing your privacy online25 Jan 2017
1879 - Search - Internet Of ThingsLeaked DVR creds added to the IoT Fail list11 Jan 2017
1880 - Search - Internet Of ThingsWho wants a hairbrush that’s connected to the internet?06 Jan 2017
1881 - Search - Internet Of ThingsEdimax Wi-Fi Extender can disclose your WPA key06 Jan 2017
1882 - Search - Internet Of ThingsChristmas lights. Festive security issues?05 Jan 2017
1883 - Search - Automotive SecurityBMW integrates Alexa / Echo. Did I read that right?!16 Dec 2016
1884 - Search - Internet Of ThingsJust in time for Christmas- the Cayla reminder16 Dec 2016
1885 - Search - In the newsTalkTalk router hack. Consumers, what should you do?07 Dec 2016
1886 - Search - Internet Of ThingsIoT Encryption: The challenge of missing entropy07 Dec 2016
1887 - Search - Internet Of ThingsMy Friend Cayla wakes up and smells the lawsuits06 Dec 2016
1888 - Search - Internet Of ThingsTalkTalk and other ISPs need to replace customer routers urgently03 Dec 2016
1889 - Search - Internet Of ThingsTR-064 worm. It’s not Mirai and the outages are interesting02 Dec 2016
1890 - Search - PasswordsPassword stuffing: How to avoid breaches from password re-use30 Nov 2016
1891 - Search - Internet Of ThingsCan Linux really be owned by holding the Enter key?16 Nov 2016
1892 - Search - Vulnerability AdvisoryNetgear EX7000 Wi-Fi Range Extender. Minor XSS and Poor Password Handling15 Nov 2016
1893 - Search - Internet Of ThingsFilling in gaps in Mirai. It’s about DVRs, not cameras11 Nov 2016
1894 - Search - How-TosCan’t get data onto that machine? Download a tunnel client over DNS10 Nov 2016
1895 - Search - Internet Of ThingsThe Wi-Fi enabled LG air conditioner08 Nov 2016
1896 - Search - How-TosScripting Metasploit to exploit a group of hosts. A how-to.04 Nov 2016
1897 - Search - Internet Of ThingsWhat is Mirai? The malware explained03 Nov 2016
1898 - Search - Internet Of ThingsToo little, too late. IoT vendors wake up and smell the coffee. …and the lawsuits27 Oct 2016
1899 - Search - Internet Of ThingsSmart Fridge. Dumb idea?21 Oct 2016
1900 - Search - Vulnerability AdvisoryA “Neet” CSRF to Reverse Shell in Wi-Fi music streamer13 Oct 2016
1901 - Search - Internet Of ThingsOptimising Mirai: A better IoT DDoS botnet?06 Oct 2016
1902 - Search - Internet Of ThingsYet another vulnerability in the Smarter Wi-Fi Kettle06 Oct 2016
1903 - Search - Internet Of ThingsIoT DDoS – we haven’t seen the half of it yet. Nor have utilities…27 Sep 2016
1904 - Search - How-TosASUS RT-AC66U router. A couple of bug fixes27 Sep 2016
1905 - Search - AndroidAttacking Android through custom updates20 Sep 2016
1906 - Search - Vulnerability AdvisoryBT Wi-Fi Extender. Multiple security issues. Upgrade ASAP19 Sep 2016
1907 - Search - AndroidArgos MyTablet FUBAR09 Sep 2016
1908 - Search - How-TosCSRFing Facebook games07 Sep 2016
1909 - Search - Internet Of ThingsAll your video are belong to us part 3. The D-Link 932L webcam05 Sep 2016
1910 - Search - Vulnerability AdvisorySandbox vuln in Tales of Maj’Eyal05 Sep 2016
1911 - Search - How-TosHow to abuse SSH keys31 Aug 2016
1912 - Search - Internet Of ThingsStupidly insecure electronic / RFID door lock19 Aug 2016
1913 - Search - Automotive Securitywigle.net suppresses Mitsubishi Outlander Wi-Fi hits11 Aug 2016
1914 - Search - Internet Of ThingsSamsung’s smart camera. A tale of IoT & network security11 Aug 2016
1915 - Search - Internet Of ThingsThermostat Ransomware: a lesson in IoT security08 Aug 2016
1916 - Search - Internet Of ThingsSmarter Coffee machines still being found unconfigured19 Jul 2016
1917 - Search - Vulnerability AdvisoryXSS in SAP BI Documents12 Jul 2016
1918 - Search - Internet Of ThingsHome security camera isn’t secure. SpotCam in the spotlight07 Jul 2016
1919 - Search - Vulnerability AdvisorySymantec endpoint protection. Update now!06 Jul 2016
1920 - Search - Internet Of ThingsAlarm systems alarmingly insecure. Oh the irony29 Jun 2016
1921 - Search - Internet Of ThingsAll your video are belong to us part 2. The TP Link TL-SC3230’s CSRF27 Jun 2016
1922 - Search - Internet Of ThingsAll your video are belong to us. The Foscam webcam21 Jun 2016
1923 - Search - Automotive SecurityHacking the Mitsubishi Outlander. Working out the protocol14 Jun 2016
1924 - Search - Consumer IoT security is often terrible, but it doesn’t have to be…14 Jun 2016
1925 - Search - Automotive SecurityHacking the Mitsubishi Outlander PHEV hybrid05 Jun 2016
1926 - Search - Vulnerability AdvisoryMoodle e-Learning platform vulnerability01 Jun 2016
1927 - Search - AndroidSnooping Sony Bravia TV20 May 2016
1928 - Search - How-TosHow I can gain control of your TP-LINK home switch20 May 2016
1929 - Search - How-TosAn interesting route to domain admin- iSCSI18 May 2016
1930 - Search - Automotive SecurityDiscrimination by telematics?09 May 2016
1931 - Search - How-TosRATing through the Steam Workshop28 Apr 2016
1932 - Search - Internet Of ThingsAdvice for IoT device manufacturers22 Apr 2016
1933 - Search - Internet Of ThingsSnooping where the sun doesn’t shine22 Apr 2016
1934 - Search - BBC Panorama. How we hacked the house16 Apr 2016
1935 - Search - AndroidHow-to subvert Android backups to export sandboxed app files14 Apr 2016
1936 - Search - Vulnerability AdvisoryXSS in SAP Business Intelligence Documents12 Apr 2016
1937 - Search - Macs / AppleMobile App Tips. Dealing with iOS and device requirements10 Apr 2016
1938 - Search - Vulnerability AdvisoryDOM XSS in iThemes Security Pro05 Apr 2016
1939 - Search - How-TosHow a Pentester books a Squash court31 Mar 2016
1940 - Search - AndroidAnother (un)smart Smarter app24 Mar 2016
1941 - Search - AndroidHow we made the listening-in Android app23 Mar 2016
1942 - Search - How-TosHow to defend against Pass-the-Hash (PtH) attacks21 Mar 2016
1943 - Search - How-TosDIY: How to build your own host-based IDS (HIDS) using OSSEC16 Mar 2016
1944 - Search - AndroidApps and Après. Skiing and privacy15 Mar 2016
1945 - Search - AndroidNew Chromecast & Chromecast Audio. Have they fixed their hijacking issue?11 Mar 2016
1946 - Search - AndroidBLN’s IoT Forum. What went down10 Mar 2016
1947 - Search - AndroidAre your phones listening to you?02 Mar 2016
1948 - Search - How-TosHow to exploit XSS with CSRF26 Feb 2016
1949 - Search - How-Tosglibc stack-based buffer overflow. What you need to know: UPDATE24 Feb 2016
1950 - Search - How-TosPwning CCTV cameras: Update23 Feb 2016
1951 - Search - How-Tosglibc stack-based buffer overflow. What you need to know22 Feb 2016
1952 - Search - How-TosPowerShell and VBScript: Getting full DB access via restricted desktop apps18 Feb 2016
1953 - Search - How-TosCisco ASA Remote Code Execution – Buffer Overflow in IKE code16 Feb 2016
1954 - Search - OpinionsWhen VTech meets the GDPR11 Feb 2016
1955 - Search - How-TosPwning CCTV cameras10 Feb 2016
1956 - Search - How-TosHow to reverse Wyse terminal password crypto: Method Two10 Feb 2016
1957 - Search - How-TosHow to reverse Wyse terminal password crypto: Method One09 Feb 2016
1958 - Search - How-TosJust how secure is the average home Wi-Fi router?08 Feb 2016
1959 - Search - AndroidWhy I think that U.S. house is hounded by phone trackers25 Jan 2016After the BBC contacted us for comment on this story I thought it’d be useful and interesting to share the details that were omitted, as well as the reasoning behind some of my assumptions (none of which involve the Bermuda triangle BTW).
1960 - Search - How-TosReading Atmel AVR MCUs23 Jan 2016
1961 - Search - AndroidWho is tracking your run? Run and bike activity tracking app privacy issues investigated22 Jan 2016
1962 - Search - How-TosSteal your Wi-Fi key from your doorbell? IoT WTF! UPDATE12 Jan 2016
1963 - Search - AndroidSteal your Wi-Fi key from your doorbell? IoT WTF!08 Jan 2016
1964 - Search - AndroidStar Wars BB-8 IoT toy: awesome fun, but can it be turned to the Dark Side with this vulnerability?06 Jan 2016
1965 - Search - Internet Of ThingsWi-Fi HaLow 802.11ah for IoT. 802.11uh-oh?05 Jan 2016
1966 - Search - AndroidOWASP Birmingham IoT Hackathon17 Dec 2015
1967 - Search - Consumer AdviceWhy buying a smart toy for a child might be the craziest thing you could do10 Dec 2015
1968 - Search - AndroidVtech Innotab Max file extraction: Finding the Superblock07 Dec 2015
1969 - Search - AndroidVTech Innotab Max: it’s getting even worse! Apps run in debug mode03 Dec 2015
1970 - Search - AndroidVTech Innotab Max vulnerable to trivial data extraction02 Dec 2015
1971 - Search - How-TosCollateral Damage: Top 5 Reasons You Should be Scared of Your Customers26 Nov 2015
1972 - Search - New Furby Teardown24 Nov 2015
1973 - Search - AndroidNew, easier ways to make My Friend Cayla swear20 Nov 2015
1974 - Search - Internet Of ThingsThe IoT: Innovation or Exploitation?18 Nov 2015
1975 - Search - Yet another Lovense smart vibrator flaw17 Nov 2015
1976 - Search - How-TosHacking a Wi-Fi Coffee Machine – Part 116 Nov 2015
1977 - Search - Consumer AdviceSome simple security advice for computer and smartphone users13 Nov 2015
1978 - Search - Internet Of ThingsWhat if your fridge said “no”? What if indeed?11 Nov 2015
1979 - Search - OpinionsConcerned about KeeFarce? Don’t be. Why you should still use a password vault09 Nov 2015
1980 - Search - How-TosThe TalkTalk breach, Ken Munro will be on the BBC later…23 Oct 2015
1981 - Search - AndroidNew Wi-Fi kettle, same old security issues? Meh.15 Oct 2015
1982 - Search - AndroidTonight’s CSI Cyber: implausible Marla talking doll hack. Fiction stranger than truth for once06 Oct 2015
1983 - Search - How-TosHacking the Aldi IP CCTV Camera (part 2)02 Oct 2015
1984 - Search - Social EngineeringMicrosoft, phishing emails, and lessons to learn25 Sep 2015
1985 - Search - AndroidShould I enable encryption my Android handset?23 Sep 2015
1986 - Search - How-TosHow to get Windows to give you credentials through LLMNR22 Sep 2015
1987 - Search - AndroidAndroid Lock Screen Bypass16 Sep 2015
1988 - Search - How-TosCESG and CPNI put passwords back in the spotlight. Have they got it right?16 Sep 2015
1989 - Search - How-Tos44CON London: Our IoT Security Workshop11 Sep 2015
1990 - Search - How-TosTweaking nmap for hostile networks. A How-to09 Sep 2015
1991 - Search - Internet Of ThingsPen Test Partners IoT workshop at 44CON London07 Sep 2015
1992 - Search - How-TosHow do you know that you aren’t compromised?28 Aug 2015
1993 - Search - How-TosGrab the UI lock password from McAfee A/V, kill the service, send in the malware26 Aug 2015
1994 - Search - AndroidHow to extract sensitive plaintext data from Android memory19 Aug 2015
1995 - Search - AndroidHacking DefCon 23’s IoT Village Samsung fridge18 Aug 2015
1996 - Search - How-TosAirDrop and Cyber Flashing, what’s the deal?13 Aug 2015
1997 - Search - AndroidInside the spy tank; a hardware review.11 Aug 2015
1998 - Search - How-TosDenial-of-Service bug in BIND04 Aug 2015
1999 - Search - How-TosHow to create poisoned Office documents for your staff awareness training – part 230 Jul 2015
2000 - Search - Shameless Self PromotionGoing to DefCon 23? Come to our IoT Village workshop!29 Jul 2015
2001 - Search - How-TosHow to create poisoned Office documents for your staff awareness training – part 128 Jul 2015
2002 - Search - AndroidHow to hack an app enabled device to make it truly internet enabled17 Jul 2015
2003 - Search - AndroidAndroid debug mode and apps. A cautionary tale15 Jul 2015
2004 - Search - How-TosHydra the logon cracker, a brute-forcing how-to user guide13 Jul 2015
2005 - Search - AndroidBasic safety tips for mobile devices08 Jul 2015
2006 - Search - How-TosThe tiniest PHP system shell ever?07 Jul 2015
2007 - Search - OpinionsOracle wants you to run vulnerable Java to remove vulnerable versions of Java03 Jul 2015
2008 - Search - How-TosFinding wireless kettles with social networks01 Jul 2015
2009 - Search - How-TosAbusing software updates. GoPro Studio desktop app: Samsung keyboard app-style fail29 Jun 2015
2010 - Search - HoneypotsShiva, the spam honeypot. Tips and tricks for getting it up and running.26 Jun 2015
2011 - Search - AndroidYet another attack against the iKettle wireless kettle. Rumpy pumpy and fire alarms?23 Jun 2015
2012 - Search - AndroidMy Friend Cayla. Updated app; Updated security fails. How to make her swear (again!)22 Jun 2015Encrypting the database has done virtually nothing to secure the doll and app.
2013 - Search - PasswordsChange your password to smiling, winking, pensive, sleepy….17 Jun 2015Or not. Why I think emoji PINs are mostly pointless.
2014 - Search - AndroidCommon coding fails when writing Android mobile apps17 Jun 2015It’s amazing how many simple issues create significant security holes.
2015 - Search - AndroidWhy you’re better off buying expensive smart scales15 Jun 2015
2016 - Search - OpinionsCVSSv3. What’s changed? …or why even bother?12 Jun 2015
2017 - Search - How-TosExtracting your WPA PSK from bathroom scales08 Jun 2015
2018 - Search - AndroidHacking kettles & extracting plain text WPA PSKs. Yes really!08 Jun 2015
2019 - Search - How-TosInfosecurity Europe 2015 round up05 Jun 2015
2020 - Search - AndroidGoPro Wi-Fi issues could mean stolen video, or worse…01 Jun 2015
2021 - Search - AndroidShort mobile PINs ARE bad, but I hate vendor FUD more!29 May 2015
2022 - Search - Cyber Liability InsuranceCyber liability insurance. Will your underwriter wriggle out of the claim?28 May 2015
2023 - Search - OpinionsThought you had seen FUD? Now see this: a rock can protect your computer from viruses22 May 2015
2024 - Search - OpinionsWhy I hate named vulnerabilities22 May 2015
2025 - Search - Vulnerability DisclosureEthical disclosure and the Internet of Things20 May 2015
2026 - Search - PasswordsWhy you need to make your passwords more complex13 May 2015
2027 - Search - AndroidZero-code platforms? More like zero-clue platforms07 May 2015
2028 - Search - HoneypotsHoneypots; a usage guide05 May 2015
2029 - Search - Cyber Liability InsuranceRyanair. A timely reminder why Europeans need First Party Cyber Liability Insurance01 May 2015
2030 - Search - How-TosHow to read from an EEPROM27 Apr 2015
2031 - Search - How-TosMS15-034. What you need to know16 Apr 2015
2032 - Search - How-TosHacking the IP camera (part 1)10 Apr 2015
2033 - Search - AndroidMove over SHA-1, SHA-2 is coming. Here’s the why and the how09 Apr 2015
2034 - Search - How-TosProtecting yourself from your customers31 Mar 2015
2035 - Search - AndroidDIY dual boot Nexus tablet; make your own mobile test rig with NetHunter24 Mar 2015
2036 - Search - How-TosEAP-TLS: Where Mac security is worse than Windows19 Mar 2015
2037 - Search - AndroidMessing around with dildos. How to drive a vibrator with RealTerm13 Mar 2015
2038 - Search - Macs / AppleApple watch. A must-have or another personal security nightmare?11 Mar 2015
2039 - Search - How-TosSamsung TV voice encryption UPDATE: Fixed, but not quite…06 Mar 2015
2040 - Search - How-TosThe lowdown on the SKIP-TLS and FREAK flaws UPDATE06 Mar 2015
2041 - Search - How-TosThe lowdown on the SKIP-TLS and FREAK flaws05 Mar 2015
2042 - Search - OpinionsBiometric revocation not an option04 Mar 2015
2043 - Search - AndroidSpeech recognition mobile assistants, the lowdown starts here02 Mar 2015
2044 - Search - OpinionsIs your Samsung TV listening to you? – UPDATE27 Feb 2015
2045 - Search - How-TosThe Right Way To Do Session Management25 Feb 2015
2046 - Search - AndroidFight! Fight! Hello Barbie vs My Friend Cayla18 Feb 2015
2047 - Search - How-TosIs your Samsung TV listening to you?16 Feb 2015
2048 - Search - How-TosExploiting SUID Executables09 Feb 2015
2049 - Search - AndroidCracking Android passwords, a how-to02 Feb 2015
2050 - Search - AndroidMaking children’s toys swear23 Jan 2015
2051 - Search - How-TosRC4 cipher considered harmful?22 Jan 2015
2052 - Search - How-TosHow to test wireless systems: A step-by-step guide (part 2)20 Jan 2015
2053 - Search - How-TosAre your smart weighing scales lying to you? Quite possibly (part 2)09 Jan 2015
2054 - Search - How-TosAre your smart weighing scales lying to you? Quite possibly (part 1)06 Jan 2015
2055 - Search - How-TosHow to test wireless systems: A step-by-step guide05 Jan 2015
2056 - Search - How-TosVisual Basic for Applications and the dangers of allowing Office macros30 Dec 2014
2057 - Search - How-TosPwning git: A Proof of Concept (PoC)24 Dec 2014
2058 - Search - OpinionsThe internet of toys, and why we’re holding back this Xmas23 Dec 2014
2059 - Search - How-TosGit client – time to patch!19 Dec 2014
2060 - Search - OpinionsGoogle’s No CAPTCHA reCAPTCHA, what we think15 Dec 2014
2061 - Search - AndroidData tethering on mobile devices – what are the risks?09 Dec 2014
2062 - Search - How-TosHacking Oracle Reporter- A how-to02 Dec 2014
2063 - Search - Bring Your Own Device or Bring Your Own Security Disaster? Some simple MDM policy advice29 Nov 2014
2064 - Search - OpinionsProtocol vs Implementation. Why MS14-066 and SChannel got my goat12 Nov 2014
2065 - Search - How-TosPatch management, it’s sexy, here’s why11 Nov 2014
2066 - Search - AndroidApp creep: Facebook security issues10 Nov 2014
2067 - Search - Social EngineeringThe spoofed number phone call scam03 Nov 2014
2068 - Search - How-TosUsing nfsshell to compromise older environments24 Oct 2014
2069 - Search - AndroidTearing down and reverse engineering Android (toys)23 Oct 2014
2070 - Search - How-TosUsing hexdump analysis for firmware extraction: A how-to20 Oct 2014
2071 - Search - How-TosEfficient Password Cracking Where LM Hashes Exist for Some Users17 Oct 2014
2072 - Search - How-TosCritical SQL Injection Vulnerability in Drupal 7.0-7.3116 Oct 2014
2073 - Search - How-TosPOODLE SSLv3 Redux: How to fix it15 Oct 2014
2074 - Search - AndroidFurther Rockchip Android brokenness13 Oct 2014
2075 - Search - AndroidBBC article: Prevent devices being remotely wiped, here’s how to do it properly10 Oct 2014
2076 - Search - AndroidFirst Hudl2 Teardown?08 Oct 2014
2077 - Search - How-TosUsing Applocker to protect your users from themselves, and you from your users06 Oct 2014
2078 - Search - Shell Shock: What it is, and what you can do25 Sep 2014
2079 - Search - Social EngineeringWho watches the watchmen? A social engineer’s cautionary tale of spy watches24 Sep 2014
2080 - Search - How-TosNmap for Sysadmins22 Sep 2014
2081 - Search - AndroidSecond hand budget Android tablets spark privacy and online safety concerns17 Sep 2014
2082 - Search - AndroidIs a remote wipe any better than a factory reset on an Android device?16 Sep 2014
2083 - Search - AndroidRecovering data from ‘wiped’ Android devices: A How To Guide15 Sep 2014
2084 - Search - How-TosMore on tuning John the Ripper15 Sep 2014
2085 - Search - How-TosCustom charsets and rules with John The Ripper and oclhashcat10 Sep 2014
2086 - Search - OpinionsToday’s BBC Article: Securing your nudie selfies02 Sep 2014
2087 - Search - AndroidAldi Lifetab also vulnerable to data recovery from memory28 Aug 2014
2088 - Search - OpinionsBBC Article: Tracking smartphones using Wi-Fi emissions26 Aug 2014
2089 - Search - AndroidNew Rockchip firmware being released, but who is going to flash my grandma’s tablet?22 Aug 2014
2090 - Search - AndroidTop 10 ways to compromise your mobile security that you’d never believe20 Aug 2014
2091 - Search - AndroidTesco Hudl 2 – our wish list18 Aug 2014
2092 - Search - How-TosTop 10 stupidest ways we’ve got domain admin13 Aug 2014
2093 - Search - Automotive SecurityYes, really. A car review on a pen test blog. It’s topical, honest!07 Aug 2014
2094 - Search - AndroidAdvanced traffic interception for mobile apps using Mallory and Burp06 Aug 2014
2095 - Search - PasswordsAdobe, eBay and other breaches. Should you change your password? Yes, but only if it’s a lousy password05 Aug 2014
2096 - Search - How-TosFurther IBM Maximo Asset Management Vulnerabilities Reported31 Jul 2014
2097 - Search - HoneypotsWork on our honeynet continues apace30 Jul 2014
2098 - Search - OpinionsShiny New Pen Test Report! So What…29 Jul 2014
2099 - Search - AndroidDon’t use PIN Patterns on Android25 Jul 2014
2100 - Search - Vulnerability DisclosureICO makes a mockery of disclosure23 Jul 2014
2101 - Search - Cyber Liability InsuranceSketchy BIS Report Data, FUD, and Why You Need Cyber Liability Insurance11 Jul 2014
2102 - Search - Code RepositoryPTP Code Respository07 Jul 2014
2103 - Search - How-TosAuditing AWS Security Groups – Part 207 Jul 2014
2104 - Search - How-TosHacking Sat Navs04 Jul 2014
2105 - Search - PasswordsUnicode – the future of passwords? Possibly…03 Jul 2014
2106 - Search - How-TosAuditing AWS Security Groups02 Jul 2014
2107 - Search - AndroidKey Sniffing with Android20 Jun 2014
2108 - Search - PasswordsPostal Services Breached, customers urged to change house numbers urgently18 Jun 2014
2109 - Search - How-TosIs everything actually broken? Software will always be flawed, but here’s what you can do about it17 Jun 2014
2110 - Search - PasswordsOne-way password hashing is essential, but it’s even better if you select the right algorithm12 Jun 2014
2111 - Search - How-TosOld pre-smartphones from eBay – Blackmail Central!10 Jun 2014
2112 - Search - How-TosBreaking Out of Citrix and other Restricted Desktop Environments06 Jun 2014
2113 - Search - AndroidHow to scrape plain text from an encrypted Android phone OR why most MDM products just don’t cut it04 Jun 2014
2114 - Search - PasswordsCorrectHorseBatteryStaple isn’t a good password. Here’s why.29 May 2014
2115 - Search - AndroidHow to hardware hack Android over UART29 May 2014
2116 - Search - How-TosBMW i3 password issues28 May 2014
2117 - Search - OpinionsThe truth behind vulnerabilities, a missive from the trenches23 May 2014
2118 - Search - AndroidHow to Hack the Hudl – We give Rockchip a good seeing to22 May 2014
2119 - Search - How-TosDefeating corporate anti-virus20 May 2014
2120 - Search - How-TosQuick and dirty binary analysis using sandboxes14 May 2014
2121 - Search - AndroidShameless self promotion – Pen Test Partners at Infosecurity Europe 201430 Apr 2014
2122 - Search - AndroidKeep your Android versions updated. Why? If you have to ask…24 Apr 2014
2123 - Search - HeartbleedWildcard SSL certificates, not good value any more, my Heartbleeds15 Apr 2014
2124 - Search - HeartbleedSecurity vs the community: you’re doing it right!14 Apr 2014
2125 - Search - HeartbleedHeartbleed in the wild, the call of duty14 Apr 2014
2126 - Search - How-TosNew Zeus variant may get lost in the clamour of Heartbleed11 Apr 2014
2127 - Search - HeartbleedWTF Heartbleed? Don’t make me move all my HTTPS services to HTTP and ditch SSL completely09 Apr 2014
2128 - Search - HeartbleedHeartbleed OpenSSL bug- overview and fixes08 Apr 2014
2129 - Search - How-TosWAF (Web Application Firewall) Testing for dummies08 Apr 2014
2130 - Search - OpinionsWhy you might want to rethink providing free wi-fi07 Apr 2014
2131 - Search - How-TosTop Tips For Internet Privacy04 Apr 2014
2132 - Search - How-TosScanning for Default Files01 Apr 2014
2133 - Search - HoneypotsHoney traps, a lesson in espionage, and managing your ego25 Mar 2014
2134 - Search - HoneypotsCreate a honeynet, dupe your attackers, build threat intelligence24 Mar 2014
2135 - Search - How-TosHacking Computer Games20 Mar 2014
2136 - Search - OpinionsConnected cars, signals systems, mischief and European drivers. These scare me.14 Mar 2014
2137 - Search - How-Tos8 ways to be great at password management, and protect your customers13 Mar 2014
2138 - Search - OpinionsReally? A notebook to write down your passwords in, sold by Amazon?10 Mar 2014
2139 - Search - How-TosPasswords: A step-by-step analysis of breaking them06 Mar 2014
2140 - Search - HoneypotsNeed to avoid a honeypot? Here’s how05 Mar 2014
2141 - Search - How-TosWebcam Security: I can SEE you!04 Mar 2014
2142 - Search - How-TosKeylogging domain creds; who needs a hash? Lock the victim’s workstation to order and snarf them immediately03 Mar 2014
2143 - Search - How-TosThreat Intelligence: Log File Hacking26 Feb 2014
2144 - Search - How-TosPassword re-use: the game is changing, SO USE A PASSWORD VAULT!21 Feb 2014
2145 - Search - How-TosCan you really wipe a mobile device remotely?20 Feb 2014
