A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. [...]

Microsoft released an emergency security update for the Windows 10 and Windows 11 Snipping tool to fix the Acropalypse privacy vulnerability. [...]

This week's news has been dominated by the Clop ransomware gang extorting companies whose GoAnywhere services were breached using a zero-day vulnerability. [...]

OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries. [...]

Microsoft is testing an updated version of the Windows 11 Snipping Tool that fixes a recently disclosed 'Acropalypse' privacy flaw that allows the partial restoration of cropped images. [...]

A severe privacy flaw named 'acropalypse' has also been found to affect the Windows Snipping Tool, allowing people to partially recover content that was edited out of an image. [...]

The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. [...]

The fallout from the Clop ransomware attacks on GoAnywhere platforms has become apparent this week, with the threat actors starting to extort victims on their data leak site and companies confirming breaches. [...]

Nord Security (Nord) has released the source code of its Linux NordVPN client and associated networking libraries in the hopes of being more transparent and easing users' security and privacy concerns. [...]

Cybersecurity company Rubrik has confirmed that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. [...]

​Today is Microsoft's March 2023 Patch Tuesday, and security updates fix two actively exploited zero-day vulnerabilities and a total of 83 flaws. [...]

​Offensive Security has released ​Kali Linux 2023.1, the first version of 2023 and the project's 10th anniversary, with a new distro called 'Kali Purple,' aimed at Blue and Purple teamers for defensive security. [...]

A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands. [...]

The Clop ransomware gang has begun extorting companies whose data was stolen using a zero-day vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution. [...]

This week's biggest news was the coordinated, international law enforcement operation between Europol, the FBI, the Netherlands, Germany, and Ukraine that targeted the DoppelPaymer operation. [...]

An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service's web domain and hosting server. [...]

The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. [...]

The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows. [...]

The Play ransomware gang has begun to leak data from the City of Oakland, California, that was stolen in a recent cyberattack. [...]

This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile. [...]

Microsoft has released out-of-band security updates for 'Memory Mapped I/O Stale Data (MMIO)' information disclosure vulnerabilities in Intel CPUs. [...]

American fast food chain Chick-fil-A has confirmed that customers' accounts were breached in a months-long credential stuffing attack, allowing threat actors to use stored rewards balances and access personal information. [...]

Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. [...]

An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and its assets. [...]

LastPass revealed more information on a "coordinated second attack," where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for over two months. [...]