The hack at Change Healthcare stands as the biggest breach of U.S. medical data in history, exposing 190 million people's data. © 2024 TechCrunch. All rights reserved. For personal use only.
A company’s licensing change to a static analysis tool has forced 10 companies together to create Opengrep. The post Open-source security spat leads companies to join forces for new tool appeared...
Beware of a convincing Royal Mail SMS phishing scam asking for personal details and payment for re-delivery. Learn…
Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users. [...]
All signs point to a legendary year ahead
2025-01-14 • Vertex • Savage Open article on Malpedia
2025-01-22 • Vertex • Savage • win.warmcookie Open article on Malpedia
Learn how to protect against the abuse of AWS Server-Side Encryption with Customer-Provided Keys (SSE-C) in ransomware campaigns.
A novel phishing campaign identified by Zimperium targets mobile users with malicious PDFs, impersonating USPS to steal credentials
Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations' security measures not set up to deal with these attacks
By adopting the 'Zero Noise' approach—prioritizing attacker-focused detections, continuous feedback loops, and a 'no alert left behind' mentality—security teams can cut through cloud alert noise,...
In the past decade, Oracle Database (Oracle DB) has reigned supreme in the competitive arena of database engine popularity ranking as shown in Figure 1 and Figure 2. This pervasiveness has led...
As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a phishing campaign impersonating the United States Postal Service (USPS)...
As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a phishing campaign impersonating the United States Postal Service (USPS)...
The European Union sanctioned three hackers, part of Unit 29155 of Russia's military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia's government agencies in 2020. [...]
2025-01-22 • ESET Research • Facundo Muñoz • win.slowstepper Open article on Malpedia
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The...
For the latest discoveries in cyber research for the week of 27th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Stark Aerospace, a US-based manufacturer...
Windows 11 taskbar is testing a new feature that helps you understand the current power state of your laptop's battery, including showing the battery percentage directly on the taskbar. [...]
The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. [...]
1Password’s top-tier security and sleek user interface make it a solid password manager to try this year. Read our hands-on 1Password review to learn more.
Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate...
Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...]
Members from the House Committee on Homeland Security have requested information on the U.S. Coast Guard’s actions to... The post US lawmakers sound alarm on COSCO SHIPPING’s national security...
The U.S. Senate voted 59-34 on Saturday to confirm Kristi Noem as the 8th Secretary of the Department... The post Kristi Noem takes over as Secretary of Homeland Security, confirmed in sweeping...
74% of CISOs plan to increase their cyber crisis simulation budgets in 2025
“Yahoo Boy” scammers are impersonating CNN and other news organizations to create videos that pressure victims into making blackmail payments.
A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]
Critical security flaw in SonicWall SMA 1000 appliances (CVE-2025-23006) exploited as a zero-day. Rated CVSS 9.8, patch immediately…
A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars