Category: Security Affairs

Threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Researchers at cybersecurity firm Sygnia warn that threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Ransomware groups are…

Read more →

Crooks stole at least $69 million from Singapore-based cryptocurrency platform Phemex in an alleged cyberattack. Singapore-based crypto platform Phemex paused operations after a cyberattack that resulted in the theft of $69M. Phemex CEO Federico Variola stated they are restoring withdrawals and…

Read more →

The Change Healthcare data breach is worse than initially estimated: approximately 190 million people have been affected. The Change Healthcare data breach is worse than initially estimated, the incident has impacted 190 million people. In October 2024, UnitedHealth Group announced…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Subaru Starlink flaw…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets       Threat Bulletin: Weaponized Software Targets Chinese-Speaking…

Read more →

Cisco addressed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code. Cisco has released security updates to address a ClamAV denial-of-service (DoS) vulnerability tracked as CVE-2025-20128. The Cisco PSIRT experts warn of…

Read more →

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. Popular security researcher Sam Curry and he colleague Shubham Shah discovered a vulnerability in Subaru’s Starlink connected vehicle service that exposed vehicles and…

Read more →

The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. Sina Kheirkhah (@SinSinology) of Summoning Team…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA1000 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) vulnerability, tracked as…

Read more →

Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named “J-magic,” attackers are exploiting a Magic Packet flaw. Lumen Technologies researchers reported that the J-magic campaign targets Juniper routers with a custom backdoor using a…

Read more →

SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild. SonicWall is waring customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA)…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds JQuery vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a JQuery persistent cross-site scripting (XSS) vulnerability, tracked as CVE-2020-11023 (CVSS score: 6.9) to its Known Exploited…

Read more →

Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025. During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which brings the event total to $718,250. So far, the researchers…

Read more →

US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US government’s cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti…

Read more →

Cisco addressed a critical flaw in its Meeting Management that could allow it to gain administrator privileges on vulnerable instances. Cisco released security updates to fix a critical flaw, tracked as CVE-2025-20156 (CVSS score of 9.9) affecting its Meeting Management.…

Read more →

Donald Trump pardoned Ross Ulbricht, creator of the notorious dark web, drug marketplace Silk Road , after 11 years in prison. Donald Trump pardoned Ross Ulbricht, creator of Silk Road, who was convicted in 2015 for narcotics and money-laundering conspiracy…

Read more →

Trend Micro’s Zero Day Initiative (ZDI) announced that $380K was awarded on Day 1 of Pwn2Own Automotive 2025. Trend Micro’s Zero Day Initiative (ZDI) announced that over $380,000 was awarded on Day 1 of Pwn2Own Automotive 2025, a hacking contest…

Read more →

Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024.…

Read more →

Cloudflare announced that it has blocked a record-breaking 5.6 terabit-per-second (Tbps) distributed denial-of-service (DDoS) attack. Cloudflare announced that during the week of Halloween 2024, it autonomously detected and blocked a 5.6 Terabit per second (Tbps) DDoS attack, which is the…

Read more →

A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the Web (MotW) Windows security feature. Attackers can exploit a vulnerability, tracked as CVE-2025-0411, in the free, open-source file archiver software 7-Zip to bypass the Mark…

Read more →

A former CIA analyst, Asif William Rahman, pleaded guilty to leaking top-secret National Defense Information on social media in 2024. Asif William Rahman, a former CIA analyst with Top-Secret clearance since 2016, pleaded guilty to leaking classified information on social…

Read more →

Researchers warn of a campaign exploiting AVTECH IP cameras and Huawei HG532 routers to create a Mirai botnet variant called Murdoc Botnet. Murdoc Botnet is a new Mirai botnet variant that targets vulnerabilities in AVTECH IP cameras and Huawei HG532…

Read more →

CERT-UA warned of scammers impersonating the agency, using fake AnyDesk requests to conduct fraudulent security audits. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber scams involving threat actors impersonating the agency by sending fraudulent AnyDesk connection requests…

Read more →

Kaspersky researchers shared details about multiple vulnerabilities impacting the Mercedes-Benz MBUX infotainment system. Kaspersky published research findings on the first-generation Mercedes-Benz User Experience (MBUX) infotainment system, specifically focusing on the Mercedes-Benz Head Unit. The researchers started from the results of…

Read more →

HPE is probing claims by the threat actor IntelBroker who is offering to sell alleged stolen source code and data from the company. Last week, the notorious threat actor IntelBroker announced on a popular cybercrime forum the sale of data…