2146 - Search - How-TosDIY – Build Your Own “Pwn Pad” Style Nexus 7 Hack Box19 Feb 2014
2147 - Search - How-TosAnalysis of reported Tesco account and password data14 Feb 2014
2148 - Search - How-TosHow can I be tracked using my mobile devices? Here’s how…13 Feb 2014
2149 - Search - How-TosIt’s Safer Internet Day and we’ve got six tips to help you stay out of trouble11 Feb 2014
2150 - Search - Cyber Liability InsuranceCyber liability insurance, you need it, and here’s why…11 Feb 2014
2151 - Search - Hacker High School06 Feb 2014
2152 - Search - OpinionsThere are “pen tests” and then there are “PEN TESTS”…28 Jan 2014
2153 - Search - OpinionsEncryption and cloud based storage27 Jan 2014
2154 - Search - How-TosPasswords, passwords, passwords (repeat)24 Jan 2014
2155 - Search - How-TosBelt AND Braces: Web apps and mod_security22 Jan 2014
2156 - Search - How-TosData Exfiltration: DNS tunnelling using iodine20 Jan 2014
2157 - Search - How-TosTest early, test often: 6 things you should know about application security testing17 Jan 2014
2158 - Search - How-TosIBM Maximo Asset Management Vulnerability Reported16 Jan 2014
2159 - Search - How-TosAbusing Group Policy Preferences to Elevate Privileges06 Jan 2014
2160 - Search - Web application Unicode character transforms03 Jan 2014
2161 - Search - NSA – Never Safe Again?02 Jan 2014
2162 - Search - OpinionsCyber security kite mark being touted, but for what exactly? People? Passwords? Patches?12 Dec 2013
2163 - Search - Macs / AppleiOS phone users still vulnerable to old PIN bypass vulnerabilities: Lesson – Update your stuff09 Dec 2013
2164 - Search - How-TosTransferring Data the Low Tech Way04 Dec 2013
2165 - Search - How-TosWhat we can learn from Meerkats?03 Dec 2013
2166 - Search - Internet Of ThingsThe Coming Revolution: Hardware attacks and the internet of things26 Nov 2013
2167 - Search - AndroidBrute Forcing Android PINs (or why you should never enable ADB part 2)25 Nov 2013
2168 - Search - AndroidBrute Forcing Android PINs (or why you should never enable ADB part 1)14 Nov 2013
2169 - Search - How-TosHow to get into Information Security13 Nov 2013
2170 - Search - How-TosBackwards phishing with Unicode – edocinU htiw gnihsihp sdrawkcaB07 Nov 2013
2171 - Search - OpinionsIs that a bug in your pocket or are you just happy to see me?05 Nov 2013
2172 - Search - How-TosHow to remove IIS server response header banners29 Oct 2013
2173 - Search - How-TosGet your Macs back on track- Apple security for Windows experts28 Oct 2013
2174 - Search - How-TosThe Salmon Fishing Bear Attack OR Grabbing password hashes off the network via NetBIOS24 Oct 2013
2175 - Search - How-TosThe Antwerp hackers bundle demystified23 Oct 2013
2176 - Search - Pen Test Partners review online banking security for Which? Magazine21 Oct 2013
2177 - Search - How-TosClickjacking explained, in detail17 Oct 2013
2178 - Search - How-TosPatch Tuesday 08/10/2013- notable items09 Oct 2013
2179 - Search - OpinionsDRM – The conundrum for protecting intellectual property09 Oct 2013
2180 - Search - How-TosDuplicate Passwords: Why IT Support Needs a Wake Up Call08 Oct 2013
2181 - Search - How-TosGit Extraction – Abusing version control systems04 Oct 2013
2182 - Search - How-TosSimple steps to stop Social Engineers01 Oct 2013
2183 - Search - How-TosHow to reverse engineer a protocol24 Sep 2013
2184 - Search - How-TosBrowser support for TLS 1.1 and 1.217 Sep 2013
2185 - Search - How-TosWhat to do if you find yourself being DDoSed16 Sep 2013
2186 - Search - OpinionsWhy porn is an effective malware distribution mechanism13 Sep 2013
##
The Register
View Articles
2187 - Search - The Future of the Datacenter
2188 - Search - AWS Global Partner Security Initiative
2189 - Search - RapidScale – AWS Security & Compliance
2190 - Search - Amazon Web Services (AWS) New Horizon in Cloud Computing
##
Security Affairs
View Articles
2192 - Search - National Social Security Fund of Morocco Suffers Data Breach
2193 - Search - Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
2194 - Search - The US Treasury’s OCC disclosed an undetected major email breach for over a year
2195 - Search - U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog
2196 - Search - WhatsApp fixed a spoofing flaw that could enable Remote Code Execution
2197 - Search - Everest ransomware group’s Tor leak site offline after a defacement
2198 - Search - Google fixed two actively exploited Android zero-days
2199 - Search - U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
2200 - Search - A member of the Scattered Spider cybercrime group pleads guilty
2201 - Search - The controversial case of the threat actor EncryptHub
2202 - Search - PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets
2203 - Search - EDR-as-a-Service makes the headlines in the cybercrime landscape
2204 - Search - Oracle privately notifies Cloud data breach to customers
2205 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40
2206 - Search - Security Affairs newsletter Round 518 by Pierluigi Paganini – INTERNATIONAL EDITION
2207 - Search - Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC
2208 - Search - A flaw in Verizon’s iOS Call Filter app exposed call records of millions
2209 - Search - Port of Seattle ’s August data breach impacted 90,000 people
2210 - Search - President Trump fired the head of U.S. Cyber Command and NSA
2211 - Search - Critical flaw in Apache Parquet’s Java Library allows remote code execution
2212 - Search - CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware
2213 - Search - 39M secrets exposed: GitHub rolls out new security tools
2214 - Search - China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March
2215 - Search - Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests
2216 - Search - New Triada Trojan comes preinstalled on Android devices
2217 - Search - New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows
2218 - Search - U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog
2219 - Search - Apple backported fixes for three actively exploited flaws to older devices
2220 - Search - Spike in Palo Alto Networks scanner activity suggests imminent cyber threats
2221 - Search - Microsoft warns of critical flaw in Canon printer drivers
2222 - Search - CrushFTP CVE-2025-2825 flaw actively exploited in the wild
2223 - Search - France’s antitrust authority fines Apple €150M for issues related to its App Tracking Transparency
2224 - Search - Hiding WordPress malware in the mu-plugins directory to avoid detection
2225 - Search - U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog
2226 - Search - Russia-linked Gamaredon targets Ukraine with Remcos RAT
2227 - Search - CoffeeLoader uses a GPU-based packer to evade detection
2228 - Search - Morphing Meerkat phishing kits exploit DNS MX records
2229 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39
2230 - Search - Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION
2231 - Search - Sam’s Club Investigates Alleged Cl0p Ransomware Breach
2232 - Search - FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme
2233 - Search - Experts warn of the new sophisticate Crocodilus mobile banking Trojan
2234 - Search - Crooks are reviving the Grandoreiro banking trojan
2235 - Search - Russian authorities arrest three suspects behind Mamont Android banking trojan
2236 - Search - Mozilla fixed critical Firefox vulnerability CVE-2025-2857
2237 - Search - U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
2238 - Search - Crooks target DeepSeek users with fake sponsored Google ads to deliver malware
2239 - Search - U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
2240 - Search - Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)
2241 - Search - New ReaderUpdate malware variants target macOS users
2242 - Search - BlackLock Ransomware Targeted by Cybersecurity Firm
2243 - Search - Google fixed the first actively exploited Chrome zero-day since the start of the year
2244 - Search - Authentication bypass CVE-2025-22230 impacts VMware Windows Tools
2245 - Search - Android malware campaigns use .NET MAUI to evade detection
2246 - Search - Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack
2247 - Search - A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia
2248 - Search - Chinese APT Weaver Ant infiltrated a telco in Asia for over four years
2249 - Search - Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools
2250 - Search - Attackers can bypass middleware auth checks by exploiting critical Next.js flaw
2251 - Search - FBI warns of malicious free online document converters spreading malware
2252 - Search - Cloak ransomware group hacked the Virginia Attorney General’s Office
2253 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38
2254 - Search - Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION
2255 - Search - UAT-5918 ATP group targets critical Taiwan
2256 - Search - U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash
2257 - Search - Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
2258 - Search - RansomHub affiliate uses custom backdoor Betruger
2259 - Search - Cisco Smart Licensing Utility flaws actively exploited in the wild
2260 - Search - Pennsylvania State Education Association data breach impacts 500,000 individuals
2261 - Search - Veeam fixed critical Backup & Replication flaw CVE-2025-23120
2262 - Search - U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog
2263 - Search - CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
2264 - Search - WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware
2265 - Search - California Cryobank, the largest US sperm bank, disclosed a data breach
2266 - Search - Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks
2267 - Search - U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
2268 - Search - Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft
2269 - Search - ChatGPT SSRF bug quickly becomes a favorite attack vector
2270 - Search - GitHub Action tj-actions/changed-files was compromised in supply chain attack
2271 - Search - New StilachiRAT uses sophisticated techniques to avoid detection
2272 - Search - Threat actors rapidly exploit new Apache Tomcat flaw following PoC release
2273 - Search - Attackers use CSS to create evasive phishing messages
2274 - Search - Researcher releases free GPU-Based decryptor for Linux Akira ransomware
2275 - Search - Denmark warns of increased state-sponsored campaigns targeting the European telcos
2276 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37
2277 - Search - Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION
2278 - Search - A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.
2279 - Search - New MassJacker clipper targets pirated software seekers
2280 - Search - Cisco IOS XR flaw allows attackers to crash BGP process on routers
2281 - Search - LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
2282 - Search - SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks
2283 - Search - U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog
2284 - Search - GitLab addressed critical auth bypass flaws in CE and EE
2285 - Search - North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
2286 - Search - Meta warns of actively exploited flaw in FreeType library
2287 - Search - Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
2288 - Search - China-linked APT UNC3886 targets EoL Juniper routers
2289 - Search - U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
2290 - Search - Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days
2291 - Search - New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?
2292 - Search - Apple fixed the third actively exploited zero-day of 2025
2293 - Search - Switzerland’s NCSC requires cyberattack reporting for critical infrastructure within 24 hours
2294 - Search - SideWinder APT targets maritime and nuclear sectors with enhanced toolset
2295 - Search - U.S. CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog
2296 - Search - Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies
2297 - Search - Elon Musk blames a massive cyberattack for the X outages
2298 - Search - Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577
2299 - Search - RansomHouse gang claims the hack of the Loretto Hospital in Chicago
2300 - Search - North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
2301 - Search - Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner
2302 - Search - Feds seized $23 million in crypto stolen using keys from LastPass breaches
2303 - Search - Undocumented hidden feature found in Espressif ESP32 microchip
2304 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 36
2305 - Search - Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION
2306 - Search - Akira ransomware gang used an unsecured webcam to bypass EDR
2307 - Search - Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies
2308 - Search - Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras
2309 - Search - The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence
2310 - Search - International law enforcement operation seized the domain of the Russian crypto exchange Garantex
2311 - Search - Medusa Ransomware targeted over 40 organizations in 2025
2312 - Search - Elastic patches critical Kibana flaw allowing code execution
2313 - Search - The U.S. DoJ charges 12 Chinese nationals for state-linked cyber operations
2314 - Search - Chinese Lotus Blossom APT targets multiple sectors with Sagerunex backdoor
2315 - Search - China-linked APT Silk Typhoon targets IT Supply Chain
2316 - Search - Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies
2317 - Search - New Eleven11bot botnet infected +86K IoT devices
2318 - Search - Polish Space Agency POLSA disconnected its network following a cyberattack
2319 - Search - U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
2320 - Search - VMware fixed three actively exploited zero-days in ESX products
2321 - Search - Digital nomads and risk associated with the threat of infiltred employees
2322 - Search - Google fixed two actively exploited Android flaws
2323 - Search - Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners
2324 - Search - CISA maintains stance on Russian cyber threats despite policy shift
2325 - Search - U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog
2326 - Search - U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist
2327 - Search - Serbian student activist’s phone hacked using Cellebrite zero-day exploit
2328 - Search - Qilin ransomware gang claimed responsibility for the Lee Enterprises attack
2329 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35
2330 - Search - Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION
2331 - Search - Meta fired 20 employees for leaking information, more firings expected
2332 - Search - Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day
2333 - Search - Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service
2334 - Search - Attackers could hack smart solar systems and cause serious damages
2335 - Search - Enhanced capabilities sustain the rapid growth of Vo1d botnet
2336 - Search - Cisco fixed command injection and DoS flaws in Nexus switches
2337 - Search - China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails
2338 - Search - FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack
2339 - Search - Criminal group UAC-0173 targets the Notary Office of Ukraine
2340 - Search - Cellebrite blocked Serbia from using its solution because misuse of the equipment for political reasons
2341 - Search - New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus
2342 - Search - New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms
2343 - Search - U.S. CISA adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
2344 - Search - GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects
2345 - Search - LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat
2346 - Search - EU sanctioned the leader of North Korea-linked APT groups
2347 - Search - U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog
2348 - Search - Russia warns financial sector organizations of IT service provider LANIT compromise
2349 - Search - A large botnet targets M365 accounts with password spraying attacks
2350 - Search - Australia bans Kaspersky over national security concerns
2351 - Search - A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service
2352 - Search - SpyLend Android malware found on Google Play enabled financial cyber crime and extortion
2353 - Search - Leaked Black Basta chat logs reveal the gang’s operations
2354 - Search - U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog
2355 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34
2356 - Search - Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION
2357 - Search - Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
2358 - Search - Apple removes iCloud encryption in UK following backdoor demand
2359 - Search - B1ack’s Stash released 1 Million credit cards
2360 - Search - Atlassian fixed critical flaws in Confluence and Crowd
2361 - Search - Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
2362 - Search - NailaoLocker ransomware targets EU healthcare-related entities
2363 - Search - Microsoft fixed actively exploited flaw in Power Pages
2364 - Search - Citrix addressed NetScaler console privilege escalation flaw
2365 - Search - Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks
2366 - Search - Russia-linked APTs target Signal messenger
2367 - Search - Venture capital firm Insight Partners discloses security breach
2368 - Search - OpenSSH bugs allows Man-in-the-Middle and DoS Attacks
2369 - Search - U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog
2370 - Search - Juniper Networks fixed a critical flaw in Session Smart Routers
2371 - Search - China-linked APT group Winnti targets Japanese organizations since March 2024
2372 - Search - Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers
2373 - Search - New XCSSET macOS malware variant used in limited attacks
2374 - Search - New Golang-based backdoor relies on Telegram for C2 communication
2375 - Search - Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites
2376 - Search - whoAMI attack could allow remote code execution within AWS account
2377 - Search - Storm-2372 used the device code phishing technique since August 2024
2378 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33
2379 - Search - Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION
2380 - Search - U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
2381 - Search - Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug
2382 - Search - China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
2383 - Search - Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks
2384 - Search - Valve removed the game PirateFi from the Steam video game platform because contained a malware
2385 - Search - China-linked APTs’ tool employed in RA World Ransomware attack
2386 - Search - Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign
2387 - Search - Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron
2388 - Search - Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel
2389 - Search - North Korea-linked APT Emerald Sleet is using a new tactic
2390 - Search - Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
2391 - Search - Attackers exploit a new zero-day to hijack Fortinet firewalls
2392 - Search - OpenSSL patched high-severity flaw CVE-2024-12797
2393 - Search - Progress Software fixed multiple high-severity LoadMaster flaws
2394 - Search - Artificial intelligence (AI) as an Enabler for Enhanced Data Security
2395 - Search - Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores
2396 - Search - Operation Phobos Aetor: Police dismantled 8Base ransomware gang
2397 - Search - Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’
2398 - Search - HPE is notifying individuals affected by a December 2023 attack
2399 - Search - XE Group shifts from credit card skimming to exploiting zero-days
2400 - Search - UK Gov demands backdoor to access Apple iCloud backups worldwide
2401 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 32
2402 - Search - Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION
2403 - Search - PlayStation Network outage has been going on for over 24 hours
2404 - Search - Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer
2405 - Search - Russia’s intelligence recruits Ukrainians for terror attacks via messaging apps
2406 - Search - Hospital Sisters Health System impacted 882,782 individuals
2407 - Search - Attackers used a public ASP.NET machine to conduct ViewState code injection attacks
2408 - Search - U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog
2409 - Search - Notorious hacker behind 40+ cyberattacks on strategic organizations arrested
2410 - Search - Lazarus APT targets crypto wallets using cross-platform JavaScript stealer
2411 - Search - U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog
2412 - Search - U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
2413 - Search - SparkCat campaign target crypto wallets using OCR to steal recovery phrases
2414 - Search - International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists
2415 - Search - Online food ordering and delivery platform GrubHub discloses a data breach
2416 - Search - Netgear urges users to upgrade two flaws impacting WiFi router models
2417 - Search - AMD fixed a flaw that allowed to load malicious microcode
2418 - Search - Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
2419 - Search - Google fixed actively exploited kernel zero-day flaw
2420 - Search - Web Skimmer found on at least 17 websites, including Casio UK
2421 - Search - Crazy Evil gang runs over 10 highly specialized social media scams
2422 - Search - Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
2423 - Search - Texas is the first state to ban DeepSeek on government devices
2424 - Search - Law enforcement seized the domains of HeartSender cybercrime marketplaces
2425 - Search - Security Affairs newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION
2426 - Search - WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware
2427 - Search - Ransomware attack hit Indian multinational Tata Technologies
2428 - Search - A ransomware attack forced New York Blood Center to reschedule appointments
2429 - Search - Contec CMS8000 patient monitors contain a hidden backdoor
2430 - Search - Community Health Center data breach impacted over 1 million patients
2431 - Search - Italy’s data protection authority Garante blocked the DeepSeek AI platform
2432 - Search - Broadcom fixed information disclosure flaws in VMware Aria Operations
2433 - Search - DeepSeek database exposed highly sensitive information
2434 - Search - TeamViewer fixed a vulnerability in Windows client and host applications
2435 - Search - Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites
2436 - Search - PHP package Voyager flaws expose to one-click RCE exploits
2437 - Search - Italy’s Data Protection Authority Garante requested information from Deepseek
2438 - Search - U.S. CISA adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog
2439 - Search - Aquabot variant v3 targets Mitel SIP phones
2440 - Search - Critical remote code execution bug found in Cacti framework
2441 - Search - Attackers actively exploit a critical zero-day in Zyxel CPE Series devices
2442 - Search - Attackers exploit SimpleHelp RMM Software flaws for initial access
2443 - Search - VMware fixed a flaw in Avi Load Balancer
2444 - Search - EU announced sanctions on three members of Russia’s GRU Unit 29155
2445 - Search - Chinese AI platform DeepSeek faced a “large-scale” cyberattack
2446 - Search - Apple fixed the first actively exploited zero-day of 2025
2447 - Search - TalkTalk confirms data breach involving a third-party platform
2448 - Search - Multiple Git flaws led to credentials compromise
2449 - Search - GamaCopy targets Russia mimicking Russia-linked Gamaredon APT
2450 - Search - ESXi ransomware attacks use SSH tunnels to avoid detection
2451 - Search - Attackers allegedly stole $69 million from cryptocurrency platform Phemex
2452 - Search - Change Healthcare data breach exposed the private data of over half the U.S.
