UPS discloses data breach after exposed customer info used in SMS phishing
Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its...
cybersecurity
Exploit released for Cisco AnyConnect bug giving SYSTEM privileges
Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure...
FTC: Amazon trapped millions into hard-to-cancel Prime memberships
The Federal Trade Commission (FTC) says Amazon allegedly used dark patterns to trick millions of users into enrolling in its...
The Great Exodus to Telegram: A Tour of the New Cybercrime Underground
The world of cybercrime is moving quickly. Threat actors, ransomware gangs, malware developers, and others are increasingly and rapidly moving...
Russian APT28 hackers breach Ukrainian govt email servers
Image: Bing Image Creator A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate (GRU)...
New RDStealer malware steals from drives shared over Remote Desktop
A cyberespionage and hacking campaign tracked as 'RedClouds' uses the custom 'RDStealer' malware to automatically steal data from drives shared...
Zyxel warns of critical command injection flaw in NAS devices
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command...
Over 100,000 ChatGPT accounts stolen via info-stealing malware
More than 101,000 ChatGPT user accounts have been stolen by information-stealing malware over the past year, according to dark web...
Ransomware is only getting faster: Six steps to a stronger defense
Staying ahead of threat actors is a game of cat and mouse, with attackers often having the upper hand. In...
Hackers infect Linux SSH servers with Tsunami botnet malware
An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS...
New Condi malware builds DDoS botnet out of TP-Link AX21 routers
A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers...
Microsoft fixes Azure AD auth flaw enabling account takeover
Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and...
VMware warns of critical vRealize flaw exploited in attacks
VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code...
Hackers warn University of Manchester students’ of imminent data leak
Image: Ax Sharma The ransomware operation behind a cyberattack on the University of Manchester has begun to email students, warning...
Android spyware camouflaged as VPN, chat apps on Google Play
Three Android apps on Google Play were used by state-sponsored threat actors to collect intelligence from targeted devices, such as...
Iowa’s largest school district confirms ransomware attack, data theft
Des Moines Public Schools, Iowa's largest school district, confirmed today that a ransomware attack was behind an incident that forced...
ASUS urges customers to patch critical router vulnerabilities
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately...
Hackers use fake OnlyFans pics to drop info-stealing malware
A malware campaign is using fake OnlyFans content and adult lures to install a remote access trojan known as 'DcRAT,'...
New Mystic Stealer malware increasingly used in attacks
A new information-stealing malware named 'Mystic Stealer,' has been promoted on hacking forums and darknet markets since April 2023, quickly...
Reddit hackers threaten to leak data stolen in February breach
The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen...
US govt offers $10 million bounty for info on Clop ransomware
The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the...
SMS delivery reports can be used to infer recipient’s location
A team of university researchers has devised a new side-channel attack named 'Freaky Leaky SMS,' which relies on the timing...
Western Digital boots outdated NAS devices off of My Cloud
Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on...
The Week in Ransomware – June 16th 2023 – Wave of Extortion
The MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations breached...