Read more →

Researchers linked the threat actor DoNot Team to a new Android malware that was employed in highly targeted cyber attacks. CYFIRMA researchers linked a recently discovered Android malware to the Indian APT group known as DoNot Team. The Donot Team (aka…

Read more →

Researchers found malicious npm and PyPI packages capable of stealing and deleting sensitive data from infected systems. Socket researchers have identified multiple packages in the npm and Python Package Index (PyPI) repository designed to target Solana private keys and drain…

Read more →

Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices. The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices,…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury Sanctions…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Ransomware on ESXi: The mechanization of virtualized attacks FunkSec –…

Read more →

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose…

Read more →

The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network…

Read more →

noyb files complaints against TikTok, AliExpress, and other Chinese companies for illegal EU user data transfers to China, violating data protection laws. Austrian privacy non-profit group None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN,…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Aviatrix Controllers OS Command Injection vulnerability, tracked as CVE-2024-50603 (CVSS score of 10)…

Read more →

Researchers detailed a now-patched vulnerability that could allow a bypass of the Secure Boot mechanism in UEFI systems. ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism…

Read more →

The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection.…

Read more →

The law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 million individuals. The law firm Wolf Haldenstein disclosed a 2023 data breach that exposed the personal information of nearly 3.5 million individuals. Wolf…

Read more →

The Clop ransomware gang claims dozens of victims from a Cleo file transfer vulnerability, though several companies dispute the breaches. The Clop ransomware group added 59 new companies to its leak site, the gain claims to have breached them by…

Read more →

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.…

Read more →

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances.…

Read more →

Microsoft Patch Tuesday security updates for January 2025 addressed 161 vulnerabilities, including three actively exploited issues. Microsoft Patch Tuesday security updates for January 2025 addressed 161 vulnerabilities in Windows and Windows Components, Office and Office Components, Hyper-V, SharePoint Server, .NET…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known…

Read more →

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The threat actor used…

Read more →

Microsoft disclosed details of a vulnerability in Apple macOS that could have allowed an attacker to bypass the OS’s System Integrity Protection (SIP). Microsoft disclosed details of a now-patched macOS flaw, tracked as CVE-2024-44243 (CVSS score: 5.5), that allows attackers with…

Read more →

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of…

Read more →

Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia. Russia-linked threat actors UAC-0063 is targeting Kazakhstan as part of a cyber espionage campaign to gather economic and political intelligence in Central Asia. The Computer…

Read more →

Experts warn of a new campaign targeting an alleged zero-day in Fortinet FortiGate firewalls with management interfaces exposed online. Arctic Wolf researchers observed a campaign targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability. Threat actors…

Read more →

A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners in the wild. A security researcher Jakub Korepta discovered a critical vulnerability, tracked as CVE-2024-50603 (CVSS score: 10.0), in the Aviatrix Controller. The flaw impacts Aviatrix Controller…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:…

Read more →

FunkSec, a new ransomware group that attacked more than 80 victims in December 2024, was developed using AI tools. The FunkSec ransomware-as-a-service (RaaS) group has been active since late 2024, the gang published over 85 victims in December 2024. The…

Read more →

Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. Sucuri researchers warn of a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into CMS database tables.…

Read more →

In December, Microsoft sued a group for creating tools to bypass safety measures in its cloud AI products. Microsoft filed a complaint with the Eastern District Court of Virginia against ten individuals for using stolen credentials and custom software to…

Read more →

Over the weekend, Italy faced new waves of DDoS attacks carried out by pro-Russia group NoName057(16). Pro-Russia hackers Noname057(16) targeted Italian ministries, institutions, critical infrastructure’s websites and private organizations over the weekend. The new wave of attacks coincides with the…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DoJ charged three…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations   Scam Sniffer 2024: Web3 Phishing Attacks – Wallet Drainers Drain $494 Million  EAGERBEE,…

Read more →

Facebook paid $100,000 to a researcher for discovering a bug that granted him command access to an internal server in October 2024. TechCrunch first reported that Facebook awarded security researcher Ben Sadeghipour (@NahamSec) $100,000 for reporting a vulnerability that granted him access…

Read more →

The U.S. Department of Justice charged three Russian citizens with operating crypto-mixing services that helped crooks launder cryptocurrency. The U.S. Department of Justice (DoJ) charged Russian national Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton Vyachlavovich Tarasov with operating crypto-mixing…

