TikTok shut down in the U.S. late Saturday night following the Supreme Court's decision to uphold the law that banned the company over national security concerns. [...]

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. [...]

Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. [...]

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [...]

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. [...]

The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year's Salt Typhoon security breaches. [...]

Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDPR). [...]

A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. [...]

Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. [...]

The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea's Ministry of National Defense that have generated revenue via illegal remote IT work schemes. [...]

Days before leaving office, President Joe Biden signed an executive order to shore up the United States' cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation's critical infrastructure. [...]

Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. [...]

The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandatory multi-factor authentication, to settle charges that it failed to secure its hosting services against attacks since 2018. [...]

A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. [...]

This article delves into the rising tide of MFA failures, the alarming role of generative AI in amplifying these attacks, the growing user discontent weakening our defenses, and the glaring vulnerabilities being frequently exploited. The storm is building, and the worst is yet to come. [...]

A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. [...]

SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. [...]

​CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. [...]

A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. [...]

Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers' credit cards and personal information. [...]

​Ironically, cybercriminals now use Google search advertisements to promote phishing sites that steal advertisers' credentials for the Google Ads platform. [...]

Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers. [...]

A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...]

​North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. [...]

Today is Microsoft's January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. [...]