2.5 million people were affected, in a breach that could spell more trouble down the line. [...]

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. [...]

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. [...]

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. [...]

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. [...]

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. [...]

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. [...]

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. [...]

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. [...]

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. [...]

The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems. [...]

The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. [...]

Mobile transactions could’ve been disabled, created and signed by attackers. [...]

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings. [...]

The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities. [...]

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites. [...]

Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system [...]

A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus [...]

Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account. [...]

This edition of the Threatpost podcast is sponsored by Egress. [...]

This edition of the Threatpost podcast is sponsored by Egress. [...]

August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild. [...]

U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program. [...]

Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds. [...]

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims. [...]