Read more →

US marijuana dispensary STIIIZY warns customers of leaked IDs and passports following a November data breach. US marijuana dispensary STIIIZY disclosed a data breach after a vendor’s point-of-sale system was compromised by cybercriminals. The security breach exposed customer data and…

Read more →

Fortinet warns of a phishing campaign using legitimate links to hijack PayPal accounts, tricking users into granting unauthorized access. Fortinet uncovered a phishing campaign targeting PayPal users. The scheme employs legitimate links to deceive victims and gain unauthorized access to…

Read more →

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories,…

Read more →

Researchers at Google Project Zero disclosed a now-patched zero-click vulnerability that affects Samsung devices. Google Project Zero researchers disclosed details about a now-patched zero-click vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), in Samsung devices. The flaw is an out-of-bound write issue in…

Read more →

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. CrowdStrike discovered a phishing campaign using its recruitment branding to trick recipients into downloading a…

Read more →

Japanese authorities attributed a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace. The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a long-running cyber-espionage campaign targeting local entities to the China-linked…

Read more →

Medusind, a medical billing provider, disclosed a data breach that occurred in December 2023 and affected over 360,000 individuals. Medusind is a company that provides medical billing, coding, and revenue cycle management (RCM) services to healthcare organizations, including medical practices,…

Read more →

A group of hacktivists, known as the Ukrainian Cyber Alliance, breached Russian ISP Nodex, stole sensitive documents, and wiped systems. Ukrainian Cyber Alliance hacked Russian ISP Nodex, stole sensitive data, and wiped systems, highlighting their cyberattack capabilities. The Ukrainian Cyber…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure Vulnerability, tracked as CVE-2025-0282 (CVSS…

Read more →

Scaling up a security operations center (SOC) is inevitable for many organizations. How AI supports growth without overloading analysts. Scaling up a security operations center (SOC) is inevitable for many organizations. Although it might sting, keeping pace with business growth,…

Read more →

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704…

Read more →

Gayfemboy, a Mirai botnet variant, has been exploiting a flaw in Four-Faith industrial routers to launch DDoS attacks since November 2024. The Gayfemboy botnet was first identified in February 2024, it borrows the code from the basic Mirai variant and…

Read more →

Meta is replacing its fact-checking program with a “community notes” system, citing a shift in moderation strategy after a “cultural tipping point.” Meta CEO Mark Zuckerberg announced that the fact-checking program should be ended and replaced with a community-driven system.…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server and Mitel MiCollab vulnerabilities, to its Known…

Read more →

Threat actors breached Argentina’s airport security police (PSA) payroll, stealing data and deducting 2,000-5,000 pesos from salaries. Threat actors have breached Argentina’s airport security police (PSA) and compromised the personal and financial data of its officers and civilian personnel. Threat…

Read more →

Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution. Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances. Below are the…

Read more →

US adds Chinese multinational technology and entertainment conglomerate Tencent to the list of companies supporting the Chinese military. The US Department of Defense has added Chinese multinational technology and entertainment conglomerate Tencent to its “Chinese military company” list under the…

Read more →

Experts spotted new variants of the Eagerbee backdoor being used in attacks on government organizations and ISPs in the Middle East. Kaspersky researchers reported that new variants of the Eagerbee backdoor being used in attacks against Internet Service Providers (ISPs)…

Read more →

Tenable disabled two Nessus scanner agent versions after a faulty plugin update caused agents to go offline. Tenable Nessus is a widely-used vulnerability scanning tool designed to identify and assess security vulnerabilities in systems, networks, and applications. Tenable was forced…

Read more →

China-linked Salt Typhoon group that breached multiple US telecoms compromised more firms than previously known, WSJ says. The China-linked cyberespionage group Salt Typhoon targeted more US telecoms than previously known, as The Wall Street Journal reported. According to WSJ, wich…

Read more →

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and…

Read more →

A vulnerability in Nuclei, an open-source vulnerability scanner, could allow attackers to bypass signature checks and execute malicious code. A high-severity security flaw, tracked as CVE-2024-43405 (CVSS score of 7.4), in the open-source vulnerability scanner ProjectDiscovery’s Nuclei, could allow attackers to bypass…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. 7-Zip Zero-Day Exploit Dropped: A New Playground for Infostealer & Supply Chain Attacks   Quasar RAT Disguised as an npm Package for…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Malicious npm packages…