2453 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30
2454 - Search - Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION
2455 - Search - Cisco warns of a ClamAV bug with PoC exploit
2456 - Search - Subaru Starlink flaw allowed experts to remotely hack cars
2457 - Search - U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog
2458 - Search - J-magic malware campaign targets Juniper routers
2459 - Search - SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild
2460 - Search - U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog
2461 - Search - Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500
2462 - Search - Chinese threat actors used two advanced exploit chains to hack Ivanti CSA
2463 - Search - Cisco addresses a critical privilege escalation bug in Meeting Management
2464 - Search - U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator
2465 - Search - Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days
2466 - Search - Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations
2467 - Search - A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature
2468 - Search - Former CIA analyst pleaded guilty to leaking top-secret documents
2469 - Search - New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers
2470 - Search - CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests
2471 - Search - Experts found multiple flaws in Mercedes-Benz infotainment system
2472 - Search - HPE is investigating IntelBroker’s claims of the company hack
2473 - Search - Esperts found new DoNot Team APT group’s Android malware
2474 - Search - Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets
2475 - Search - Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution
2476 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29
2477 - Search - Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION
2478 - Search - A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks
2479 - Search - U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
2480 - Search - EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies
2481 - Search - ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems
2482 - Search - Russia-linked APT Star Blizzard targets WhatsApp accounts
2483 - Search - Prominent US law firm Wolf Haldenstein disclosed a data breach
2484 - Search - Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches
2485 - Search - MikroTik botnet relies on DNS misconfiguration to spread malware
2486 - Search - Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices
2487 - Search - Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws
2488 - Search - U.S. CISA adds Fortinet FortiOS flaw to its Known Exploited Vulnerabilities catalog
2489 - Search - Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket
2490 - Search - CVE-2024-44243 macOS flaw allows persistent malware installation
2491 - Search - FBI deleted China-linked PlugX malware from over 4,200 US computers
2492 - Search - Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware
2493 - Search - A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls
2494 - Search - Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners
2495 - Search - U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
2496 - Search - Inexperienced actors developed the FunkSec ransomware using AI tools
2497 - Search - Credit Card Skimmer campaign targets WordPress via database injection
2498 - Search - Microsoft took legal action against crooks who developed a tool to abuse its AI-based services
2499 - Search - Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country
2500 - Search - Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION
2501 - Search - How a researcher earned $100,000 hacking a Facebook server
2502 - Search - DoJ charged three Russian citizens with operating crypto-mixing services
2503 - Search - U.S. cannabis dispensary STIIIZY disclosed a data breach
2504 - Search - A novel PayPal phishing campaign hijacks accounts
2505 - Search - Banshee macOS stealer supports new evasion mechanisms
2506 - Search - Researchers disclosed details of a now-patched Samsung zero-click flaw
2507 - Search - Phishers abuse CrowdStrike brand targeting job seekers with cryptominer
2508 - Search - China-linked APT group MirrorFace targets Japan
2509 - Search - U.S. Medical billing provider Medusind suffered a sata breach
2510 - Search - U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
2511 - Search - SOC Scalability: How AI Supports Growth Without Overloading Analysts
2512 - Search - SonicWall warns of an exploitable SonicOS vulnerability
2513 - Search - Gayfemboy Botnet targets Four-Faith router vulnerability
2514 - Search - Meta replaces fact-checking with community notes post ‘Cultural Tipping Point’
2515 - Search - U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog
2516 - Search - Threat actors breached the Argentina’s airport security police (PSA) payroll
2517 - Search - US adds Tencent to the list of companies supporting Chinese military
2518 - Search - Nessus scanner agents went offline due to a faulty plugin update
2519 - Search - China-linked Salt Typhoon APT compromised more US telecoms than previously known
2520 - Search - PLAYFULGHOST backdoor supports multiple information stealing features
2521 - Search - Nuclei flaw allows signature bypass and code execution
2522 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 27
2523 - Search - Security Affairs newsletter Round 505 by Pierluigi Paganini – INTERNATIONAL EDITION
2524 - Search - Malicious npm packages target Ethereum developers
2525 - Search - US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT
2526 - Search - FireScam Android info-stealing malware supports spyware capabilities
2527 - Search - Richmond University Medical Center data breach impacted 674,033 individuals
2528 - Search - Apple will pay $95 Million to settle lawsuit over Siri’s alleged eavesdropping
2529 - Search - LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113
2530 - Search - Around 3.3 million POP3 and IMAP mail servers lack TLS encryption
2531 - Search - A US soldier was arrested for leaking presidential call logs
2532 - Search - DoubleClickjacking allows clickjacking on major websites
2533 - Search - Russian media outlets Telegram channels blocked in European countries
2534 - Search - Three Russian-German nationals charged with suspicion of secret service agent activity
2535 - Search - Lumen reports that it has locked out the Salt Typhoon group from its network
2536 - Search - Proposed updates to HIPAA Security Rule mandate to restore the loss of certain relevant electronic information systems and data within 72 hours
2537 - Search - U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election
2538 - Search - Rhode Island ’s data from health benefits system leaked on the dark web
2539 - Search - Hacking campaign compromised at least 16 Chrome browser extensions
2540 - Search - An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip’s creator says is a fake
2541 - Search - Cisco states that the second data leak is linked to the one from October
2542 - Search - Threat actors attempt to exploit a flaw in Four-Faith routers
2543 - Search - ZAGG disclosed a data breach that exposed its customers’ credit card data
2544 - Search - China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm
2545 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 26
2546 - Search - Security Affairs newsletter Round 504 by Pierluigi Paganini – INTERNATIONAL EDITION
2547 - Search - Pro-Russia group NoName targeted the websites of Italian airports
2548 - Search - North Korea actors use OtterCookie malware in Contagious Interview campaign
2549 - Search - Experts warn of a surge in activity associated FICORA and Kaiten botnets
2550 - Search - Brazilian citizen charged for threatening to release data stolen from a company in 2020
2551 - Search - A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs
2552 - Search - A ransomware attack disrupted services at Pittsburgh Regional Transit
2553 - Search - A cyber attack hit Japan Airlines delaying ticket sales for flights
2554 - Search - Apache fixed a critical SQL Injection in Apache Traffic Control
2555 - Search - BellaCPP, Charming Kitten’s BellaCiao variant written in C++
2556 - Search - DMM Bitcoin $308M Bitcoin heist linked to North Korea
2557 - Search - Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code
2558 - Search - Apache Foundation fixed a severe Tomcat vulnerability
2559 - Search - Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations
2560 - Search - U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog
2561 - Search - U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit
2562 - Search - Lazarus APT targeted employees at an unnamed nuclear-related organization
2563 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25
2564 - Search - Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION
2565 - Search - US charged Dual Russian and Israeli National as LockBit Ransomware developer
2566 - Search - BadBox rapidly grows, 190,000 Android devices infected
2567 - Search - Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks
2568 - Search - Sophos fixed critical vulnerabilities in its Firewall product
2569 - Search - U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog
2570 - Search - Raccoon Infostealer operator sentenced to 60 months in prison
2571 - Search - Mirai botnet targets SSR devices, Juniper Networks warns
2572 - Search - Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM
2573 - Search - CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army
2574 - Search - US considers banning TP-Link routers over cybersecurity concerns
2575 - Search - Russia-linked APT29 group used red team tools in rogue RDP attacks
2576 - Search - Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677
2577 - Search - Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach
2578 - Search - Texas Tech University data breach impacted 1.4 million individuals
2579 - Search - The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs
2580 - Search - Russia FSB relies on Ukrainian minors for criminal activities disguised as “quest games”
2581 - Search - U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog
2582 - Search - ConnectOnCall data breach impacted over 900,000 individuals
2583 - Search - Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware
2584 - Search - Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise
2585 - Search - PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms
2586 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24
2587 - Search - Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION
2588 - Search - IOCONTROL cyberweapon used to target infrastructure in the US and Isreael
2589 - Search - U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog
2590 - Search - German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox
2591 - Search - U.S. authorities seized cybercrime marketplace Rydox
2592 - Search - Experts discovered the first mobile malware families linked to Russia’s Gamaredon
2593 - Search - US Bitcoin ATM operator Byte Federal suffered a data breach
2594 - Search - Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement
2595 - Search - Operation PowerOFF took down 27 DDoS platforms across 15 countries
2596 - Search - Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor
2597 - Search - Ivanti fixed a maximum severity vulnerability in its CSA solution
2598 - Search - Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities
2599 - Search - Chinese national charged for hacking thousands of Sophos firewalls
2600 - Search - Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action
2601 - Search - U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog
2602 - Search - Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
2603 - Search - SAP fixed critical SSRF flaw in NetWeaver’s Adobe Document Services
2604 - Search - Romanian energy supplier Electrica Group is facing a ransomware attack
2605 - Search - Deloitte denied its systems were hacked by Brain Cipher ransomware group
2606 - Search - Mandiant devised a technique to bypass browser isolation using QR codes
2607 - Search - 2023 Anna Jaques Hospital data breach impacted over 310,000 people
2608 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23
2609 - Search - Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION
2610 - Search - RedLine info-stealer campaign targets Russian businesses through pirated corporate software
2611 - Search - 8Base ransomware group hacked Croatia’s Port of Rijeka
2612 - Search - Romania ’s election systems hit by 85,000 attacks ahead of presidential vote
2613 - Search - New Atrium Health data breach impacts 585,000 individuals
2614 - Search - U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog
2615 - Search - Hundred of CISCO switches impacted by bootloader flaw
2616 - Search - Operation Destabilise dismantled Russian money laundering networks
2617 - Search - Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors
2618 - Search - China-linked APT Salt Typhoon has breached telcos in dozens of countries
2619 - Search - Black Basta ransomware gang hit BT Group
2620 - Search - Authorities shut down Crimenetwork, the Germany’s largest crime marketplace
2621 - Search - Veeam addressed critical Service Provider Console (VSPC) bug
2622 - Search - Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks
2623 - Search - U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog
2624 - Search - The ASA flaw CVE-2014-2120 is being actively exploited in the wild
2625 - Search - DMM Bitcoin halts operations six months after a $300 million cyber heist
2626 - Search - Energy industry contractor ENGlobal Corporation discloses a ransomware attack
2627 - Search - Poland probes Pegasus spyware abuse under the PiS government
2628 - Search - Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship
2629 - Search - Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested
2630 - Search - How threat actors can use generative artificial intelligence?
2631 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22
2632 - Search - Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION
2633 - Search - Hackers stole millions of dollars from Uganda Central Bank
2634 - Search - Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia
2635 - Search - Phishing-as-a-Service Rockstar 2FA continues to be prevalent
2636 - Search - Zello urges users to reset passwords following a cyber attack
2637 - Search - A cyberattack impacted operations at UK Wirral University Teaching Hospital
2638 - Search - T-Mobile detected network intrusion attempts and blocked them
2639 - Search - ProjectSend critical flaw actively exploited in the wild, experts warn
2640 - Search - Bootkitty is the first UEFI Bootkit designed for Linux systems
2641 - Search - VMware fixed five vulnerabilities in Aria Operations product
2642 - Search - Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries
2643 - Search - Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America
2644 - Search - The source code of Banshee Stealer leaked online
2645 - Search - U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog
2646 - Search - Thai police arrested Chinese hackers involved in SMS blaster attacks
2647 - Search - Zyxel firewalls targeted in recent ransomware attacks
2648 - Search - Malware campaign abused flawed Avast Anti-Rootkit driver
2649 - Search - Russia-linked APT TAG-110 uses targets Europe and Asia
2650 - Search - Russia-linked threat actors threaten the UK and its allies, minister to say
2651 - Search - Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION
2652 - Search - DoJ seized credit card marketplace PopeyeTools and charges its administrators
2653 - Search - A cyberattack on gambling giant IGT disrupted portions of its IT systems
2654 - Search - China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane
2655 - Search - Microsoft seized 240 sites used by the ONNX phishing service
2656 - Search - U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog
2657 - Search - More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days
2658 - Search - Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office
2659 - Search - US DoJ charges five alleged members of the Scattered Spider cybercrime gang
2660 - Search - Threat actor sells data of over 750,000 patients from a French hospital
2661 - Search - Decade-old local privilege escalation bugs impacts Ubuntu needrestart package
2662 - Search - Ford data breach involved a third-party supplier
2663 - Search - Hacker obtained documents tied to lawsuit over Matt Gaetz’s sexual misconduct allegations
2664 - Search - Apple addressed two actively exploited zero-day vulnerabilities
2665 - Search - Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events
2666 - Search - Russian Phobos ransomware operator faces cybercrime charges
2667 - Search - Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals
2668 - Search - Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
2669 - Search - Foreign adversary hacked email communications of the Library of Congress says
2670 - Search - T-Mobile is one of the victims of the massive Chinese breach of telecom firms
2671 - Search - Increased GDPR Enforcement Highlights the Need for Data Security
2672 - Search - Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites
2673 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20
2674 - Search - A botnet exploits e GeoVision zero-day to compromise EoL devices
2675 - Search - Palo Alto Networks confirmed active exploitation of recently disclosed zero-day
2676 - Search - Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies
2677 - Search - Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison
2678 - Search - U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog
2679 - Search - China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials
2680 - Search - Bitdefender released a decryptor for the ShrinkLocker ransomware
2681 - Search - China’s Volt Typhoon botnet has re-emerged
2682 - Search - Zoom addressed two high-severity issues in its platform
2683 - Search - Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days
2684 - Search - Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands
2685 - Search - A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel
2686 - Search - Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices
2687 - Search - Ymir ransomware, a new stealthy ransomware grow in the wild
2688 - Search - Amazon discloses employee data breach after May 2023 MOVEit attacks
2689 - Search - A new fileless variant of Remcos RAT observed in the wild
2690 - Search - A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine
2691 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19
2692 - Search - Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION
2693 - Search - U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers
2694 - Search - Mazda Connect flaws allow to hack some Mazda vehicles
2695 - Search - Veeam Backup & Replication exploit reused in new Frag ransomware attack
2696 - Search - Texas oilfield supplier Newpark Resources suffered a ransomware attack
2697 - Search - Palo Alto Networks warns of potential RCE in PAN-OS management interface
2698 - Search - iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state
2699 - Search - U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog
2700 - Search - DPRK-linked BlueNoroff used macOS malware with novel persistence
2701 - Search - Canada ordered ByteDance to shut down TikTok operations in the country over security concerns
2702 - Search - Critical bug in Cisco UWRB access points allows attackers to run commands as root
2703 - Search - INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs
2704 - Search - Memorial Hospital and Manor suffered a ransomware attack
2705 - Search - South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users
2706 - Search - Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices
2707 - Search - ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy
2708 - Search - U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog
2709 - Search - Canadian authorities arrested alleged Snowflake hacker
2710 - Search - Android flaw CVE-2024-43093 may be under limited, targeted exploitation
2711 - Search - July 2024 ransomware attack on the City of Columbus impacted 500,000 people
2712 - Search - Nigerian man Sentenced to 26+ years in real estate phishing scams
2713 - Search - Russian disinformation campaign active ahead of 2024 US election
2714 - Search - International law enforcement operation shut down DDoS-for-hire platform Dstat.cc
2715 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18
2716 - Search - Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION
2717 - Search - US Election 2024 – FBI warning about fake election videos
2718 - Search - Chinese threat actors use Quad7 botnet in password-spray attacks
2719 - Search - FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
2720 - Search - Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide
2721 - Search - PTZOptics cameras zero-days actively exploited in the wild
2722 - Search - New LightSpy spyware version targets iPhones with destructive capabilities
2723 - Search - LottieFiles confirmed a supply chain attack on Lottie-Player
2724 - Search - Threat actor says Interbank refused to pay the ransom after a two-week negotiation
2725 - Search - QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024
2726 - Search - New version of Android malware FakeCall redirects bank calls to scammers
2727 - Search - Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files
2728 - Search - QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
2729 - Search - International law enforcement operation dismantled RedLine and Meta infostealers
2730 - Search - Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766
2731 - Search - Russia-linked espionage group UNC5812 targets Ukraine’s military with malware
2732 - Search - France’s second-largest telecoms provider Free suffered a cyber attack
2733 - Search - A crime ring compromised Italian state databases reselling stolen info
2734 - Search - Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain
2735 - Search - Black Basta affiliates used Microsoft Teams in recent attacks
2736 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17
2737 - Search - Four REvil Ransomware members sentenced for hacking and money laundering
2738 - Search - Chinese cyber spies targeted phones used by Trump and Vance
2739 - Search - Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement
2740 - Search - Change Healthcare data breach impacted over 100 million people
2741 - Search - OnePoint Patient Care data breach impacted 795916 individuals
2742 - Search - From Risk Assessment to Action: Improving Your DLP Response
2743 - Search - U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog
2744 - Search - Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24
2745 - Search - Cisco fixed tens of vulnerabilities, including an actively exploited one
2746 - Search - FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024
2747 - Search - U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog
2748 - Search - Digital Echo Chambers and Erosion of Trust - Key Threats to the US Elections
2749 - Search - Crooks are targeting Docker API servers to deploy SRBMiner
2750 - Search - Why DSPM is Essential for Achieving Data Privacy in 2024
2751 - Search - SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack
2752 - Search - Samsung zero-day flaw actively exploited in the wild
2753 - Search - Experts warn of a new wave of Bumblebee malware attacks
2754 - Search - U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog
2755 - Search - VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812
2756 - Search - Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment
2757 - Search - Internet Archive was breached twice in a month
2758 - Search - Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign
2759 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16
2760 - Search - Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION
2761 - Search - F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP
2762 - Search - U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog
2763 - Search - North Korea-linked APT37 exploited IE zero-day in a recent attack
2764 - Search - Omni Family Health data breach impacts 468,344 individuals
2765 - Search - Iran-linked actors target critical infrastructure organizations
2766 - Search - macOS HM Surf flaw in TCC allows bypass Safari privacy settings
2767 - Search - Two Sudanese nationals indicted for operating the Anonymous Sudan group
2768 - Search - Russia-linked RomCom group targeted Ukrainian government agencies since late 2023
2769 - Search - A critical flaw in Kubernetes Image Builder could allow attackers to gain root access
2770 - Search - VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX
2771 - Search - Brazil’s Polícia Federal arrested the notorious hacker USDoD
2772 - Search - Finnish Customs dismantled the dark web drugs market Sipulitie
2773 - Search - U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog
2774 - Search - GitHub addressed a critical vulnerability in Enterprise Server
2775 - Search - A new Linux variant of FASTCash malware targets financial systems
2776 - Search - WordPress Jetpack plugin critical flaw impacts 27 million sites
2777 - Search - Pokemon dev Game Freak discloses data breach
2778 - Search - U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog
2779 - Search - Nation-state actor exploited three Ivanti CSA zero-days
2780 - Search - Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’
2781 - Search - Fidelity Investments suffered a second data breach this year
2782 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15
2783 - Search - Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION
2784 - Search - Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale
2785 - Search - A cyber attack hit Iranian government sites and nuclear facilities
2786 - Search - Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks
2787 - Search - GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution
2788 - Search - Iran and China-linked actors used ChatGPT for preparing attacks
2789 - Search - Internet Archive data breach impacted 31M users
2790 - Search - E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer
2791 - Search - U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog
2792 - Search - Mozilla issued an urgent Firefox update to fix an actively exploited flaw
2793 - Search - Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices
2794 - Search - Cybercriminals Are Targeting AI Conversational Platforms
2795 - Search - Awaken Likho APT group targets Russian government with a new implant
2796 - Search - U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog
2797 - Search - Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer
2798 - Search - MoneyGram discloses data breach following September cyberattack
2799 - Search - American Water shut down some of its systems following a cyberattack
2800 - Search - Universal Music data breach impacted 680 individuals
2801 - Search - FBCS data breach impacted 238,000 Comcast customers
2802 - Search - Critical Apache Avro SDK RCE flaw impacts Java applications
2803 - Search - Man pleads guilty to stealing over $37 Million worth of cryptocurrency
2804 - Search - U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog
2805 - Search - China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems
2806 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14
2807 - Search - Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION
2808 - Search - Google Pixel 9 supports new security features to mitigate baseband attacks
2809 - Search - WordPress LiteSpeed Cache plugin flaw could allow site takeover
2810 - Search - Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs
2811 - Search - Google removed Kaspersky’s security apps from the Play Store
2812 - Search - New Perfctl Malware targets Linux servers in cryptomining campaign
2813 - Search - Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group
2814 - Search - Dutch police breached by a state actor
2815 - Search - Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug
2816 - Search - Telegram revealed it shared U.S. user data with law enforcement
2817 - Search - U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog
2818 - Search - 14 New DrayTek routers’ flaws impacts over 700,000 devices in 168 countries
2819 - Search - Rhadamanthys information stealer introduces AI-driven capabilities
2820 - Search - Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
2821 - Search - Police arrested four new individuals linked to the LockBit ransomware operation
2822 - Search - UMC Health System diverted patients following a ransomware attack
2823 - Search - U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog
2824 - Search - News agency AFP hit by cyberattack, client services impacted
2825 - Search - North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence
2826 - Search - Patelco Credit Union data breach impacted over 1 million people
2827 - Search - Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack
2828 - Search - A British national has been charged for his execution of a hack-to-trade scheme
2829 - Search - Critical NVIDIA Container Toolkit flaw could allow access to the underlying host
2830 - Search - Israel army hacked the communication network of the Beirut Airport control tower
2831 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13
2832 - Search - Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION
2833 - Search - Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format
2834 - Search - A cyberattack on Kuwait Health Ministry impacted hospitals in the country
2835 - Search - Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message
2836 - Search - CUPS flaws allow remote code execution on Linux systems under certain conditions
2837 - Search - U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activities
2838 - Search - Hacking Kia cars made after 2013 using just their license plate
2839 - Search - Critical RCE vulnerability found in OpenPLC
2840 - Search - China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)
2841 - Search - Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature
2842 - Search - Data of 3,191 congressional staffers leaked in the dark web
2843 - Search - New variant of Necro Trojan infected more than 11 million devices
2844 - Search - U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog
2845 - Search - Arkansas City water treatment facility switched to manual operations following a cyberattack
2846 - Search - New Android banking trojan Octo2 targets European banks
2847 - Search - A generative artificial intelligence malware used in phishing attacks
2848 - Search - A cyberattack on MoneyGram caused its service outage
2849 - Search - Did Israel infiltrate Lebanese telecoms networks?
