Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. [...]

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. [...]

Enlarge (credit: Getty Images) Researchers have unearthed Linux malware that circulated in the wild for at least two years before being identified as a credential stealer that’s installed by the exploitation of recently patched vulnerabilities. The newly identified malware is a Linux variant of NerbianRAT, a remote access …

Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. [...]

Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. [...]

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. [...]

New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. [...]

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. [...]

The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. [...]

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. [...]

A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. [...]

We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. [...]

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. [...]

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. [...]

Enlarge (credit: Getty Images ) Microsoft said that Kremlin-backed hackers who breached its corporate network in January have expanded their access since then in follow-on attacks that are targeting customers and have compromised the company's source code and internal systems. The intrusion, which the software company disclosed in January, was …

Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. [...]

Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack. [...]

The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. [...]

Enlarge (credit: Getty Images) Attackers have transformed hundreds of hacked sites running WordPress software into command-and-control servers that force visitors’ browsers to perform password-cracking attacks. A web search for the JavaScript that performs the attack showed it was hosted on 708 sites at the time this post went live …

The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. [...]

An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. [...]

Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. [...]

AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. [...]

FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. [...]

Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. [...]