Read more →

Malicious npm packages target Ethereum developers, impersonating Hardhat plugins to steal private keys and sensitive data. Hardhat, by the Nomic Foundation, is an essential Ethereum tool, enabling streamlined smart contract and dApp development with customizable plugins. Socket researchers reported a supply…

Read more →

The U.S. Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group. The U.S. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by China’s state-backed Flax Typhoon…

Read more →

FireScam malware steals credentials and financial data by monitoring Android app notifications and sending data to a Firebase database. Cybersecurity firm Cyfirma warns of the FireScam Android info-stealing malware that supports spyware capabilities. The malicious code steals credentials and financial…

Read more →

Richmond University Medical Center has confirmed that a ransomware attack in May 2023 affected 670,000 individuals. New York’s Richmond University Medical Center confirmed a May 2023 ransomware attack impacted 674,033 individuals. Richmond University Medical Center (RUMC) is a healthcare institution…

Read more →

Apple has agreed to a $95 million settlement over a Siri eavesdropping lawsuit, denying any abuses. The settlement awaits judicial approval. Apple will pay $95 million to settle claims that its virtual assistant Siri was used to eavesdrop on users,…

Read more →

Experts warn of a new PoC exploit, LDAPNightmare, that targets a Windows LDAP flaw (CVE-2024-49113), causing crashes & reboots. The vulnerability CVE-2024-49113 (CVSS score of 7.5), named LDAPNightmare, is a Windows Lightweight Directory Access Protocol (LDAP) Denial of Service flaw that…

Read more →

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. POP3 (Post…

Read more →

US authorities have arrested soldier Cameron John Wagenius for his alleged involvement in leaking presidential phone records. US authorities arrested Cameron John Wagenius (20), a US Army soldier, suspected of involvement in leaking presidential call logs. The soldier was arrested…

Read more →

The “DoubleClickjacking” exploit bypasses protections on major websites, using a double-click sequence for clickjacking and account takeover attacks. DoubleClickjacking is a technique that allows attackers to bypass protections on major websites by leveraging a double-click sequence. Attackers can exploit the technique to…

Read more →

Telegram restricted access to Russian state-owned news channels in several European countries, including Poland, France, and Italy. Telegram blocked access to channels of multiple Russian state-owned news outlets across Europe, including Italy, Poland, Czechia, Belgium, France, the Netherlands, Greece, and…

Read more →

German authorities have charged three Russian-German nationals with suspicion of, among other things, secret service agent activity for the Russian government. German authorities have charged three Russian-German nationals on suspicion of activities including acting as secret service agents for the Russian government.…

Read more →

Lumen reports that the Salt Typhoon hacking group, which targeted at least nine U.S. telecom firms, was locked out of its network. This week, a White House official confirmed that China-linked APT group Salt Typhoon has breached a ninth U.S. telecoms company as part…

Read more →

HHS OCR proposed updates to the HIPAA Security Rule to boost cybersecurity for electronic protected health information (ePHI). On December 27, 2024, the United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) proposed updates to…

Read more →

The U.S. Treasury sanctioned entities for disinformation tied to Russian and Iranian intelligence before the 2024 presidential elections. The U.S. Treasury sanctioned entities for spreading disinformation linked to Russian and Iranian intelligence ahead of the 2024 presidential elections. The U.S.…

Read more →

Rhode Island ’s health benefits system was hacked, and threat actors leaked residents’ data on the dark web. Cybercriminals leaked data stolen from Rhode Island ‘s health benefits system on the dark web. Gov. Daniel McKee stated the state had…

Read more →

Threat actors compromised at least 16 Chrome browser extensions leading to the exposure of data from over 600,000 users. A supply chain attack compromised 16 Chrome browser extensions, exposing over 600,000 users. Threat actors targeted the publishers of the extensions…

Read more →

China-linked threat actors breached the U.S. Treasury Department by hacking a remote support platform used by the agency. China-linked threat actors breached the U.S. Treasury Department via a compromised remote support platform. The Treasury Department discovered the security breach on…

Read more →

An X user using the handle @NSA_Employee39 disclosed a zero-day vulnerability in the open-source file archive software 7-Zip. A verified X account, @NSA_Employee39, claimed to disclose a zero-day vulnerability in the open-source file archive software 7-Zip. The X user announced…

Read more →

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4GB of leaked data, which was compromised in…

Read more →