2850 - Search - Telegram will provide user data to law enforcement in response to legal requests
2851 - Search - ESET fixed two privilege escalation flaws in its products
2852 - Search - North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages
2853 - Search - Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw
2854 - Search - Hacktivist group Twelve is back and targets Russian entities
2855 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12
2856 - Search - Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL EDITION
2857 - Search - Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020
2858 - Search - Hackers stole over $44 million from Asian crypto platform BingX
2859 - Search - OP KAERB: Europol dismantled phishing scheme targeting mobile users
2860 - Search - Ukraine bans Telegram for government agencies, military, and critical infrastructure
2861 - Search - Tor Project responded to claims that law enforcement can de-anonymize Tor users
2862 - Search - UNC1860 provides Iran-linked APTs with access to Middle Eastern networks
2863 - Search - US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency
2864 - Search - The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector
2865 - Search - U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog
2866 - Search - Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw
2867 - Search - International law enforcement operation dismantled criminal communication platform Ghost
2868 - Search - U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog
2869 - Search - SIEM for Small and Medium-Sized Enterprises: What you need to know
2870 - Search - Experts warn of China-linked APT’s Raptor Train IoT Botnet
2871 - Search - Credential Flusher, understanding the threat and how to protect your login data
2872 - Search - U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium
2873 - Search - Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
2874 - Search - Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries
2875 - Search - Chinese man charged for spear-phishing against NASA and US Government
2876 - Search - U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog
2877 - Search - Taking Control Online: Ensuring Awareness of Data Usage and Consent
2878 - Search - Qilin ransomware attack on Synnovis impacted over 900,000 patients
2879 - Search - D-Link addressed three critical RCE in wireless router models
2880 - Search - Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024
2881 - Search - SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
2882 - Search - Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure
2883 - Search - Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb
2884 - Search - Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack
2885 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11
2886 - Search - U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog
2887 - Search - Ivanti Cloud Service Appliance flaw is being actively exploited in the wild
2888 - Search - GitLab fixed a critical flaw in GitLab CE and GitLab EE
2889 - Search - New Linux malware called Hadooken targets Oracle WebLogic servers
2890 - Search - Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach
2891 - Search - Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries
2892 - Search - Cybersecurity giant Fortinet discloses a data breach
2893 - Search - Singapore Police arrest six men allegedly involved in a cybercrime syndicate
2894 - Search - Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products
2895 - Search - Highline Public Schools school district suspended its activities following a cyberattack
2896 - Search - RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR
2897 - Search - Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)
2898 - Search - Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days
2899 - Search - Quad7 botnet evolves to more stealthy tactics to evade detection
2900 - Search - Poland thwarted cyberattacks that were carried out by Russia and Belarus
2901 - Search - U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog
2902 - Search - Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals
2903 - Search - Predator spyware operation is back with a new infrastructure
2904 - Search - TIDRONE APT targets drone manufacturers in Taiwan
2905 - Search - Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401
2906 - Search - Progress Software fixed a maximum severity flaw in LoadMaster
2907 - Search - Feds indicted two alleged administrators of WWH Club dark web marketplace
2908 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10
2909 - Search - Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION
2910 - Search - U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog
2911 - Search - A flaw in WordPress LiteSpeed Cache Plugin allows account takeover
2912 - Search - Car rental company Avis discloses a data breach
2913 - Search - SonicWall warns that SonicOS bug exploited in attacks
2914 - Search - Apache fixed a new remote code execution flaw in Apache OFBiz
2915 - Search - Russia-linked GRU Unit 29155 targeted critical infrastructure globally
2916 - Search - Veeam fixed a critical flaw in Veeam Backup & Replication software
2917 - Search - Earth Lusca adds multiplatform malware KTLVdoor to its arsenal
2918 - Search - Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?
2919 - Search - Quishing, an insidious threat to electric car owners
2920 - Search - Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!
2921 - Search - Head Mare hacktivist group targets Russia and Belarus
2922 - Search - Zyxel fixed critical OS command injection flaw in multiple routers
2923 - Search - VMware fixed a code execution flaw in Fusion hypervisor
2924 - Search - Vulnerabilities in Microsoft apps for macOS allow stealing permissions
2925 - Search - Three men plead guilty to running MFA bypass service OTP.Agency
2926 - Search - Transport for London (TfL) is dealing with an ongoing cyberattack
2927 - Search - Lockbit gang claims the attack on the Toronto District School Board (TDSB)
2928 - Search - A new variant of Cicada ransomware targets VMware ESXi systems
2929 - Search - An air transport security system flaw allowed to bypass airport security screenings
2930 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9
2931 - Search - Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION
2932 - Search - Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw
2933 - Search - South Korea-linked group APT-C-60 exploited a WPS Office zero-day
2934 - Search - Threat actors exploit Atlassian Confluence bug in cryptomining campaigns
2935 - Search - Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa
2936 - Search - Cisco addressed a high-severity flaw in NX-OS software
2937 - Search - Corona Mirai botnet spreads via AVTECH CCTV zero-day
2938 - Search - Telegram CEO Pavel Durov charged in France for facilitating criminal activities
2939 - Search - Iran-linked group APT33 adds new Tickler malware to its arsenal
2940 - Search - U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog
2941 - Search - Young Consulting data breach impacts 954,177 individuals
2942 - Search - BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085
2943 - Search - US offers $2.5M reward for Belarusian man involved in mass malware distribution
2944 - Search - U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog
2945 - Search - China-linked APT Volt Typhoon exploited a zero-day in Versa Director
2946 - Search - Researchers unmasked the notorious threat actor USDoD
2947 - Search - The Dutch Data Protection Authority (DPA) has fined Uber a record €290M
2948 - Search - Google addressed the tenth actively exploited Chrome zero-day this year
2949 - Search - SonicWall addressed an improper access control issue in its firewalls
2950 - Search - A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport
2951 - Search - Linux malware sedexp uses udev rules for persistence and evasion
2952 - Search - France police arrested Telegram CEO Pavel Durov
2953 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8
2954 - Search - Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION
2955 - Search - U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog
2956 - Search - Hackers can take over Ecovacs home robots to spy on their owners
2957 - Search - Russian national arrested in Argentina for laundering money of crooks and Lazarus APT
2958 - Search - Qilin ransomware steals credentials stored in Google Chrome
2959 - Search - Phishing attacks target mobile users via progressive web applications (PWA)
2960 - Search - Member of cybercrime group Karakurt charged in the US
2961 - Search - New malware Cthulhu Stealer targets Apple macOS users
2962 - Search - China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches
2963 - Search - A cyberattack hit US oil giant Halliburton
2964 - Search - SolarWinds fixed a hardcoded credential issue in Web Help Desk
2965 - Search - A cyberattack disrupted operations of US chipmaker Microchip Technology
2966 - Search - Google addressed the ninth actively exploited Chrome zero-day this year
2967 - Search - GitHub fixed a new critical flaw in the GitHub Enterprise Server
2968 - Search - Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio
2969 - Search - North Korea-linked APT used a new RAT called MoonPeak
2970 - Search - Pro-Russia group Vermin targets Ukraine with a new malware family
2971 - Search - A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning
2972 - Search - Ransomware payments rose from $449.1 million to $459.8 million
2973 - Search - Previously unseen Msupedge backdoor targeted a university in Taiwan
2974 - Search - Oracle NetSuite misconfiguration could lead to data exposure
2975 - Search - Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum
2976 - Search - CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog
2977 - Search - Researchers uncovered new infrastructure linked to the cybercrime group FIN7
2978 - Search - Experts warn of exploit attempt for Ivanti vTM bug
2979 - Search - Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT
2980 - Search - The Mad Liberator ransomware group uses social-engineering techniques
2981 - Search - From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs
2982 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7
2983 - Search - Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION
2984 - Search - Large-scale extortion campaign targets publicly accessible environment variable files (.env)
2985 - Search - OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election
2986 - Search - National Public Data confirms a data breach
2987 - Search - CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog
2988 - Search - Russian national sentenced to 40 months for selling stolen data on the dark web
2989 - Search - Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000
2990 - Search - Millions of Pixel devices can be hacked due to a pre-installed vulnerable app
2991 - Search - Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack
2992 - Search - A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter
2993 - Search - Google disrupted hacking campaigns carried out by Iran-linked APT42
2994 - Search - Black Basta ransomware gang linked to a SystemBC malware campaign
2995 - Search - A massive cyber attack hit Central Bank of Iran and other Iranian banks
2996 - Search - China-linked APT Earth Baku targets Europe, the Middle East, and Africa
2997 - Search - SolarWinds addressed a critical RCE in all Web Help Desk versions
2998 - Search - Kootenai Health data breach impacted 464,000 patients
2999 - Search - Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs
3000 - Search - A PoC exploit code is available for critical Ivanti vTM bug
3001 - Search - Elon Musk claims that a DDoS attack caused problems with the livestream interview with Donald Trump
3002 - Search - CERT-UA warns of a phishing campaign targeting government entities
3003 - Search - US DoJ dismantled remote IT worker fraud schemes run by North Korea
3004 - Search - A FreeBSD flaw could allow remote code execution, patch it now!
3005 - Search - EastWind campaign targets Russian organizations with sophisticated backdoors
3006 - Search - Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE
3007 - Search - Foreign nation-state actors hacked Donald Trump’s campaign
3008 - Search - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
3009 - Search - Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION
3010 - Search - ADT disclosed a data breach that impacted more than 30,000 customers
3011 - Search - Is the INC ransomware gang behind the attack on McLaren hospitals?
3012 - Search - Crooks took control of a cow milking robot causing the death of a cow
3013 - Search - Sonos smart speakers flaw allowed to eavesdrop on users
3014 - Search - Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!
3015 - Search - CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog
3016 - Search - Russian cyber spies stole data and emails from UK government systems
3017 - Search - 0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers
3018 - Search - FBI and CISA update a joint advisory on the BlackSuit Ransomware group
3019 - Search - Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware
3020 - Search - Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data
3021 - Search - New Android spyware LianSpy relies on Yandex Cloud to avoid detection
3022 - Search - Hackers breached MDM firm Mobile Guardian and wiped thousands of devices
3023 - Search - A ransomware attack hit French museum network
3024 - Search - CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog
3025 - Search - Google warns of an actively exploited Android kernel flaw
3026 - Search - Should Organizations Pay Ransom Demands?
3027 - Search - North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks
3028 - Search - Researchers warn of a new critical Apache OFBiz flaw
3029 - Search - Keytronic incurred approximately $17 million of expenses following ransomware attack
3030 - Search - A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access
3031 - Search - China-linked APT41 breached Taiwanese research institute
3032 - Search - Chinese StormBamboo APT compromised ISP to deliver malware
3033 - Search - Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach
3034 - Search - Security Affairs Malware Newsletter - Round 5
3035 - Search - Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION
3036 - Search - US sued TikTok and ByteDance for violating children’s privacy laws
3037 - Search - Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware
3038 - Search - Investors sued CrowdStrike over false claims about its Falcon platform
3039 - Search - Avtech camera vulnerability actively exploited in the wild, CISA warns
3040 - Search - U.S. released Russian cybercriminals in diplomatic prisoner exchange
3041 - Search - Sitting Ducks attack technique exposes over a million domains to hijacking
3042 - Search - Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085
3043 - Search - BingoMod Android RAT steals money from victims’ bank accounts and wipes data
3044 - Search - A ransomware attack disrupted operations at OneBlood blood bank
3045 - Search - Apple fixed dozens of vulnerabilities in iOS and macOS
3046 - Search - Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families
3047 - Search - A Fortune 50 company paid a record-breaking $75 million ransom
3048 - Search - CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog
3049 - Search - Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022
3050 - Search - SideWinder phishing campaign targets maritime facilities in multiple countries
3051 - Search - A crafty phishing campaign targets Microsoft OneDrive users
3052 - Search - Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085
3053 - Search - Acronis Cyber Infrastructure bug actively exploited in the wild
3054 - Search - Fake Falcon crash reporter installer used to target German Crowdstrike users
3055 - Search - Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware
3056 - Search - French authorities launch disinfection operation to eradicate PlugX malware from infected hosts
3057 - Search - Security Affairs Malware Newsletter - Round 4
3058 - Search - Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION
3059 - Search - Ukraine’s cyber operation shut down the ATM services of major Russian banks
3060 - Search - A bug in Chrome Password Manager caused user credentials to disappear
3061 - Search - BIND updates fix four high-severity DoS bugs in the DNS software suite
3062 - Search - Terrorist Activity is Accelerating in Cyberspace - Risk Precursor to Summer Olympics and Elections
3063 - Search - Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
3064 - Search - Critical bug in Docker Engine allowed attackers to bypass authorization plugins
3065 - Search - Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers
3066 - Search - Michigan Medicine data breach impacted 56953 patients
3067 - Search - U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog
3068 - Search - China-linked APT group uses new Macma macOS backdoor version
3069 - Search - FrostyGoop ICS malware targets Ukraine
3070 - Search - Hackers abused swap files in e-skimming attacks on Magento sites
3071 - Search - US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group
3072 - Search - EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos
3073 - Search - SocGholish malware used to spread AsyncRAT malware
3074 - Search - UK police arrested a 17-year-old linked to the Scattered Spider gang
3075 - Search - Security Affairs Malware Newsletter - Round 3
3076 - Search - Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION
3077 - Search - U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog
3078 - Search - Threat actors attempted to capitalize CrowdStrike incident
3079 - Search - Russian nationals plead guilty to participating in the LockBit ransomware group
3080 - Search - MediSecure data breach impacted 12.9 million individuals
3081 - Search - CrowdStrike update epic fail crashed Windows systems worldwide
3082 - Search - Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users
3083 - Search - SAPwned flaws in SAP AI core could expose customers’ data
3084 - Search - Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums
3085 - Search - How to Protect Privacy and Build Secure AI Products
3086 - Search - A critical flaw in Cisco SSM On-Prem allows attackers to change any user’s password
3087 - Search - MarineMax data breach impacted over 123,000 individuals
3088 - Search - Void Banshee exploits CVE-2024-38112 zero-day to spread malware
3089 - Search - The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal
3090 - Search - CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog
3091 - Search - Kaspersky leaves U.S. market following the ban on the sale of its software in the country
3092 - Search - FBI unlocked the phone of the suspect in the assassination attempt on Donald Trump
3093 - Search - Ransomware groups target Veeam Backup & Replication bug
3094 - Search - AT&T paid a $370,000 ransom to prevent stolen data from being leaked
3095 - Search - HardBit ransomware version 4.0 supports new obfuscation techniques
3096 - Search - Dark Gate malware campaign uses Samba file shares
3097 - Search - Security Affairs Malware Newsletter - Round 2
3098 - Search - Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION
3099 - Search - Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations
3100 - Search - Rite Aid disclosed data breach following RansomHub ransomware attack
3101 - Search - New AT&T data breach exposed call logs of almost all customers
3102 - Search - Critical flaw in Exim MTA could allow to deliver malware to users’ inboxes
3103 - Search - Palo Alto Networks fixed a critical bug in the Expedition tool
3104 - Search - Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale
3105 - Search - October ransomware attack on Dallas County impacted over 200,000 people
3106 - Search - CrystalRay operations have scaled 10x to over 1,500 victims
3107 - Search - Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware
3108 - Search - AI-Powered Russia’s bot farm operates on X, US and its allies warn
3109 - Search - VMware fixed critical SQL-Injection in Aria Automation product
3110 - Search - Citrix fixed critical and high-severity bugs in NetScaler product
3111 - Search - A new flaw in OpenSSH can lead to remote code execution
3112 - Search - Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days
3113 - Search - U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog
3114 - Search - Evolve Bank data breach impacted over 7.6 million individuals
3115 - Search - More than 31 million customer email addresses exposed following Neiman Marcus data breach
3116 - Search - Avast released a decryptor for DoNex Ransomware and its predecessors
3117 - Search - RockYou2024 compilation containing 10 billion passwords was leaked online
3118 - Search - Critical Ghostscript flaw exploited in the wild. Patch it now!
3119 - Search - Apple removed 25 VPN apps from the App Store in Russia following Moscow’s requests
3120 - Search - CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog
3121 - Search - Apache fixed a source code disclosure flaw in Apache HTTP Server
3122 - Search - Security Affairs Malware Newsletter - Round 1
3123 - Search - Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION
3124 - Search - Alabama State Department of Education suffered a data breach following a blocked attack
3125 - Search - GootLoader is still active and efficient
3126 - Search - Hackers stole OpenAI secrets in a 2023 security breach
3127 - Search - Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes
3128 - Search - Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain
3129 - Search - New Golang-based Zergeca Botnet appeared in the threat landscape
3130 - Search - Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus
3131 - Search - Hackers compromised Ethereum mailing list and launched a crypto draining attack
3132 - Search - OVHcloud mitigated a record-breaking DDoS attack in April 2024
3133 - Search - Healthcare fintech firm HealthEquity disclosed a data breach
3134 - Search - Brazil data protection authority bans Meta from training AI models with data originating in the country
3135 - Search - Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform
3136 - Search - Operation Morpheus took down 593 Cobalt Strike servers used by threat actors
3137 - Search - LockBit group claims the hack of the Fairfield Memorial Hospital in the US
3138 - Search - American Patelco Credit Union suffered a ransomware attack
3139 - Search - Polish government investigates Russia-linked cyberattack on state news agency
3140 - Search - Evolve Bank data breach impacted fintech firms Wise and Affirm
3141 - Search - Prudential Financial data breach impacted over 2.5 million individuals
3142 - Search - Australian man charged for Evil Twin Wi-Fi attacks on domestic flights
3143 - Search - China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware
3144 - Search - Critical unauthenticated remote code execution flaw in OpenSSH server
3145 - Search - Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania
3146 - Search - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769
3147 - Search - Russia-linked Midnight Blizzard stole email of more Microsoft customers
3148 - Search - Russia-linked group APT29 likely breached TeamViewer’s corporate network
3149 - Search - Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
3150 - Search - Infosys McCamish Systems data breach impacted over 6 million people
3151 - Search - A cyberattack shut down the University Hospital Centre Zagreb in Croatia
3152 - Search - US announces a $10M reward for Russia’s GRU hacker behind attacks on Ukraine
3153 - Search - LockBit group falsely claimed the hack of the Federal Reserve
3154 - Search - CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog
3155 - Search - New P2Pinfect version delivers miners and ransomware on Redis servers
3156 - Search - New MOVEit Transfer critical bug is actively exploited
3157 - Search - New Caesar Cipher Skimmer targets popular CMS used by e-stores
3158 - Search - Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw
3159 - Search - Wikileaks founder Julian Assange is free
3160 - Search - CISA confirmed that its CSAT environment was breached in January.
