Trezor issued an alert following a security breach on January 17, 2024, when unauthorized access was gained to their third-party support ticketing portal. [...]

Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. [...]

Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly. [...]

A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data. [...]

Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. [...]

The U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans' precise location data. [...]

Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. [...]

Kansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. [...]

Appliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub. [...]

The United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of 15 years in prison. [...]

A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. [...]

A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. [...]

Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. [...]

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. [...]

Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. [...]

The Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services. [...]

A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. [...]

Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. [...]

In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. [...]

A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. [...]

Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. [...]

GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [...]

A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. [...]

GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. [...]

Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [...]