A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans. [...]

Experts say the detection delay of 17 months is a colossal security blunder by the retailer. [...]

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. [...]

This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild. [...]

RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say. [...]

Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity. [...]

Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby's death. [...]

The group uses millions of password combos at the rate of nearly 2,700 login attempts per minute with new techniques that push the ATO envelope. [...]

Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users. [...]

The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks. [...]

Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. [...]

The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques. [...]

The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software. [...]

Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks. [...]

A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others. [...]

Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers. [...]

The BloodyStealer trojan helps cyberattackers go after in-game goods and credits. [...]

A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities. [...]

UPDATE: Indicators of compromise are now available. The unredacted RCE exploit released on Monday allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. [...]

Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress. [...]

Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests. [...]

It's not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia. [...]

Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn. [...]

Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. [...]

After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court." [...]