3161 - Search - Threat actors compromised 1,590 CoinStats crypto wallets
3162 - Search - Experts observed approximately 120 malicious campaigns using the Rafel RAT
3163 - Search - LockBit claims the hack of the US Federal Reserve
3164 - Search - Ransomware threat landscape Jan-Apr 2024: insights and challenges
3165 - Search - ExCobalt Cybercrime group targets Russian organizations in multiple sectors
3166 - Search - Threat actor attempts to sell 30 million customer records allegedly stolen from TEG
3167 - Search - Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
3168 - Search - Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995
3169 - Search - US government sanctions twelve Kaspersky Lab executives
3170 - Search - Experts found a bug in the Linux version of RansomHub ransomware
3171 - Search - UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models
3172 - Search - Russia-linked APT Nobelium targets French diplomatic entities
3173 - Search - US bans sale of Kaspersky products due to risks to national security
3174 - Search - Atlassian fixed six high-severity bugs in Confluence Data Center and Server
3175 - Search - China-linked spies target Asian Telcos since at least 2021
3176 - Search - New Rust infostealer Fickle Stealer spreads through various attack methods
3177 - Search - An unpatched bug allows anyone to impersonate Microsoft corporate email accounts
3178 - Search - Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
3179 - Search - Alleged researchers stole $3 million from Kraken exchange
3180 - Search - Google Chrome 126 update addresses multiple high-severity flaws
3181 - Search - Chip maker giant AMD investigates a data breach
3182 - Search - Cryptojacking campaign targets exposed Docker APIs
3183 - Search - VMware fixed RCE and privilege escalation bugs in vCenter Server
3184 - Search - Meta delays training its AI using public content shared by EU users
3185 - Search - Keytronic confirms data breach after ransomware attack
3186 - Search - The Financial Dynamics Behind Ransomware Attacks
3187 - Search - Empire Market owners charged with operating $430M dark web marketplace
3188 - Search - China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign
3189 - Search - LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals
3190 - Search - Spanish police arrested an alleged member of the Scattered Spider group
3191 - Search - Online job offers, the reshipping and money mule scams
3192 - Search - Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
3193 - Search - ASUS fixed critical remote authentication bypass bug in several routers
3194 - Search - London hospitals canceled over 800 operations in the week after Synnovis ransomware attack
3195 - Search - DORA Compliance Strategy for Business Leaders
3196 - Search - CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog
3197 - Search - City of Cleveland still working to fully restore systems impacted by a cyber attack
3198 - Search - Google fixed an actively exploited zero-day in the Pixel Firmware
3199 - Search - Multiple flaws in Fortinet FortiOS fixed
3200 - Search - CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog
3201 - Search - Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation
3202 - Search - JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens
3203 - Search - Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue
3204 - Search - Cylance confirms the legitimacy of data offered for sale in the dark web
3205 - Search - Arm zero-day in Mali GPU Drivers actively exploited in the wild
3206 - Search - Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!
3207 - Search - Japanese video-sharing platform Niconico was victim of a cyber attack
3208 - Search - UK NHS call for O-type blood donations following ransomware attack on London hospitals
3209 - Search - Christie’s data breach impacted 45,798 individuals
3210 - Search - Sticky Werewolf targets the aviation industry in Russia and Belarus
3211 - Search - Frontier Communications data breach impacted over 750,000 individuals
3212 - Search - PHP addressed critical RCE flaw potentially impacting millions of servers
3213 - Search - Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION
3214 - Search - SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform
3215 - Search - Pandabuy was extorted twice by the same threat actor
3216 - Search - UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces
3217 - Search - A new Linux version of TargetCompany ransomware targets VMware ESXi environments
3218 - Search - FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support
3219 - Search - RansomHub operation is a rebranded version of the Knight RaaS
3220 - Search - Malware can steal data collected by the Windows Recall tool, experts warn
3221 - Search - Cisco addressed Webex flaws used to compromise German government meetings
3222 - Search - CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs
3223 - Search - Zyxel addressed three RCEs in end-of-life NAS devices
3224 - Search - A ransomware attack on Synnovis impacted several London hospitals
3225 - Search - RansomHub gang claims the hack of the telecommunications giant Frontier Communications
3226 - Search - Cybercriminals attack banking customers in EU with V3B phishing kit - PhotoTAN and SmartID supported.
3227 - Search - Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers
3228 - Search - Multiple flaws in Cox modems could have impacted millions of devices
3229 - Search - CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog
3230 - Search - Spanish police shut down illegal TV streaming network
3231 - Search - APT28 targets key networks in Europe with HeadLace malware
3232 - Search - Experts found information of European politicians on the dark web
3233 - Search - FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware
3234 - Search - Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION
3235 - Search - Ticketmaster confirms data breach impacting 560 million customers
3236 - Search - Critical Apache Log4j2 flaw still threatens global finance
3237 - Search - Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin
3238 - Search - ShinyHunters is selling data of 30 million Santander customers
3239 - Search - Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours
3240 - Search - LilacSquid APT targeted organizations in the U.S., Europe, and Asia since at least 2021
3241 - Search - BBC disclosed a data breach impacting its Pension Scheme members
3242 - Search - CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
3243 - Search - Experts found a macOS version of the sophisticated LightSpy spyware
3244 - Search - Operation Endgame, the largest law enforcement operation ever against botnets
3245 - Search - Law enforcement operation dismantled 911 S5 botnet
3246 - Search - Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature
3247 - Search - Check Point released hotfix for actively exploited VPN zero-day
3248 - Search - ABN Amro discloses data breach following an attack on a third-party provider
3249 - Search - Christie disclosed a data breach after a RansomHub attack
3250 - Search - Experts released PoC exploit code for RCE in Fortinet SIEM
3251 - Search - WordPress Plugin abused to install e-skimmers in e-commerce sites
3252 - Search - TP-Link Archer C5400X gaming router is affected by a critical flaw
3253 - Search - Sav-Rx data breach impacted over 2.8 million individuals
3254 - Search - The Impact of Remote Work and Cloud Migrations on Security Perimeters
3255 - Search - New ATM Malware family emerged in the threat landscape
3256 - Search - A high-severity vulnerability affects Cisco Firepower Management Center
3257 - Search - CERT-UA warns of malware campaign conducted by threat actor UAC-0006
3258 - Search - Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
3259 - Search - Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack
3260 - Search - Fake AV websites used to distribute info-stealer malware
3261 - Search - MITRE December 2023 attack: Threat actors created rogue VMs to evade detection
3262 - Search - An XSS flaw in GitLab allows attackers to take over accounts
3263 - Search - Google fixes eighth actively exploited Chrome zero-day this year, the third in a month
3264 - Search - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog
3265 - Search - Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors
3266 - Search - Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns
3267 - Search - APT41: The threat of KeyPlug against Italian industries
3268 - Search - Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)
3269 - Search - Chinese actor ‘Unfading Sea Haze’ remained undetected for five years
3270 - Search - A consumer-grade spyware app found in check-in systems of 3 US hotels
3271 - Search - Critical Veeam Backup Enterprise Manager authentication bypass bug
3272 - Search - Cybercriminals are targeting elections in India with influence campaigns
3273 - Search - Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!
3274 - Search - OmniVision disclosed a data breach after the 2023 Cactus ransomware attack
3275 - Search - CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog
3276 - Search - Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors
3277 - Search - Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms
3278 - Search - Experts released PoC exploit code for RCE in QNAP QTS
3279 - Search - GitCaught campaign relies on Github and Filezilla to deliver multiple malware
3280 - Search - Two students uncovered a flaw that allows to use laundry machines for free
3281 - Search - Grandoreiro Banking Trojan is back and targets banks worldwide
3282 - Search - Healthcare firm WebTPA data breach impacted 2.5 million individuals
3283 - Search - Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION
3284 - Search - North Korea-linked Kimsuky used a new Linux backdoor in recent attacks
3285 - Search - North Korea-linked IT workers infiltrated hundreds of US firms
3286 - Search - Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs
3287 - Search - City of Wichita disclosed a data breach after the recent ransomware attack
3288 - Search - CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog
3289 - Search - CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog
3290 - Search - North Korea-linked Kimsuky APT attack targets victims via Messenger
3291 - Search - Electronic prescription provider MediSecure impacted by a ransomware attack
3292 - Search - Google fixes seventh actively exploited Chrome zero-day this year, the third in a week
3293 - Search - Santander: a data breach at a third-party provider impacted customers and employees
3294 - Search - FBI seized the notorious BreachForums hacking forum
3295 - Search - A Tornado Cash developer has been sentenced to 64 months in prison
3296 - Search - Adobe fixed multiple critical flaws in Acrobat and Reader
3297 - Search - Ransomware attack on Singing River Health System impacted 895,000 people
3298 - Search - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days
3299 - Search - VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024
3300 - Search - MITRE released EMB3D Threat Model for embedded devices
3301 - Search - Google fixes sixth actively exploited Chrome zero-day this year
3302 - Search - Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware
3303 - Search - Threat actors may have exploited a zero-day in older iPhones, Apple warns
3304 - Search - City of Helsinki suffered a data breach
3305 - Search - Russian hackers defaced local British news sites
3306 - Search - Australian Firstmac Limited disclosed a data breach after cyber attack
3307 - Search - Pro-Russia hackers targeted Kosovo’s government websites
3308 - Search - Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
3309 - Search - As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide
3310 - Search - Ohio Lottery data breach impacted over 538,000 individuals
3311 - Search - Notorius threat actor IntelBroker claims the hack of the Europol
3312 - Search - A cyberattack hit the US healthcare giant Ascension
3313 - Search - Google fixes fifth actively exploited Chrome zero-day this year
3314 - Search - Russia-linked APT28 targets government Polish institutions
3315 - Search - Citrix warns customers to update PuTTY version installed on their XenCenter system manually
3316 - Search - Dell discloses data breach impacting millions of customers
3317 - Search - Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
3318 - Search - Zscaler is investigating data breach claims
3319 - Search - Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover
3320 - Search - LockBit gang claimed responsibility for the attack on City of Wichita
3321 - Search - New TunnelVision technique can bypass the VPN encapsulation
3322 - Search - LiteSpeed Cache WordPress plugin actively exploited in the wild
3323 - Search - Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
3324 - Search - UK Ministry of Defense disclosed a third-party data breach exposing military personnel data
3325 - Search - Law enforcement agencies identified LockBit ransomware admin and sanctioned him
3326 - Search - MITRE attributes the recent attack to China-linked UNC5221
3327 - Search - Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering
3328 - Search - City of Wichita hit by a ransomware attack
3329 - Search - El Salvador suffered a massive leak of biometric data
3330 - Search - Finland authorities warn of Android malware campaign targeting bank users
3331 - Search - NATO and the EU formally condemned Russia-linked APT28 cyber espionage
3332 - Search - Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
3333 - Search - Blackbasta gang claimed responsibility for Synlab Italia attack
3334 - Search - LockBit published data stolen from Simone Veil hospital in Cannes
3335 - Search - Russia-linked APT28 and crooks are still using the Moobot botnet
3336 - Search - Dirty stream attack poses billions of Android installs at risk
3337 - Search - ZLoader Malware adds Zeus’s anti-analysis feature
3338 - Search - Ukrainian REvil gang member sentenced to 13 years in prison
3339 - Search - HPE Aruba Networking addressed four critical ArubaOS RCE flaws
3340 - Search - Threat actors hacked the Dropbox Sign production environment
3341 - Search - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog
3342 - Search - Panda Restaurant Group disclosed a data breach
3343 - Search - Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia
3344 - Search - Cuttlefish malware targets enterprise-grade SOHO routers
3345 - Search - A flaw in the R programming language could allow code execution
3346 - Search - Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall
3347 - Search - Notorious Finnish Hacker sentenced to more than six years in prison
3348 - Search - CISA guidelines to protect critical infrastructure against AI-based threats
3349 - Search - NCSC: New UK law bans default passwords on smart devices
3350 - Search - The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data
3351 - Search - Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023
3352 - Search - Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals
3353 - Search - Cyber-Partisans hacktivists claim to have breached Belarus KGB
3354 - Search - The Los Angeles County Department of Health Services disclosed a data breach
3355 - Search - Multiple Brocade SANnav SAN Management SW flaws allow device compromise
3356 - Search - ICICI Bank exposed credit card data of 17000 customers
3357 - Search - Okta warns of unprecedented scale in credential stuffing attacks on online services
3358 - Search - Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
3359 - Search - Targeted operation against Ukraine exploited 7-year-old MS Office bug
3360 - Search - Hackers may have accessed thousands of accounts on the California state welfare platform
3361 - Search - Brokewell Android malware supports an extensive set of Device Takeover capabilities
3362 - Search - Experts warn of an ongoing malware campaign targeting WP-Automatic plugin
3363 - Search - Cryptocurrencies and cybercrime: A critical intermingling
3364 - Search - Kaiser Permanente data breach may have impacted 13.4 million patients
3365 - Search - Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug
3366 - Search - Sweden’s liquor supply severely impacted by ransomware attack on logistics company
3367 - Search - CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog
3368 - Search - CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog
3369 - Search - DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions
3370 - Search - Google fixed critical Chrome vulnerability CVE-2024-4058
3371 - Search - Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks
3372 - Search - Hackers hijacked the eScan Antivirus update mechanism in malware campaign
3373 - Search - US offers a $10 million reward for information on four Iranian nationals
3374 - Search - The street lights in Leicester City cannot be turned off due to a cyber attack
3375 - Search - North Korea-linked APT groups target South Korean defense contractors
3376 - Search - U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
3377 - Search - A cyber attack paralyzed operations at Synlab Italia
3378 - Search - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw
3379 - Search - Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities
3380 - Search - A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites
3381 - Search - Akira ransomware received $42M in ransom payments from over 250 victims
3382 - Search - DuneQuixote campaign targets the Middle East with a complex backdoor
3383 - Search - Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
3384 - Search - Critical CrushFTP zero-day exploited in attacks in the wild
3385 - Search - A French hospital was forced to reschedule procedures after cyberattack
3386 - Search - MITRE revealed that nation-state actors breached its systems via Ivanti zero-days
3387 - Search - FBI chief says China is preparing to attack US critical infrastructure
3388 - Search - United Nations Development Programme (UNDP) investigates data breach
3389 - Search - FIN7 targeted a large U.S. carmaker with phishing attacks
3390 - Search - Law enforcement operation dismantled phishing-as-a-service platform LabHost
3391 - Search - Previously unknown Kapeka backdoor linked to Russian Sandworm APT
3392 - Search - Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available
3393 - Search - Linux variant of Cerber ransomware targets Atlassian servers
3394 - Search - Ivanti fixed two critical flaws in its Avalanche MDM
3395 - Search - Researchers released exploit code for actively exploited Palo Alto PAN-OS bug
3396 - Search - Cisco warns of large-scale brute-force attacks against VPN and SSH services
3397 - Search - PuTTY SSH Client flaw allows of private keys recovery
3398 - Search - A renewed espionage campaign targets South Asia with iOS spyware LightSpy
3399 - Search - Misinformation and hacktivist campaigns targeting the Philippines skyrocket
3400 - Search - Russia is trying to sabotage European railways, Czech minister said
3401 - Search - Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia
3402 - Search - Cisco Duo warns telephony supplier data breach exposed MFA SMS logs
3403 - Search - Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets
3404 - Search - CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog
3405 - Search - Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor
3406 - Search - U.S. and Australian police arrested Firebird RAT author and operator
3407 - Search - Canadian retail chain Giant Tiger data breach may have impacted millions of customers
3408 - Search - Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
3409 - Search - Crooks manipulate GitHub’s search results to distribute malware
3410 - Search - BatBadBut flaw allowed an attacker to perform command injection on Windows
3411 - Search - Roku disclosed a new security breach impacting 576,000 accounts
3412 - Search - LastPass employee targeted via an audio deepfake call
3413 - Search - TA547 targets German organizations with Rhadamanthys malware
3414 - Search - CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
3415 - Search - US CISA published an alert on the Sisense data breach
3416 - Search - Palo Alto Networks fixed multiple DoS bugs in its firewalls
3417 - Search - Apple warns of mercenary spyware attacks on iPhone users in 92 countries
3418 - Search - Microsoft fixed two zero-day bugs exploited in malware attacks
3419 - Search - Group Health Cooperative data breach impacted 530,000 individuals
3420 - Search - AT&T states that the data breach impacted 51 million former and current customers
3421 - Search - Fortinet fixed a critical remote code execution bug in FortiClientLinux
3422 - Search - Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues
3423 - Search - Cybersecurity in the Evolving Threat Landscape
3424 - Search - Over 91,000 LG smart TVs running webOS are vulnerable to hacking
3425 - Search - ScrubCrypt used to drop VenomRAT along with many malicious plugins
3426 - Search - Google announces V8 Sandbox to protect Chrome users
3427 - Search - China is using generative AI to carry out influence operations
3428 - Search - Greylock McKinnon Associates data breach exposed DOJ data of 341650 people
3429 - Search - Crowdfense is offering a larger 30M USD exploit acquisition program
3430 - Search - U.S. Department of Health warns of attacks against IT help desks
3431 - Search - Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION
3432 - Search - Over 92,000 Internet-facing D-Link NAS devices can be easily hacked
3433 - Search - More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894
3434 - Search - Cisco warns of XSS flaw in end-of-life small business routers
3435 - Search - Magento flaw exploited to deploy persistent backdoor hidden in XML
3436 - Search - Cyberattack disrupted services at Omni Hotels & Resorts
3437 - Search - HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks
3438 - Search - US cancer center City of Hope: data breach impacted 827149 individuals
3439 - Search - Ivanti fixed for 4 new issues in Connect Secure and Policy Secure
3440 - Search - Jackson County, Missouri, discloses a ransomware attack
3441 - Search - Google addressed another Chrome zero-day exploited at Pwn2Own in March
3442 - Search - The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse
3443 - Search - Google fixed two actively exploited Pixel vulnerabilities
3444 - Search - Highly sensitive files mysteriously disappeared from EUROPOL headquarters
3445 - Search - XSS flaw in WordPress WP-Members Plugin can lead to script injection
3446 - Search - Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor
3447 - Search - Google agreed to erase billions of browser records to settle a class action lawsuit
3448 - Search - PandaBuy data breach allegedly impacted over 1.3 million customers
3449 - Search - OWASP discloses a data breach
3450 - Search - New Vultur malware version includes enhanced remote control and evasion capabilities
3451 - Search - Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy
3452 - Search - Info stealer attacks target macOS users
3453 - Search - Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION
3454 - Search - DinodasRAT Linux variant targets users worldwide
3455 - Search - AT&T confirmed that a data breach impacted 73 million customers
3456 - Search - Expert found a backdoor in XZ tools used many Linux distributions
3457 - Search - German BSI warns of 17,000 unpatched Microsoft Exchange servers
3458 - Search - Cisco warns of password-spraying attacks targeting Secure Firewall devices
3459 - Search - American fast-fashion firm Hot Topic hit by credential stuffing attacks
3460 - Search - Cisco addressed high-severity flaws in IOS and IOS XE software
3461 - Search - Google: China dominates government exploitation of zero-day vulnerabilities in 2023
3462 - Search - Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024
3463 - Search - CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog
3464 - Search - The DDR Advantage: Real-Time Data Defense
3465 - Search - Finnish police linked APT31 to the 2021 parliament attack
3466 - Search - TheMoon bot infected 40,000 devices in January and February
3467 - Search - UK, New Zealand against China-linked cyber operations
3468 - Search - US Treasury Dep announced sanctions against members of China-linked APT31
3469 - Search - CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog
3470 - Search - Iran-Linked APT TA450 embeds malicious links in PDF attachments
3471 - Search - StrelaStealer targeted over 100 organizations across the EU and US
3472 - Search - GoFetch side-channel attack against Apple systems allows secret keys extraction
3473 - Search - Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION
3474 - Search - Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr
3475 - Search - Russia-linked APT29 targeted German political parties with WINELOADER backdoor
3476 - Search - Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024
3477 - Search - Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites
3478 - Search - German police seized the darknet marketplace Nemesis Market
3479 - Search - Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks
3480 - Search - Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days
3481 - Search - Critical Fortinet’s FortiClient EMS flaw actively exploited in the wild
3482 - Search - Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla
3483 - Search - New Loop DoS attack may target 300,000 vulnerable hosts
3484 - Search - Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately
3485 - Search - Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
3486 - Search - BunnyLoader 3.0 surfaces in the threat landscape
3487 - Search - Pokemon Company resets some users’ passwords
3488 - Search - Ukraine cyber police arrested crooks selling 100 million compromised accounts
3489 - Search - New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon?
3490 - Search - Players hacked during the matches of Apex Legends Global Series. Tournament suspended
3491 - Search - Earth Krahang APT breached tens of government organizations worldwide
3492 - Search - PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released
3493 - Search - Fujitsu suffered a malware attack and probably a data breach
3494 - Search - Remove WordPress miniOrange plugins, a critical flaw can allow site takeover
3495 - Search - The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats
3496 - Search - Email accounts of the International Monetary Fund compromised
3497 - Search - Threat actors leaked 70,000,000+ records allegedly stolen from AT&T
3498 - Search - “gitgub” malware campaign targets Github users with RisePro info-stealer
3499 - Search - Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION
3500 - Search - France Travail data breach impacted 43 Million people
3501 - Search - Scranton School District in Pennsylvania suffered a ransomware attack
3502 - Search - Lazarus APT group returned to Tornado Cash to launder stolen funds
3503 - Search - Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case
3504 - Search - UK Defence Secretary jet hit by an electronic warfare attack in Poland
3505 - Search - Cisco fixed high-severity elevation of privilege and DoS bugs
3506 - Search - Recent DarkGate campaign exploited Microsoft Windows zero-day
3507 - Search - Nissan Oceania data breach impacted roughly 100,000 people
3508 - Search - Researchers found multiple flaws in ChatGPT plugins
3509 - Search - Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS
3510 - Search - Acer Philippines disclosed a data breach after a third-party vendor hack
3511 - Search - Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack
3512 - Search - Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws
3513 - Search - Russia’s Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election
3514 - Search - First-ever South Korean national detained for espionage in Russia
3515 - Search - Insurance scams via QR codes: how to recognise and defend yourself
3516 - Search - Massive cyberattacks hit French government agencies
3517 - Search - BianLian group exploits JetBrains TeamCity bugs in ransomware attacks
3518 - Search - Experts released PoC exploit for critical Progress Software OpenEdge bug
3519 - Search - Magnet Goblin group used a new Linux variant of NerbianRAT malware
3520 - Search - Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites
3521 - Search - Lithuania security services warn of China’s espionage against the country
3522 - Search - Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION
3523 - Search - Threat actors breached two crucial systems of the US CISA
3524 - Search - CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog
3525 - Search - Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices
3526 - Search - QNAP fixed three flaws in its NAS devices, including an authentication bypass
3527 - Search - Russia-linked Midnight Blizzard breached Microsoft systems again
3528 - Search - Cisco addressed severe flaws in its Secure Client
3529 - Search - Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.
