Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8M). [...]
Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal. The extensions, which so far number at least 35, use the same code …
Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]
The Russian state-backed hacking group Gamaredon (aka "Shuckworm") has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. [...]
Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations. [...]
A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. [...]
Spammers used OpenAI to generate messages that were unique to each recipient, allowing them to bypass spam-detection filters and blast unwanted messages to more than 80,000 websites in four months, researchers said Wednesday. The finding, documented in a post published by security firm SentinelOne’s SentinelLabs, underscores the …
Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." [...]
Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. [...]
Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers [...]
AI is making voice phishing (vishing) more dangerous than ever, with scammers cloning voices in seconds to trick employees into handing over their credentials. Learn how to defend your organization with Specops Secure Service Desk. [...]
Phishing actors are employing a new evasion tactic called 'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted. [...]
In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. [...]
Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. [...]
A leak of 190,000 chat messages traded among members of the Black Basta ransomware group shows that it’s a highly structured and mostly efficient organization staffed by personnel with expertise in various specialities, including exploit development, infrastructure optimization, social engineering, and more. The trove of records was …
Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. [...]
Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. [...]
Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. [...]
Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. [...]
A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. [...]
Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. [...]
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. [...]
Spain's police arrested six individuals behind a large-scale cryptocurrency investment scam that used AI tools to generate deepfake ads featuring popular public figures to lure people. [...]
The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. [...]
Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks. [...]