3530 - Search - 2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023
3531 - Search - National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election
3532 - Search - CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog
3533 - Search - Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers
3534 - Search - CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
3535 - Search - Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks
3536 - Search - LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage
3537 - Search - Apple emergency security updates fix two new iOS zero-days
3538 - Search - VMware urgent updates addressed Critical ESXi Sandbox Escape bugs
3539 - Search - US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks
3540 - Search - CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
3541 - Search - Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software
3542 - Search - Ukraine’s GUR hacked the Russian Ministry of Defense
3543 - Search - Some American Express customers’ data exposed in a third-party data breach
3544 - Search - META hit with privacy complaints by EU consumer groups
3545 - Search - New GTPDOOR backdoor is designed to target telecom carrier networks
3546 - Search - Threat actors hacked Taiwan-based Chunghwa Telecom
3547 - Search - New Linux variant of BIFROSE RAT uses deceptive domain strategies
3548 - Search - Eken camera doorbells allow ill-intentioned individuals to spy on you
3549 - Search - Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION
3550 - Search - U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp
3551 - Search - U.S. authorities charged an Iranian national for long-running hacking campaign
3552 - Search - US cyber and law enforcement agencies warn of Phobos ransomware attacks
3553 - Search - Police seized Crimemarket, the largest German-speaking cybercrime marketplace
3554 - Search - Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws
3555 - Search - Crooks stole €15 Million from European retail company Pepco
3556 - Search - CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog
3557 - Search - Researchers found a zero-click Facebook account takeover
3558 - Search - New SPIKEDWINE APT group is targeting officials in Europe
3559 - Search - Is the LockBit gang resuming its operation?
3560 - Search - Lazarus APT exploited zero-day in Windows driver to gain kernel privileges
3561 - Search - Pharmaceutical giant Cencora discloses a data breach
3562 - Search - Unmasking 2024’s Email Security Landscape
3563 - Search - FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector
3564 - Search - Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
3565 - Search - Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs
3566 - Search - XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk
3567 - Search - Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION
3568 - Search - US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES
3569 - Search - New Redis miner Migo uses novel system weakening techniques
3570 - Search - Critical flaw found in deprecated VMware EAP. Uninstall it immediately
3571 - Search - Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers
3572 - Search - ConnectWise fixed critical flaws in ScreenConnect remote access tool
3573 - Search - More details about Operation Cronos that disrupted Lockbit operation
3574 - Search - Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric
3575 - Search - Operation Cronos: law enforcement disrupted the LockBit operation
3576 - Search - A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
3577 - Search - Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS
3578 - Search - How BRICS Got “Rug Pulled” – Cryptocurrency Counterfeiting is on the Rise
3579 - Search - SolarWinds addressed critical RCEs in Access Rights Manager (ARM)
3580 - Search - ESET fixed high-severity local privilege escalation bug in Windows products
3581 - Search - Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION
3582 - Search - Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes
3583 - Search - CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks
3584 - Search - CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog
3585 - Search - US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders
3586 - Search - U.S. CISA: hackers breached a state government organization
3587 - Search - Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs
3588 - Search - US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
3589 - Search - A cyberattack halted operations at Varta production plants
3590 - Search - North Korea-linked actors breached the emails of a Presidential Office member
3591 - Search - CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog
3592 - Search - Nation-state actors are using AI services and LLMs for cyberattacks
3593 - Search - Abusing the Ubuntu ‘command-not-found’ utility to install malicious packages
3594 - Search - Zoom fixed critical flaw CVE-2024-24691 in Windows software
3595 - Search - Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader
3596 - Search - Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days
3597 - Search - A ransomware attack took 100 Romanian hospitals down
3598 - Search - Bank of America customer data compromised after a third-party services provider data breach
3599 - Search - Ransomfeed - Third Quarter Report 2023 is out!
3600 - Search - Global Malicious Activity Targeting Elections is Skyrocketing
3601 - Search - Researchers released a free decryption tool for the Rhysida Ransomware
3602 - Search - Residential Proxies vs. Datacenter Proxies: Choosing the Right Option
3603 - Search - CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog
3604 - Search - Canada Gov plans to ban the Flipper Zero to curb car thefts
3605 - Search - 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data
3606 - Search - US Feds arrested two men involved in the Warzone RAT operation
3607 - Search - Raspberry Robin spotted using two new 1-day LPE exploits
3608 - Search - Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION
3609 - Search - CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog
3610 - Search - macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations
3611 - Search - Exploiting a vulnerable Minifilter Driver to create a process killer
3612 - Search - Black Basta ransomware gang hacked Hyundai Motor Europe
3613 - Search - Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN
3614 - Search - Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices
3615 - Search - 26 Cyber Security Stats Every User Should Be Aware Of in 2024
3616 - Search - US offers $10 million reward for info on Hive ransomware group leaders
3617 - Search - Unraveling the truth behind the DDoS attack from electric toothbrushes
3618 - Search - China-linked APT Volt Typhoon remained undetected for years in US infrastructure
3619 - Search - Cisco fixes critical Expressway Series CSRF vulnerabilities
3620 - Search - CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog
3621 - Search - Fortinet addressed two critical FortiSIEM vulnerabilities
3622 - Search - Experts warn of a critical bug in JetBrains TeamCity On-Premises
3623 - Search - Critical shim bug impacts every Linux boot loader signed in the past decade
3624 - Search - China-linked APT deployed malware in a network of the Dutch Ministry of Defence
3625 - Search - Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG
3626 - Search - Google fixed an Android critical remote code execution flaw
3627 - Search - A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e
3628 - Search - U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware
3629 - Search - HPE is investigating claims of a new security breach
3630 - Search - Experts warn of a surge of attacks targeting Ivanti SSRF flaw
3631 - Search - How to hack the Airbus NAVBLUE Flysmart+ Manager
3632 - Search - Crooks stole $25.5 million from a multinational firm using a ‘deepfake’ video call
3633 - Search - Software firm AnyDesk disclosed a security breach
3634 - Search - The ‘Mother of all Breaches’: Navigating the Aftermath and Fortifying Your Data with DSPM
3635 - Search - US government imposed sanctions on six Iranian intel officials
3636 - Search - A cyberattack impacted operations at Lurie Children’s Hospital
3637 - Search - AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
3638 - Search - Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION
3639 - Search - Clorox estimates the costs of the August cyberattack will exceed $49 Million
3640 - Search - Mastodon fixed a flaw that can allow the takeover of any account
3641 - Search - Iranian hackers breached Albania’s Institute of Statistics (INSTAT)
3642 - Search - Operation Synergia led to the arrest of 31 individuals
3643 - Search - Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison
3644 - Search - Cloudflare breached on Thanksgiving Day, but the attack was promptly contained
3645 - Search - PurpleFox malware infected at least 2,000 computers in Ukraine
3646 - Search - Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping
3647 - Search - CISA orders federal agencies to disconnect Ivanti VPN instances by February 2
3648 - Search - Multiple malware used in attacks exploiting Ivanti VPN flaws
3649 - Search - Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k
3650 - Search - Crooks stole around $112 million worth of XRP from Ripple’s co-founder
3651 - Search - CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog
3652 - Search - Ivanti warns of a new actively exploited zero-day
3653 - Search - Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware
3654 - Search - Data leak at fintech giant Direct Trading Technologies
3655 - Search - Root access vulnerability in GNU Library C (glibc) impacts many Linux distros
3656 - Search - Italian data protection authority said that ChatGPT violated EU privacy laws
3657 - Search - 750 million Indian mobile subscribers’ data offered for sale on dark web
3658 - Search - Juniper Networks released out-of-band updates to fix high-severity flaws
3659 - Search - Hundreds of network operators’ credentials found circulating in Dark Web
3660 - Search - Cactus ransomware gang claims the Schneider Electric hack
3661 - Search - Mercedes-Benz accidentally exposed sensitive data, including source code
3662 - Search - Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords
3663 - Search - NSA buys internet browsing records from data brokers without a warrant
3664 - Search - Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’
3665 - Search - Multiple PoC exploits released for Jenkins flaw CVE-2024-23897
3666 - Search - Medusa ransomware attack hit Kansas City Area Transportation Authority
3667 - Search - Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION
3668 - Search - Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center
3669 - Search - Participants earned more than $1.3M at the Pwn2Own Automotive competition
3670 - Search - A TrickBot malware developer sentenced to 64 months in prison
3671 - Search - Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns
3672 - Search - Watch out, experts warn of a critical flaw in Jenkins
3673 - Search - Pwn2Own Automotive 2024 Day 2 - Tesla hacked again
3674 - Search - Yearly Intel Trend Review: The 2023 RedSense report
3675 - Search - Cisco warns of a critical bug in Unified Communications products, patch it now!
3676 - Search - Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)
3677 - Search - CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog
3678 - Search - 5379 GitLab servers vulnerable to zero-click account takeover attacks
3679 - Search - Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
3680 - Search - Splunk fixed high-severity flaw impacting Windows versions
3681 - Search - Watch out, a new critical flaw affects Fortra GoAnywhere MFT
3682 - Search - Australian government announced sanctions for Medibank hacker
3683 - Search - LoanDepot data breach impacted roughly 16.6 individuals
3684 - Search - Black Basta gang claims the hack of the UK water utility Southern Water
3685 - Search - CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog
3686 - Search - Mother of all breaches - a historic data leak reveals 26 billion records: check what’s exposed
3687 - Search - Apple fixed actively exploited zero-day CVE-2024-23222
3688 - Search - “My Slice”, an Italian adaptive phishing campaign
3689 - Search - Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell
3690 - Search - Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web
3691 - Search - Backdoored pirated applications targets Apple macOS users
3692 - Search - LockBit ransomware gang claims the attack on the sandwich chain Subway
3693 - Search - Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION
3694 - Search - Admin of the BreachForums hacking forum sentenced to 20 years supervised release
3695 - Search - VF Corp December data breach impacts 35 million customers
3696 - Search - China-linked APT UNC3886 exploits VMware zero-day since 2021
3697 - Search - Ransomware attacks break records in 2023: the number of victims rose by 128%
3698 - Search - U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082
3699 - Search - The Quantum Computing Cryptopocalypse – I’ll Know It When I See It
3700 - Search - Kansas State University suffered a serious cybersecurity incident
3701 - Search - CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog
3702 - Search - Google TAG warns that Russian COLDRIVER APT is using a custom backdoor
3703 - Search - PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts
3704 - Search - iShutdown lightweight method allows to discover spyware infections on iPhones
3705 - Search - Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos
3706 - Search - Github rotated credentials after the discovery of a vulnerability
3707 - Search - FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation
3708 - Search - Citrix warns admins to immediately patch NetScaler for actively exploited zero-days
3709 - Search - Google fixed the first actively exploited Chrome zero-day of 2024
3710 - Search - Atlassian fixed critical RCE in older Confluence versions
3711 - Search - VMware fixed a critical flaw in Aria Automation. Patch it now!
3712 - Search - Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws
3713 - Search - Experts warn of a vulnerability affecting Bosch BCC100 Thermostat
3714 - Search - Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack
3715 - Search - Phemedrone info stealer campaign exploits Windows smartScreen bypass
3716 - Search - Balada Injector continues to infect thousands of WordPress sites
3717 - Search - Attackers target Apache Hadoop and Flink to deliver cryptominers
3718 - Search - Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
3719 - Search - Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION
3720 - Search - GitLab fixed a critical zero-click account hijacking flaw
3721 - Search - Juniper Networks fixed a critical RCE bug in its firewalls and switches
3722 - Search - Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election
3723 - Search - Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467
3724 - Search - Team Liquid’s wiki leak exposes 118K users
3725 - Search - CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog
3726 - Search - Two zero-day bugs in Ivanti Connect Secure actively exploited
3727 - Search - X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected
3728 - Search - Cisco fixed critical Unity Connection vulnerability CVE-2024-20272
3729 - Search - ShinyHunters member sentenced to three years in prison
3730 - Search - HMG Healthcare disclosed a data breach
3731 - Search - Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval
3732 - Search - Decryptor for Tortilla variant of Babuk ransomware released
3733 - Search - Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws
3734 - Search - CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog
3735 - Search - Syrian group Anonymous Arabic distributes stealthy malware Silver RAT
3736 - Search - Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications
3737 - Search - DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace
3738 - Search - Long-existing Bandook RAT targets Windows machines
3739 - Search - A cyber attack hit the Beirut International Airport
3740 - Search - Iranian crypto exchange Bit24.cash leaks user passports and IDs
3741 - Search - Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION
3742 - Search - Turkish Sea Turtle APT targets Dutch IT and Telecom firms
3743 - Search - Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
3744 - Search - Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages
3745 - Search - The source code of Zeppelin Ransomware sold on a hacking forum
3746 - Search - Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
3747 - Search - Ivanti fixed a critical EPM flaw that can result in remote code execution
3748 - Search - MyEstatePoint Property Search Android app leaks user passwords
3749 - Search - Hacker hijacked Orange Spain RIPE account causing internet outage to company customers
3750 - Search - HealthEC data breach impacted more than 4.5 Million people
3751 - Search - Experts found 3 malicious packages hiding crypto miners in PyPi repository
3752 - Search - Crooks hacked Mandiant X account to push cryptocurrency scam
3753 - Search - Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
3754 - Search - CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
3755 - Search - Don’t trust links with known domains: BMW affected by redirect vulnerability
3756 - Search - Hackers stole more than $81 million worth of crypto assets from Orbit Chain
3757 - Search - Ukraine’s SBU said that Russia’s intelligence hacked surveillance cameras to direct a missile strike on Kyiv
3758 - Search - Experts warn of JinxLoader loader used to spread Formbook and XLoader
3759 - Search - Terrapin attack allows to downgrade SSH protocol security
3760 - Search - Multiple organizations in Iran were breached by a mysterious hacker
3761 - Search - Top 2023 Security Affairs cybersecurity stories
3762 - Search - Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies
3763 - Search - Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
3764 - Search - Google agreed to settle a $5 billion privacy lawsuit
3765 - Search - Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION
3766 - Search - INC RANSOM ransomware gang claims to have breached Xerox Corp
3767 - Search - Spotify music converter TuneFab puts users at risk
3768 - Search - Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania
3769 - Search - Russia-linked APT28 used new malware in a recent phishing campaign
3770 - Search - Clash of Clans gamers at risk while using third-party app
3771 - Search - New Version of Meduza Stealer Released in Dark Web
3772 - Search - Operation Triangulation attacks relied on an undocumented hardware feature
3773 - Search - Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data
3774 - Search - Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network
3775 - Search - Experts warn of critical Zero-Day in Apache OfBiz
3776 - Search - Xamalicious Android malware distributed through the Play Store
3777 - Search - Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841
3778 - Search - Elections 2024, artificial intelligence could upset world balances
3779 - Search - Experts analyzed attacks against poorly managed Linux SSH servers
3780 - Search - A cyberattack hit Australian healthcare provider St Vincent’s Health Australia
3781 - Search - Rhysida ransomware group hacked Abdali Hospital in Jordan
3782 - Search - Carbanak malware returned in ransomware attacks
3783 - Search - Resecurity Released a 2024 Cyber Threat Landscape Forecast
3784 - Search - APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw
3785 - Search - Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor
3786 - Search - Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION
3787 - Search - Europol and ENISA spotted 443 e-stores compromised with digital skimming
3788 - Search - Video game giant Ubisoft investigates reports of a data breach
3789 - Search - LockBit ransomware gang claims to have breached accountancy firm Xeinadin
3790 - Search - Mobile virtual network operator Mint Mobile discloses a data breach
3791 - Search - Akira ransomware gang claims the theft of sensitive data from Nissan Australia
3792 - Search - Member of Lapsus$ gang sentenced to an indefinite hospital order
3793 - Search - Real estate agency exposes details of 690k customers
3794 - Search - ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products
3795 - Search - Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware
3796 - Search - Data leak exposes users of car-sharing service Blink Mobility
3797 - Search - Google addressed a new actively exploited Chrome zero-day
3798 - Search - German police seized the dark web marketplace Kingdom Market
3799 - Search - Law enforcement Operation HAECHI IV led to the seizure of $300 Million
3800 - Search - Sophisticated JaskaGO info stealer targets macOS and Windows
3801 - Search - BMW dealer at risk of takeover by cybercriminals
3802 - Search - Comcast’s Xfinity customer data exposed after CitrixBleed attack
3803 - Search - FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
3804 - Search - Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season
3805 - Search - The ransomware attack on Westpole is disrupting digital services for Italian public administration
3806 - Search - Info stealers and how to protect against them
3807 - Search - Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations
3808 - Search - Qakbot is back and targets the Hospitality industry
3809 - Search - A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K
3810 - Search - MongoDB investigates a cyberattack, customer data exposed
3811 - Search - InfectedSlurs botnet targets QNAP VioStor NVR vulnerability
3812 - Search - Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION
3813 - Search - New NKAbuse malware abuses NKN decentralized P2P network protocol
3814 - Search - Snatch ransomware gang claims the hack of the food giant Kraft Heinz
3815 - Search - Multiple flaws in pfSense firewall can lead to arbitrary code execution
3816 - Search - BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign
3817 - Search - Data of over a million users of the crypto exchange GokuMarket exposed
3818 - Search - Idaho National Laboratory data breach impacted 45,047 individuals
3819 - Search - Ubiquiti users claim to have access to other people’s devices
3820 - Search - Russia-linked APT29 spotted targeting JetBrains TeamCity servers
3821 - Search - Microsoft seized the US infrastructure of the Storm-1152 cybercrime group
3822 - Search - French authorities arrested a Russian national for his role in the Hive ransomware operation
3823 - Search - China-linked APT Volt Typhoon linked to KV-Botnet
3824 - Search - UK Home Office is ignoring the risk of ‘catastrophic ransomware attacks,’ report warns
3825 - Search - OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks
3826 - Search - Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks
3827 - Search - December 2023 Microsoft Patch Tuesday fixed 4 critical flaws
3828 - Search - Ukrainian military intelligence service hacked the Russian Federal Taxation Service
3829 - Search - Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack
3830 - Search - Dubai’s largest taxi app exposes 220K+ users
3831 - Search - Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
3832 - Search - Apple released iOS 17.2 to address a dozen of security flaws
3833 - Search - Toyota Financial Services discloses a data breach
3834 - Search - Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2
3835 - Search - CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
3836 - Search - CISA and ENISA signed a Working Arrangement to enhance cooperation
3837 - Search - Researcher discovered a new lock screen bypass bug for Android 14 and 13
3838 - Search - WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw
3839 - Search - Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION
3840 - Search - Hacktivists hacked an Irish water utility and interrupted the water supply
3841 - Search - 5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips
3842 - Search - Norton Healthcare disclosed a data breach after a ransomware attack
3843 - Search - Bypassing major EDRs using Pool Party process injection techniques
3844 - Search - Founder of Bitzlato exchange has pleaded for unlicensed money transmitting
3845 - Search - Android barcode scanner app exposes user passwords
3846 - Search - UK and US expose Russia Callisto Group’s activity and sanction members
3847 - Search - A cyber attack hit Nissan Oceania
3848 - Search - New Krasue Linux RAT targets telecom companies in Thailand
3849 - Search - Atlassian addressed four new RCE flaws in its products
3850 - Search - CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog
3851 - Search - Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode
3852 - Search - GST Invoice Billing Inventory exposes sensitive data to threat actors
3853 - Search - Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw
3854 - Search - ENISA published the ENISA Threat Landscape for DoS Attacks Report
3855 - Search - Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts
3856 - Search - Google fixed critical zero-click RCE in Android
3857 - Search - New P2PInfect bot targets routers and IoT devices
3858 - Search - Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware
3859 - Search - LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order
3860 - Search - Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices
3861 - Search - New Agent Raccoon malware targets the Middle East, Africa and the US
3862 - Search - Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION
3863 - Search - Researchers devised an attack technique to extract ChatGPT training data
3864 - Search - Fortune-telling website WeMystic exposes 13M+ user records
3865 - Search - Expert warns of Turtle macOS ransomware
3866 - Search - Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
3867 - Search - CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog
3868 - Search - Apple addressed 2 new iOS zero-day vulnerabilities
3869 - Search - Critical Zoom Room bug allowed to gain access to Zoom Tenants
3870 - Search - Rhysida ransomware group hacked King Edward VII’s Hospital in London
3871 - Search - Google addressed the sixth Chrome Zero-Day vulnerability in 2023
3872 - Search - Okta reveals additional attackers’ activities in October 2023 Breach
3873 - Search - Thousands of secrets lurk in app images on Docker Hub
3874 - Search - Threat actors started exploiting critical ownCloud flaw CVE-2023-49103
3875 - Search - International police operation dismantled a prominent Ukraine-based Ransomware group
3876 - Search - Daixin Team group claimed the hack of North Texas Municipal Water District
3877 - Search - Healthcare provider Ardent Health Services disclosed a ransomware attack
3878 - Search - Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia
3879 - Search - Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania
3880 - Search - The hack of MSP provider CTS potentially impacted hundreds of UK law firms
3881 - Search - Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION
3882 - Search - Rhysida ransomware gang claimed China Energy hack
3883 - Search - North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack
3884 - Search - Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
3885 - Search - App used by hundreds of schools leaking children’s data
3886 - Search - Microsoft launched its new Microsoft Defender Bounty Program
3887 - Search - Exposed Kubernetes configuration secrets can fuel supply chain attacks
3888 - Search - North Korea-linked Konni APT uses Russian-language weaponized documents
3889 - Search - ClearFake campaign spreads macOS AMOS information stealer
3890 - Search - Welltok data breach impacted 8.5 million patients in the U.S.
3891 - Search - North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software
3892 - Search - Automotive parts giant AutoZone disclosed data breach after MOVEit hack
3893 - Search - New InfectedSlurs Mirai-based botnet exploits two zero-days
3894 - Search - SiegedSec hacktivist group hacked Idaho National Laboratory (INL)
3895 - Search - CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
3896 - Search - Citrix provides additional measures to address Citrix Bleed
3897 - Search - Tor Project removed several relays associated with a suspicious cryptocurrency scheme
3898 - Search - Experts warn of a surge in NetSupport RAT attacks against education and government sectors
3899 - Search - The Top 5 Reasons to Use an API Management Platform
3900 - Search - Canadian government impacted by data breaches of two of its contractors
3901 - Search - Rhysida ransomware gang is auctioning data stolen from the British Library
3902 - Search - Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies
3903 - Search - DarkCasino joins the list of APT groups exploiting WinRAR zero-day
3904 - Search - US teenager pleads guilty to his role in credential stuffing attack on a betting site
3905 - Search - Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION
3906 - Search - 8Base ransomware operators use a new variant of the Phobos ransomware
3907 - Search - Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
3908 - Search - The board of directors of OpenAI fired Sam Altman
3909 - Search - Medusa ransomware gang claims the hack of Toyota Financial Services
3910 - Search - CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
3911 - Search - Zimbra zero-day exploited to steal government emails by four groups
3912 - Search - Vietnam Post exposes 1.2TB of data, including email addresses
3913 - Search - Samsung suffered a new data breach
3914 - Search - FBI and CISA warn of attacks by Rhysida ransomware gang
3915 - Search - Critical flaw fixed in SAP Business One product
3916 - Search - Law enforcement agencies dismantled the illegal botnet proxy service IPStorm
3917 - Search - Gamblers’ data compromised after casino giant Strendus fails to set password
3918 - Search - VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance
3919 - Search - Danish critical infrastructure hit by the largest cyber attack in Denmark’s history
3920 - Search - Major Australian ports blocked after a cyber attack on DP World
3921 - Search - Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
3922 - Search - CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
3923 - Search - LockBit ransomware gang leaked data stolen from Boeing
3924 - Search - North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals
3925 - Search - The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital
3926 - Search - The State of Maine disclosed a data breach that impacted 1.3M people
3927 - Search - Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION
3928 - Search - Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
3929 - Search - Serbian pleads guilty to running ‘Monopoly’ dark web drug market
3930 - Search - McLaren Health Care revealed that a data breach impacted 2.2 million people
3931 - Search - After ChatGPT, Anonymous Sudan took down the Cloudflare website
3932 - Search - Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack
3933 - Search - SysAid zero-day exploited by Clop ransomware group
3934 - Search - Dolly.com pays ransom, attackers release data anyway
3935 - Search - DDoS attack leads to significant disruption in ChatGPT services
3936 - Search - Russian Sandworm disrupts power in Ukraine with a new OT attack
3937 - Search - Veeam fixed multiple flaws in Veeam ONE, including critical issues
3938 - Search - Pro-Palestinian hackers group ‘Soldiers of Solomon’ disrupted the production cycle of the biggest flour production plant in Israel
3939 - Search - Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks
3940 - Search - Critical Confluence flaw exploited in ransomware attacks
3941 - Search - QNAP fixed two critical vulnerabilities in QTS OS and apps
3942 - Search - Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure
3943 - Search - Socks5Systemz proxy service delivered via PrivateLoader and Amadey
3944 - Search - US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors
3945 - Search - Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION
3946 - Search - Lazarus targets blockchain engineers with new KandyKorn macOS Malware
3947 - Search - Kinsing threat actors probed the Looney Tunables flaws in recent attacks
3948 - Search - ZDI discloses four zero-day flaws in Microsoft Exchange
3949 - Search - Okta customer support system breach impacted 134 customers
3950 - Search - Multiple WhatsApp mods spotted containing the CanesSpy Spyware
3951 - Search - Russian FSB arrested Russian hackers who supported Ukrainian cyber operations
3952 - Search - MuddyWater has been spotted targeting two Israeli entities
3953 - Search - Clop group obtained access to the email addresses of about 632,000 US federal employees
3954 - Search - Okta discloses a new data breach after a third-party vendor was hacked
3955 - Search - Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware
3956 - Search - Boeing confirmed its services division suffered a cyberattack
3957 - Search - Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India
3958 - Search - Who is behind the Mozi Botnet kill switch?
3959 - Search - CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog
3960 - Search - Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748
3961 - Search - Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper
3962 - Search - British Library suffers major outage due to cyberattack
3963 - Search - Critical Atlassian Confluence flaw can lead to significant data loss
3964 - Search - WiHD leak exposes details of all torrent users
3965 - Search - Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198
3966 - Search - Canada bans WeChat and Kaspersky apps on government-issued mobile devices
3967 - Search - Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency
3968 - Search - Wiki-Slack attack allows redirecting business professionals to malicious websites
3969 - Search - HackerOne awarded over $300 million bug hunters
3970 - Search - StripedFly, a complex malware that infected one million devices without being noticed
3971 - Search - IT Army of Ukraine disrupted internet providers in territories occupied by Russia
3972 - Search - Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION
3973 - Search - Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
3974 - Search - Lockbit ransomware gang claims to have stolen data from Boeing
3975 - Search - How to Collect Market Intelligence with Residential Proxies?
3976 - Search - F5 urges to address a critical flaw in BIG-IP
3977 - Search - Hello Alfred app exposes user data
3978 - Search - iLeakage attack exploits Safari to steal data from Apple devices
3979 - Search - Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps
3980 - Search - Seiko confirmed a data breach after BlackCat attack
3981 - Search - Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks
3982 - Search - Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes
3983 - Search - VMware addressed critical vCenter flaw also for End-of-Life products
3984 - Search - Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
3985 - Search - New England Biolabs leak sensitive data
3986 - Search - Former NSA employee pleads guilty to attempted selling classified documents to Russia
3987 - Search - Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!
3988 - Search - How did the Okta Support breach impact 1Password?
3989 - Search - PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web
3990 - Search - Spain police dismantled a cybercriminal group who stole the data of 4 million individuals
3991 - Search - CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
3992 - Search - Cisco warns of a second IOS XE zero-day used to infect devices worldwide
3993 - Search - City of Philadelphia suffers a data breach
3994 - Search - SolarWinds fixed three critical RCE flaws in its Access Rights Manager product
3995 - Search - Don’t use AI-based apps, Philippine defense ordered its personnel
3996 - Search - Vietnamese threat actors linked to DarkGate malware campaign
3997 - Search - MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
3998 - Search - The attack on the International Criminal Court was targeted and sophisticated
3999 - Search - Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION
4000 - Search - A threat actor is selling access to Facebook and Instagram’s Police Portal
4001 - Search - Threat actors breached Okta support system and stole customers’ data
4002 - Search - US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide
4003 - Search - Alleged developer of the Ragnar Locker ransomware was arrested
4004 - Search - CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
4005 - Search - Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198
4006 - Search - Law enforcement operation seized Ragnar Locker group’s infrastructure
4007 - Search - THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!
4008 - Search - North Korea-linked APT groups actively exploit JetBrains TeamCity flaw
4009 - Search - Multiple APT groups exploited WinRAR flaw CVE-2023-38831
4010 - Search - Californian IT company DNA Micro leaks private mobile phone data
4011 - Search - Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August
4012 - Search - A flaw in Synology DiskStation Manager allows admin account takeover
4013 - Search - D-Link confirms data breach, but downplayed the impact
4014 - Search - CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems
4015 - Search - Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
4016 - Search - Ransomware realities in 2023: one employee mistake can cost a company millions
4017 - Search - Malware-laced ‘RedAlert - Rocket Alerts’ app targets Israeli users
4018 - Search - Cisco warns of active exploitation of IOS XE zero-day
4019 - Search - Signal denies claims of an alleged zero-day flaw in its platform
4020 - Search - Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm
4021 - Search - DarkGate malware campaign abuses Skype and Teams
4022 - Search - The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital
4023 - Search - Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION
4024 - Search - Lockbit ransomware gang demanded an 80 million ransom to CDW
4025 - Search - CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks
4026 - Search - Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?
4027 - Search - FBI and CISA published a new advisory on AvosLocker ransomware
4028 - Search - More than 17,000 WordPress websites infected with the Balada Injector in September
4029 - Search - Ransomlooker, a new tool to track and analyze ransomware groups’ activities
4030 - Search - Phishing, the campaigns that are targeting Italy
4031 - Search - A new Magecart campaign hides the malicious code in 404 error page
4032 - Search - CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog
4033 - Search - Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers
4034 - Search - Air Europa data breach exposed customers’ credit cards
4035 - Search - #OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops
4036 - Search - Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws
4037 - Search - New ‘HTTP/2 Rapid Reset’ technique behind record-breaking DDoS attacks
4038 - Search - Exposed security cameras in Israel and Palestine pose significant risks
4039 - Search - A flaw in libcue library impacts GNOME Linux systems
4040 - Search - Hacktivists in Palestine and Israel after SCADA and other industrial control systems
4041 - Search - Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519
4042 - Search - The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum
4043 - Search - Gaza-linked hackers and Pro-Russia groups are targeting Israel
4044 - Search - Flagstar Bank suffered a data breach once again
4045 - Search - Android devices shipped with backdoored firmware as part of the BADBOX network
4046 - Search - Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition
4047 - Search - North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime
4048 - Search - QakBot threat actors are still operational after the August takedown
4049 - Search - Ransomware attack on MGM Resorts costs $110 Million
4050 - Search - Cybersecurity, why a hotline number could be important?
4051 - Search - Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables
4052 - Search - Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!
4053 - Search - Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege
4054 - Search - CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog
4055 - Search - NATO is investigating a new cyber attack claimed by the SiegedSec group
4056 - Search - Global CRM Provider Exposed Millions of Clients’ Files Online
4057 - Search - Sony sent data breach notifications to about 6,800 individuals
4058 - Search - Apple fixed the 17th zero-day flaw exploited in attacks
4059 - Search - Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks
4060 - Search - A cyberattack disrupted Lyca Mobile services
4061 - Search - Chipmaker Qualcomm warns of three actively exploited zero-days
4062 - Search - DRM Report Q2 2023 - Ransomware threat landscape
4063 - Search - Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform
4064 - Search - San Francisco’s transport agency exposes drivers’ parking permits and addresses
4065 - Search - BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums
4066 - Search - Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
4067 - Search - Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV
4068 - Search - European Telecommunications Standards Institute (ETSI) suffered a data breach
4069 - Search - WS_FTP flaw CVE-2023-40044 actively exploited in the wild
4070 - Search - National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers
4071 - Search - North Korea-linked Lazarus targeted a Spanish aerospace company
4072 - Search - Ransomware attack on Johnson Controls may have exposed sensitive DHS data
4073 - Search - BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care
4074 - Search - Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition
4075 - Search - ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One
4076 - Search - FBI warns of dual ransomware attacks
4077 - Search - Progress Software fixed two critical severity flaws in WS_FTP Server
4078 - Search - Child abuse site taken down, organized child exploitation crime suspected – exclusive
4079 - Search - A still unpatched zero-day RCE impacts more than 3.5M Exim servers
4080 - Search - Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach
4081 - Search - Misconfigured WBSC server leaks thousands of passports
4082 - Search - CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog
4083 - Search - Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109
4084 - Search - Dark Angels Team ransomware group hit Johnson Controls
4085 - Search - GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023
4086 - Search - Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices
4087 - Search - China-linked APT BlackTech was spotted hiding in Cisco router firmware
4088 - Search - Watch out! CVE-2023-5129 in libwebp library affects millions applications
4089 - Search - DarkBeam leaks billions of email and password combinations
4090 - Search - ‘Ransomed.vc’ in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo
4091 - Search - Top 5 Problems Solved by Data Lineage
4092 - Search - Threat actors claim the hack of Sony, and the company investigates
4093 - Search - Canadian Flair Airlines left user data leaking for months
4094 - Search - The Rhysida ransomware group hit the Kuwait Ministry of Finance
4095 - Search - BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients
4096 - Search - Xenomorph malware is back after months of hiatus and expands the list of targets
4097 - Search - Smishing Triad Stretches Its Tentacles into the United Arab Emirates
4098 - Search - Crooks stole $200 million worth of assets from Mixin Network
4099 - Search - A phishing campaign targets Ukrainian military entities with drone manual lures
4100 - Search - Alert! Patch your TeamCity instance to avoid server hack
4101 - Search - Is Gelsemium APT behind a targeted attack in Southeast Asian Government?
4102 - Search - Nigerian National pleads guilty to participating in a millionaire BEC scheme
4103 - Search - New variant of BBTok Trojan targets users of +40 banks in LATAM
4104 - Search - Deadglyph, a very sophisticated and unknown backdoor targets the Middle East
4105 - Search - Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
4106 - Search - Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
4107 - Search - National Student Clearinghouse data breach impacted approximately 900 US schools
4108 - Search - Government of Bermuda blames Russian threat actors for the cyber attack
4109 - Search - Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
4110 - Search - CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog
4111 - Search - Information of Air Canada employees exposed in recent cyberattack
4112 - Search - Sandman APT targets telcos with LuaDream backdoor
4113 - Search - Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws
4114 - Search - Ukrainian hackers are behind the Free Download Manager supply chain attack
4115 - Search - Space and defense tech maker Exail Technologies exposes database access
4116 - Search - Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
4117 - Search - Experts found critical flaws in Nagios XI network monitoring software
4118 - Search - The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs
4119 - Search - International Criminal Court hit with a cyber attack
4120 - Search - GitLab addressed critical vulnerability CVE-2023-5009
4121 - Search - Trend Micro addresses actively exploited zero-day in Apex One and other security Products
4122 - Search - ShroudedSnooper threat actors target telecom companies in the Middle East
4123 - Search - Recent cyber attack is causing Clorox products shortage
4124 - Search - Earth Lusca expands its arsenal with SprySOCKS Linux malware
4125 - Search - Microsoft AI research division accidentally exposed 38TB of sensitive data
4126 - Search - German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals
4127 - Search - Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry
4128 - Search - FBI hacker USDoD leaks highly sensitive TransUnion data
4129 - Search - North Korea’s Lazarus APT stole almost $240 million in crypto assets since June
4130 - Search - Clop gang stolen data from major North Carolina hospitals
4131 - Search - CardX released a data leak notification impacting their customers in Thailand
4132 - Search - Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
4133 - Search - TikTok fined €345M by Irish DPC for violating children’s privacy
4134 - Search - Dariy Pankov, the NLBrute malware author, pleads guilty
4135 - Search - Dangerous permissions detected in top Android health apps
4136 - Search - Caesars Entertainment paid a ransom to avoid stolen data leaks
4137 - Search - Free Download Manager backdoored to serve Linux malware for more than 3 years
4138 - Search - Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York
4139 - Search - The iPhone of a Russian journalist was infected with the Pegasus spyware
4140 - Search - Kubernetes flaws could lead to remote code execution on Windows endpoints
4141 - Search - Threat actor leaks sensitive data belonging to Airbus
4142 - Search - A new ransomware family called 3AM appears in the threat landscape
4143 - Search - Redfly group infiltrated an Asian national grid as long as six months
4144 - Search - Mozilla fixed a critical zero-day in Firefox and Thunderbird
4145 - Search - Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws
4146 - Search - Save the Children confirms it was hit by cyber attack
4147 - Search - Adobe fixed actively exploited zero-day in Acrobat and Reader
4148 - Search - A new Repojacking attack exposed over 4,000 GitHub repositories to hack
4149 - Search - MGM Resorts hit by a cyber attack
4150 - Search - Anonymous Sudan launched a DDoS attack against Telegram
4151 - Search - Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor
4152 - Search - GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023
4153 - Search - CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog
4154 - Search - UK and US sanctioned 11 members of the Russia-based TrickBot gang
4155 - Search - New HijackLoader malware is rapidly growing in popularity in the cybercrime community
4156 - Search - Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable
4157 - Search - Evil Telegram campaign: Trojanized Telegram apps found on Google Play
4158 - Search - Rhysida Ransomware gang claims to have hacked three more US hospitals
4159 - Search - Akamai prevented the largest DDoS attack on a US financial company
4160 - Search - Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition
4161 - Search - US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog
4162 - Search - Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital
4163 - Search - North Korea-linked threat actors target cybersecurity experts with a zero-day
4164 - Search - Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks
4165 - Search - Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware
4166 - Search - Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs
4167 - Search - A malvertising campaign is delivering a new version of the macOS Atomic Stealer
4168 - Search - Two flaws in Apache SuperSet allow to remotely hack servers
4169 - Search - Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake
4170 - Search - Google addressed an actively exploited zero-day in Android
4171 - Search - A zero-day in Atlas VPN Linux Client leaks users’ IP address
4172 - Search - MITRE and CISA release Caldera for OT attack emulation
4173 - Search - ASUS routers are affected by three critical remote code execution flaws
4174 - Search - Hackers stole $41M worth of crypto assets from crypto gambling firm Stake
4175 - Search - Freecycle data breach impacted 7 Million users
4176 - Search - Meta disrupted two influence campaigns from China and Russia
4177 - Search - A massive DDoS attack took down the site of the German financial agency BaFin
4178 - Search - “Smishing Triad” Targeted USPS and US Citizens for Data Theft
4179 - Search - University of Sydney suffered a security breach caused by a third-party service provider
4180 - Search - Cybercrime will cost Germany $224 billion in 2023
4181 - Search - PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks
4182 - Search - Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition
4183 - Search - LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)
4184 - Search - UNRAVELING EternalBlue: inside the WannaCry’s enabler
4185 - Search - Researchers released a free decryptor for the Key Group ransomware
4186 - Search - Fashion retailer Forever 21 data breach impacted +500,000 individuals
4187 - Search - Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
4188 - Search - Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication
4189 - Search - Paramount Global disclosed a data breach
4190 - Search - National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization
4191 - Search - Abusing Windows Container Isolation Framework to avoid detection by security products
4192 - Search - Critical RCE flaw impacts VMware Aria Operations Networks
4193 - Search - UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw
4194 - Search - Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months
4195 - Search - FIN8-linked actor targets Citrix NetScaler systems
4196 - Search - Japan’s JPCERT warns of new ‘MalDoc in PDF’ attack technique
4197 - Search - Attackers can discover IP address by sending a link over the Skype mobile app
4198 - Search - Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software
4199 - Search - Cloud and hosting provider Leaseweb took down critical systems after a cyber attack
4200 - Search - Crypto investor data exposed by a SIM swapping attack against a Kroll employee
4201 - Search - China-linked Flax Typhoon APT targets Taiwan
4202 - Search - Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035
4203 - Search - Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager
4204 - Search - Eagerbee backdoor targets govt entities and ISPs in the Middle East
4205 - Search - Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack
4206 - Search - Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices
4207 - Search - Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday
4208 - Search - The Tor Project and Tails have merged operations
4209 - Search - Antivirus firm Dr.Web disconnected all servers following a cyberattack
4210 - Search - U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog
4211 - Search - Ransomware drama: Law enforcement seized Lockbit group’s website again
4212 - Search - Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center
4213 - Search - France agency ANSSI warns of Russia-linked APT28 attacks on French entities
4214 - Search - UK Greater Manchester Police disclosed a data breach
##
Security Boulevard
View Articles
4215 - Search - Wyden to Hold Up Trump CISA Nominee Over Telecom ‘Cover Up’: Report
4216 - Search - NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue
4217 - Search - Solving the Identity Crisis: Okta Redefines Security in a Machine-Led World
4218 - Search - 21 Countries Sign Onto Voluntary Pact to Stem the Proliferation of Spyware
4219 - Search - Qevlar Raises $14M to Lead the Agentic AI Revolution
4220 - Search - Data Security in the Age of AI with Rob Truesdell
4221 - Search - Cybersecurity Requirements of Cloud Computing with Brooke Motta
4222 - Search - Apr 9 | Jeffrey Burt
4223 - Search - So, How is your LLM Today?
4224 - Search - Apr 8 | John P. Gormally, SR
4225 - Search - Hunters International Dumps Ransomware, Goes Full-on Extortion
4226 - Search - NSFOCUS WAF New UI Walkthrough: Site Configuration
4227 - Search - Your Go-To Web Application Pentesting Checklist
4228 - Search - Apr 8 | Likhil Chekuri
4229 - Search - The Web application Penetration Testing Tools That Actually Works
4230 - Search - Apr 8 | Shubham Jha
4231 - Search - Legit Scans for Secrets in SharePoint
4232 - Search - Apr 9 | Elad Namdar
4233 - Search - Patch Tuesday Update – April 2025
4234 - Search - Apr 9 | Dragos Josanu
4235 - Search - Legit and Traceable: Better Together
4236 - Search - Apr 7 | Joe Nicastro
4237 - Search - Are Your NHIs Truly Secure in the Cloud?
4238 - Search - Apr 8 | Amy Cohn
4239 - Search - Ensuring NHIs Are Trustworthy in Cloud Environments
4240 - Search - 5 Non-Human Identity Breaches That Workload IAM Could Have Prevented
4241 - Search - Apr 7 | Dan Kaplan
4242 - Search - Oracle Hack: From ‘Deny-Deny-Deny’ to ‘Oops-Oops-Oops’
4243 - Search - Apr 4 | Richi Jennings
4244 - Search - The Power of Identifying Continuously Vulnerable Repositories (CVRs)
4245 - Search - Apr 4 | Eitan Karadi
4246 - Search - Four Tips for Optimizing Data Backup and Recovery Costs
4247 - Search - Apr 9 | Justin Giardina
4248 - Search - Cybersecurity Insights with Contrast CISO David Lindner | 04/04/25
4249 - Search - Apr 4 | David Lindner, Director, Application Security
4250 - Search - App Stores OK’ed VPNs Run by China PLA
4251 - Search - Oracle Hack PR Drama: Deny, Deny, Deny — Despite Damning Data
4252 - Search - The Silent Infiltration: How Powerful CPS Devices Are Amplifying Cyber Risks for Businesses
4253 - Search - Mar 14 | John Gallagher
4254 - Search - No, Elon — X DDoS was NOT by Ukraine
4255 - Search - More IoT & ICS Security
4256 - Search - AI and Machine Learning in Security
4257 - Search - AI and ML in Security
4258 - Search - AI is Reshaping Cyber Threats: Here’s What CISOs Must Do Now
4259 - Search - Apr 10 | Pritesh Parekh
4260 - Search - The Invisible Data Battle: How AI Became a Cybersec Professional’s Biggest Friend and Foe
4261 - Search - Apr 9 | Vaidotas Sedys
4262 - Search - How Credential Leaks Fuel Cyberattacks
4263 - Search - Longtime ‘Fast Flux’ Evasion Technique Now a National Security Threat
4264 - Search - Microsoft Security Copilot Gets New Tooling
4265 - Search - Apr 7 | Justin Warren
4266 - Search - AI Security Got Complicated Fast. Here’s How Microsoft is Simplifying It
4267 - Search - Apr 4 | Jennifer Minella
4268 - Search - FunkSec: A New Ransomware Group Buoyed by AI
4269 - Search - Sealing Entry Points and Weak Links in the Environment – How Dell is Building an Iron Wall of Defense
4270 - Search - Nov 13 | Sulagna Saha
4271 - Search - The 2025 Guide to Open Source Security and Risk
4272 - Search - Securing Open Source Software Supply Chains – The Next Frontier of Innovation
4273 - Search - GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats
4274 - Search - C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements
4275 - Search - Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption
4276 - Search - RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients
4277 - Search - ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On
4278 - Search - Security Creators Network - Latest
4279 - Search - Embracing the Future: Mastering Your Cybersecurity Strategy With an Identity Driven Security Approach
4280 - Search - The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access
4281 - Search - Proactive Secrets Rotation to Avoid Data Breaches
4282 - Search - Innovations in Managing Cloud Machine Identities
4283 - Search - Speaking the Board’s Language: A CISO’s Guide to Securing Cybersecurity Budget
4284 - Search - DeepSeek Breach Yet Again Sheds Light on Dangers of AI
4285 - Search - Trump EO Presses States to Bear the Weight of CI Resilience
4286 - Search - The AI Alibi Defense: How General-Purpose AI Agents Obscure Criminal Liability
4287 - Search - Optimistic About the Future of Secrets Vaulting?
4288 - Search - Xanthorox AI – The Next Generation of Malicious AI Threats Emerges
4289 - Search - Crafting Impenetrable Defenses for Your NHIs
4290 - Search - BSidesLV24 – HireGround – Tracking And Hacking Your Career
4291 - Search - 23andMe Data Breach: A Wake-Up Call for Consumer Privacy and Corporate Accountability
4292 - Search - John D. Boyle | Yesterday
4293 - Search - Randall Munroe’s XKCD ‘Decay Chain’
4294 - Search - Add your blog to Security Creators Network
4295 - Search - Trends-To-Watch Q&A: The future of edge—will decentralization ever be more than a talking point?
4296 - Search - News alert: Gcore launches Super Transit – accelerated DDoS protection to safeguard enterprises
4297 - Search - News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed
4298 - Search - News alert: YRIKKA’s ‘Red Teaming’ API advances AI safety, reliability in high-stakes applications
4299 - Search - Microsoft Enforces SPF, DKIM, DMARC for High-Volume Senders
4300 - Search - Top Passwordless Identity Assurance Trends for 2025
4301 - Search - News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus
4302 - Search - aiSIEM-Cguard: Revolutionizing Cybersecurity with AI-Powered Threat Detection
4303 - Search - News alert: INE receives a dozen G2 badges highlighting its cybersecurity training leadership
4304 - Search - GUEST ESSAY: The case for making real-time business continuity a frontline cybersecurity priority
##
The Hacker News
View Articles
4305 - Search - AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA ProtectionsApr 10, 2025Website Security / CybercrimeCybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO. “AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September 2024,” SentinelOne researchers Alex Delamotte and Jim Walter said in a report shared with The Hacker News. “The bot uses OpenAI to generate custom outreach messages based on the purpose of the website.” Targets of the activity include contact forms and chat widgets present in small to medium-sized business websites, with the framework sharing spam content generated using OpenAI’s large language models (LLMs). What makes the “sprawling” Python-based tool stand apart is its ability to craft content such that it can bypass spam filters. It’s believe…
4306 - Search - Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam PagesApr 09, 2025Artificial Intelligence / Web SecurityLovable , a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages. “As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly with every scammer’s wishlist,” Guardio Labs’ Nati Tal said in a report shared with The Hacker News. “From pixel-perfect scam pages to live hosting, evasion techniques, and even admin dashboards to track stolen data – Lovable didn’t just participate, it performed. No guardrails, no hesitation.” The technique has been codenamed VibeScamming – a play on the term vibe coding, which refers to an AI-dependent programming technique to produce software by describing the problem statement in a few sentences as a prompt to a large language model (LLM) tuned for codin…
4307 - Search - New TCESB Malware Found in Active Attacks Exploiting ESET Security ScannerApr 09, 2025Windows Security / VulnerabilityA Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB . “Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device,” Kaspersky said in an analysis published this week. ToddyCat is the name given to a threat activity cluster that has targeted several entities in Asia, with attacks dating all the way back to at least December 2020. Last year, the Russian cybersecurity vendor detailed the hacking group’s use of various tools to maintain persistent access to compromised environments and harvest data on an “industrial scale” from organizations located in the Asia-Pacific region. Kaspersky said its investigation into ToddyCat-related incidents in early 2024 unearthed a suspicious DLL file (“version…
4308 - Search - Explosive Growth of Non-Human Identities Creating Massive Security Blind SpotsApr 09, 2025Secrets Management / DevOpsGitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as they continue to be deployed, creating an unprecedented level of security risk. This report reveals an astounding 23.77 million new secrets were leaked on GitHub in 2024 alone. This is a 25% surge from the previous year. This dramatic increase highlights how the proliferation of non-human identities (NHIs), such as service accounts, microservices, and AI agents, are rapidly expanding the attack surface for threat actors. The Non-Human Identity Crisis NHI secrets, including API keys, service accounts, and Kubernetes workers, now outnumber human identities by at least 45-to-1 in DevOps environments. These machine-based credentials…
4309 - Search - PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy RansomwareApr 09, 2025Vulnerability / RansomwareMicrosoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. “The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia,” the tech giant said . The vulnerability in question is CVE-2025-29824, a privilege escalation bug in CLFS that could be exploited to achieve SYSTEM privileges. It was fixed by Redmond as part of its Patch Tuesday update for April 2025. Microsoft is tracking the activity and the post-compromise exploitation of CVE-2025-29824 under the moniker Storm-2460, with the threat actors also leveraging a malware named PipeMagic to deliver the exploit as well as ransomware payloads. The exact initial access vector used in the attacks is currently not known. However, the threa…
4310 - Search - CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE AttacksApr 09, 2025Application Security / VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote code execution. It has been addressed in version 16.4.10315.56368 released on April 3, 2025. “Gladinet CentreStack contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification,” CISA said. “Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.” Specifically, the shortcoming is rooted in the use of a hard-code “machineKey” in the IIS web.config file, which enables threat actors with knowl…
4311 - Search - Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks?Apr 01, 2025Web Security / GDPR ComplianceExplore how relying on CSRF tokens as a security measure against CSRF attacks is a recommended best practice, but in some cases, they are simply not enough. Introduction As per the Open Web Application Security Project (OWASP), CSRF vulnerabilities are recognized as a significant threat and are historically part of their top risks. The implications of CSRF attacks are far-reaching and could lead to critical security implications, such as: Unauthorized actions : Attackers can trick users into executing unwanted actions on websites where they’re authenticated. For example, changing account settings, making purchases, or transferring funds. Identity exploitation : The attack works by exploiting the victim’s authenticated session, making the application unable to distinguish between legitimate user requests and forged ones. Silent execution : CSRF attacks often happen without the victim’s knowledge as they can be hidden in seemingly innocent links, images, or embedded c…
4312 - Search - Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS VulnerabilityApr 09, 2025Endpoint Security / VulnerabilityMicrosoft has released security fixes to address a massive set of 125 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 125 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege escalation, 34 as remote code execution, 16 as information disclosure, and 14 as denial-of-service (DoS) bugs. The updates are aside from the 22 flaws the company patched in its Chromium-based Edge browser since the release of last month’s Patch Tuesday update . The vulnerability that has been flagged as under active attack is an elevation of privilege (EoP) flaw impacting the Windows Common Log File System (CLFS) Driver ( CVE-2025-29824 , CVSS score: 7.8) that stems from a use-after-free scenario, allowing an authorized attacker to elevate privileges locally. CVE-2025-29824 is the sixth EoP vulnerability to be di…
4313 - Search - Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities DiscoveredApr 09, 2025Software Security / VulnerabilityAdobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity - CVE-2025-24446 (CVSS score: 9.1) - An improper input validation vulnerability that could result in an arbitrary file system read CVE-2025-24447 (CVSS score: 9.1) - A deserialization of untrusted data vulnerability that could result in arbitrary code execution CVE-2025-30281 (CVSS score: 9.1) - An improper access control vulnerability that could result in an arbitrary file system read CVE-2025-30282 (CVSS score: 9.1) - An improper authentication vulnerability that could result in arbitrary code execution CVE-2025-30284 (CVSS score: 8.0) - A deserialization of untrusted data vulnerability that could result in arbitrary code execution CVE-2025-30285 (CVSS score: 8.0) - A deserialization of …
4314 - Search - Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change FlawApr 08, 2025Network Security / VulnerabilityFortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887 , carries a CVSS score of 9.3 out of a maximum of 10.0. “An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request,” Fortinet said in an advisory released today. The shortcoming impacts the following versions - FortiSwitch 7.6.0 (Upgrade to 7.6.1 or above) FortiSwitch 7.4.0 through 7.4.4 (Upgrade to 7.4.5 or above) FortiSwitch 7.2.0 through 7.2.8 (Upgrade to 7.2.9 or above) FortiSwitch 7.0.0 through 7.0.10 (Upgrade to 7.0.11 or above), and FortiSwitch 6.4.0 through 6.4.14 (Upgrade to 6.4.15 or above) The network security company said the security hole was internally discovered and reported by Daniel Rozeboom of the FortiSwitch web UI develo…
4315 - Search - Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path TraversalApr 08, 2025Cloud Security / VulnerabilityCybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges, and likely escalate privileges or perform malicious activities by writing files to sensitive areas of the system, Cymulate said in a report shared with The Hacker News. Amazon SSM Agent is a component of Amazon Web Services (AWS) that enables administrators to remotely manage, configure, and execute commands on EC2 instances and on-premises servers. The software processes commands and tasks defined in SSM Documents , which can include one or more plugins, each of which is responsible for carrying out specific tasks, such as running shell scripts or automating deployment or configura…
4316 - Search - Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software ListingsApr 08, 2025Cryptocurrency / MalwareThreat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge , a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. “One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a legitimate GitHub project,” Kaspersky said in a report published today. “The description and contents of officepackage provided below were also taken from GitHub.” While every project created on sourceforge.net gets assigned a “
4317 - Search - Agentic AI in the SOC - Dawn of Autonomous Alert TriageApr 08, 2025Artificial Intelligence / Threat DetectionSecurity Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term “AI” often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many existing solutions are assistant-based, requiring constant human input, while a new wave of autonomous, Agentic AI has the potential to fundamentally transform security operations. This article examines Agentic AI (sometimes also known as Agentic Security ), contrasts it with traditional assistant-based AI (commonly known as Copilots), and explains its operational and economic impacts on modern SOCs. We’ll also explore practical considerations for security leaders evaluating Agentic AI solutions. Agentic AI vs. Assistant AI (aka Copilots): Clarifying the Difference Agentic AI is defined by …
4318 - Search - AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock
4319 - Search - How SSL Misconfigurations Impact Your Attack Surface
4320 - Search - ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
4321 - Search - 10 Critical Network Pentest Findings IT Teams Overlook
4322 - Search - ⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Surge and More
4323 - Search - North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
4324 - Search - Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees
4325 - Search - Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
4326 - Search - The Surprising Gap in DDoS Protections: How Attackers Continue to Exploit DDoS VulnerabilitiesApril 7, 2025Read ➝
4327 - Search - Supercharging Security and Compliance with AI CopilotsApril 7, 2025Watch ➝
4328 - Search - The New Frontier of Security Risk: AI-Generated CredentialsApril 7, 2025Read ➝
4329 - Search - What it Means to ‘Fight AI with AI’ using a Zero Trust PlatformMarch 31, 2025Read ➝
##
ThreatPost
View Articles
4330 - Search - Student Loan Breach Exposes 2.5M Records
4331 - Search - Watering Hole Attacks Push ScanBox Keylogger
4332 - Search - Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
4333 - Search - Ransomware Attacks are on the Rise
4334 - Search - Inside the Hackers’ Toolkit – Podcast
4335 - Search - Being Prepared for Adversarial Attacks – Podcast
4336 - Search - The State of Secrets Sprawl – Podcast
4337 - Search - A Blockchain Primer and a Bored Ape Headscratcher – Podcast
4338 - Search - Security Innovation: Secure Systems Start with Foundational Hardware
4339 - Search - Securely Access Your Machines from Anywhere – Presented by Keeper Security
4340 - Search - Log4j Exploit: Lessons Learned and Risk Reduction Best Practices
4341 - Search - How to ID and Protect Sensitive Cloud Data: The Secret to Keeping Secrets
4342 - Search - Cloud Security: The Forecast for 2022
4343 - Search - 2021: The Evolution of Ransomware
4344 - Search - Healthcare Security Woes Balloon in a Covid-Era World
4345 - Search - 2020 in Security: Four Stories from the New Threat Landscape
4346 - Search - Cybercriminals Are Selling Access to Chinese Surveillance Cameras
4347 - Search - Twitter Whistleblower Complaint: The TL;DR Version
4348 - Search - Firewall Bug Under Active Attack Triggers CISA Warning
4349 - Search - Fake Reservation Links Prey on Weary Travelers
4350 - Search - iPhone Users Urged to Update to Patch 2 Zero-Days
4351 - Search - Is your Java up to date?
4352 - Search - Top 5 Tips to Avoid Viruses and Spyware
4353 - Search - U.S. needs to investigate cyberweapons
4354 - Search - Six months later, DNS still taking a hit
4355 - Search - Pwn2Own 2009: Browsers and smart phones are targets
4356 - Search - Protecting Phones From Pegasus-Like Spyware Attacks
4357 - Search - Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales
4358 - Search - Spotlight on Cybercriminal Supply Chains
4359 - Search - Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’
4360 - Search - CISOs Prep For COVID-19 Exposure Notification in the Workplace
4361 - Search - Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High
4362 - Search - PYSA Emerges as Top Ransomware Actor in November
4363 - Search - Encrypted & Fileless Malware Sees Big Growth
4364 - Search - Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts
4365 - Search - Women, Minorities Are Hacked More Than Others
4366 - Search - Cyberattackers Put the Pedal to the Medal: Podcast
4367 - Search - MacOS Malware: Myth vs. Truth – Podcast
4368 - Search - Top 3 Attack Trends in API Security – Podcast
4369 - Search - Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast
4370 - Search - Staff Think Conti Group Is a Legit Employer – Podcast
4371 - Search - Lyceum APT Returns, This Time Targeting Tunisian Firms
4372 - Search - National Surveillance Camera Rollout Roils Privacy Activists
4373 - Search - Malware Gangs Partner Up in Double-Punch Security Threat
4374 - Search - How Email Attacks are Evolving in 2021
4375 - Search - Patrick Wardle on Hackers Leveraging ‘Powerful’ iOS Bugs in High-Level Attacks
4376 - Search - Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares
4377 - Search - How the Pandemic is Reshaping the Bug-Bounty Landscape
4378 - Search - Experts Weigh in on E-Commerce Security Amid Snowballing Threats
4379 - Search - Cybercriminals Step Up Their Game Ahead of U.S. Elections
4380 - Search - 2020 Cybersecurity Trends to Watch
4381 - Search - Top Mobile Security Stories of 2019
4382 - Search - Facebook Security Debacles: 2019 Year in Review
4383 - Search - Biggest Malware Threats of 2019
4384 - Search - Top 10 IoT Disasters of 2019
4385 - Search - 2019 Malware Trends to Watch
4386 - Search - Top 2018 Security and Privacy Stories
##
Troy Hunt
##
Last Watchdog
View Articles
4390 - Search - News alert: RSAC 2025 ramps up – watch Byron Acohido on Bospar’s Politely Pushy podcast
4391 - Search - road to RSAC 2025 continues
4392 - Search - SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today
4393 - Search - My Take: Here’s why Google’s $32B Wiz grab is the latest Big Tech leap sure to further erode privacy
4394 - Search - GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must
4395 - Search - My Take: Will decentralizing connected systems redistribute wealth or reinforce Big Tech’s grip?
4396 - Search - Self-healing devices on the horizon
4397 - Search - MY TAKE: Here’s why Donald Trump really needs to fully embrace Joe Biden’s cybersecurity EO
4398 - Search - GUEST ESSAY: President Biden’s cybersecurity executive order is an issue of national security
4399 - Search - LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025
4400 - Search - LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold
4401 - Search - LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025
4402 - Search - LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024
4403 - Search - Shared Intel Q&A: A thriving ecosystem now supports AWS ‘shared responsibility’ security model
4404 - Search - MY TAKE: Technology breakthroughs, emerging standards are coalescing to assure IoT integrity
4405 - Search - Shared Intel Q&A: Foreign adversaries now using ‘troll factories’ to destroy trust in U.S. elections
4406 - Search - News alert: Evergy selects OneLayer to manage, secure its private cellular OT assets
4407 - Search - Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers
4408 - Search - NEWS ANALYSIS Q&A: How GenAI and LLMs are impacting cybersecurity — in the early going
4409 - Search - Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure
4410 - Search - Black Hat Fireside Chat: Here’s how ‘Active ASPM’ is helping to triage and remediate coding flaws
4411 - Search - MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency
4412 - Search - Black Hat Fireside Chat: The role of API Security in mitigating online fraud, emerging GenAI risks
4413 - Search - Black Hat Fireside Chat: Token’s wearable MFA solution combines PKI, biometrics — in a ring
4414 - Search - Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier
4415 - Search - Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver
4416 - Search - Black Hat Fireside Chat: How ‘enterprise browsers’ help to shrink exposures, boost efficiencies
4417 - Search - LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency
4418 - Search - MY TAKE: Study shows most folks haven’t considered bequeathing their ‘digital’ inheritances
4419 - Search - MY TAKE: RSAC 2024’s big takeaway: rules-based security is out; contextual security is taking over
4420 - Search - The power of everyman conversing with AI
4421 - Search - RSAC Fireside Chat: How the open-source community hustled to identify LLM vulnerabilities
4422 - Search - RSAC Fireside Chat: Secure, flexible web browsers finally available, thanks to open-source code
4423 - Search - Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler
4424 - Search - GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots
4425 - Search - The security case for AR, VR
4426 - Search - DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’
4427 - Search - The role of ‘attribute based encryption’
4428 - Search - STEPS FORWARD: How decentralizing IoT could help save the planet — by driving decarbonization
4429 - Search - SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep
4430 - Search - STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?
4431 - Search - What Cisco’s buyout of Splunk really signals
4432 - Search - MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?
4433 - Search - SHARED INTEL Q&A: Forrester’s Geoff Cairns on why IAM is overdue for a fundamental reset
##
Schneier on Security
View Articles
4434 - Search - How to Leak to a Journalist
4435 - Search - Posted on April 8, 2025 at 7:08 AM
4436 - Search - Posted on April 7, 2025 at 7:03 AM
4437 - Search - Friday Squid Blogging: Two-Man Giant Squid
4438 - Search - Posted on April 4, 2025 at 7:02 AM
4439 - Search - Web 3.0 Requires Data Integrity
4440 - Search - Posted on April 2, 2025 at 7:04 AM
4441 - Search - Cell Phone OPSEC for Border Crossings
4442 - Search - The Signal Chat Leak and the NSA
4443 - Search - Friday Squid Blogging: Squid Werewolf Hacking Group
4444 - Search - Data Is a Toxic Asset, So Why Not Throw It Out?
4445 - Search - How the NSA Threatens National Security
4446 - Search - Terrorists May Use Google Earth, But Fear Is No Reason to Ban It
4447 - Search - In Praise of Security Theater
##
Sophos News
View Articles
4450 - Search - Industrial-strength April Patch Tuesday covers 135 CVEs
4451 - Search - It takes two: The 2025 Sophos Active Adversary Report
4452 - Search - Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream
4453 - Search - Sophos Firewall v21.5 early access is now available
4454 - Search - Stealing user credentials with evilginx
4455 - Search - Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Spring 2025 Reports
4456 - Search - PJobRAT makes a comeback, takes another crack at chat apps
4457 - Search - The future of MFA is clear – but is it here yet?
4458 - Search - The sixth sense for cyber defense: Multimodal AI
4459 - Search - Little fires everywhere for March Patch Tuesday
4460 - Search - Expanded management regions for Sophos DNS Protection
4461 - Search - Quantifying ROI: Understanding the impact of cybersecurity products and services on cyber insurance claims