Information security

[ follow ]
#discord
fromZDNET
1 hour ago
Information security

70,000 government IDs were exposed in a Discord breach - could yours be next?

fromZDNET
1 hour ago
Information security

70,000 government IDs were exposed in a Discord breach - could yours be next?

Information security
fromFast Company
3 hours ago

This Discord feature you barely noticed could now be your biggest privacy risk

About 70,000 Discord users had government ID images and some personal data exposed after a third-party customer service vendor was hacked, creating identity theft risk.
#oracle-e-business-suite
Information security
fromThe Hacker News
2 hours ago

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

China-aligned UTA0388 conducts multilingual, tailored spear-phishing campaigns delivering Go-based GOVERSHELL backdoor via DLL side-loading to targets across North America, Asia, and Europe.
Information security
fromChannelPro
14 hours ago

DNS Security 101: Safeguarding your business from cyber threats

Organizations must strengthen DNS security to prevent phishing, malware distribution, domain and subdomain hijacking, and other cyberattacks exploiting lookalike domains.
#cybersecurity
fromDataBreaches.Net
9 hours ago
Information security

Shad White's office finds nearly a third of Mississippi's state agencies fail cybersecurity requirements - DataBreaches.Net

Information security
fromIT Pro
1 day ago

Repeated cyber attacks act as a stark reminder this cybersecurity awareness month

Cyberattacks are inflicting severe operational and financial damage on businesses and their supply chains, causing production halts, revenue loss, and supplier failures.
Information security
fromAbove the Law
1 day ago

Williams & Connolly Hit By Foreign Hackers - Above the Law

Law firms handle sensitive client data and are frequent targets of state-backed cyberattacks; proactive, upgraded security is essential to prevent breaches.
fromDataBreaches.Net
9 hours ago
Information security

Shad White's office finds nearly a third of Mississippi's state agencies fail cybersecurity requirements - DataBreaches.Net

fromIT Pro
1 day ago
Information security

Repeated cyber attacks act as a stark reminder this cybersecurity awareness month

#sonicwall
#data-breach
Information security
fromThe Hacker News
8 hours ago

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Stolen OAuth and API tokens enable attackers to bypass MFA and access SaaS systems, making token hygiene and rotation critical to prevent breaches.
Information security
fromTechCrunch
3 hours ago

'Dozens' of organizations had data stolen in Oracle-linked hacks | TechCrunch

Clop used a zero-day in Oracle E-Business Suite to steal corporate executive and company data from dozens of organizations since at least July 10.
Information security
fromwww.housingwire.com
9 hours ago

Proof launches new secure digital identity tool Certify

Cryptographic identity layer Certify lets users embed verifiable identity into digital media and data, enabling instantaneous authenticity verification and preventing deepfake and document fraud.
Information security
fromTechCrunch
3 hours ago

Italian businessman's phone reportedly targeted with Paragon spyware | TechCrunch

Francesco Gaetano Caltagirone was notified of being targeted by Paragon spyware, expanding the list of Italian victims beyond journalists and activists.
Information security
fromSecurityWeek
11 hours ago

Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day

State-sponsored hackers breached Williams & Connolly and accessed a small number of attorneys' email accounts by exploiting an unspecified zero-day vulnerability.
fromThe Hacker News
4 hours ago

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front camera; and even send SMS messages or place calls directly from the victim's device," Zimperium researcher Vishnu Pratapagiri said in a report shared with The Hacker News.
Information security
Information security
fromTechzine Global
10 hours ago

How to Safeguard and Prepare Exchange Server against Natural Disasters?

Implement geographically distributed high-availability (DAG), comprehensive backups, redundant power/networking, documented recovery procedures, and regular testing to minimize Exchange Server disaster impact.
Information security
fromThe Hacker News
11 hours ago

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Russian-linked hackers increasingly use AI to create phishing messages and generate malware, raising incident counts and producing AI-developed stealers like WRECKSTEEL.
Information security
fromIT Pro
11 hours ago

Organizations lag on deepfake protection

Deepfake attacks are increasing across multiple vectors, causing substantial financial losses while organizational defenses, budgets, and training remain insufficiently effective.
fromNextgov.com
3 hours ago

Risks of cyber fraud allegations remain high for companies subject to government requirements

Investigations into alleged violations of cybersecurity requirements under the federal civil False Claims Act (FCA) and its state analogues are increasingly an area of focus for the U.S. Department of Justice (DOJ), state attorneys general and whistleblowers (known as qui tam plaintiffs or relators under the FCA). We expect a continued uptick in enforcement activity, leading to elevated risk and additional potential financial exposure for companies subject to government cybersecurity requirements.
Information security
#ransomware
fromTheregister
3 hours ago

GitHub patches Copilot Chat flaw that could leak secrets

Researcher Omer Mayraz of Legit Security disclosed a critical vulnerability, dubbed CamoLeak, that could be used to trick Copilot Chat into exfiltrating secrets, private source code, and even descriptions of unpublished vulnerabilities from repositories. The flaw was scored 9.6 on the CVSS scale in the disclosure. The root cause is simple. Copilot Chat runs with the permissions of the signed-in user and ingests contextual text that humans might not see.
Information security
Information security
fromSecuritymagazine
1 day ago

The Future of Cybersecurity Training and What It Means for Employers

Effective cybersecurity training must combine hands-on, team-based practical experience with strategic business understanding to build resilient professionals.
Information security
fromTelecompetitor
23 hours ago

Nokia Threat Report: DDoS and LOTL Among the Dangers

Widespread living-off-the-land attacks, massive rapid DDoS events, exposed residential endpoints, and shrinking certificate lifetimes are elevating network and data security risks.
Information security
fromSecuritymagazine
1 day ago

Protecting Critical Infrastructure With Limited Funding

Utilities are prime cyber targets; security leaders should simplify complexity, adopt cloud-native platforms, and design scalable, resilient command centers while managing limited funding.
fromChannelPro
1 day ago

How bridging the IT visibility gap empowers channel partners

Cloud migration and flexible working policies have contributed to the sprawl, but part of the reason it's so unmanageable is that companies still rely on the same old discovery tools built for a static network. Whenever we scan a new environment, we always uncover a large number of devices that were completely off the radar and out of scope of the protection of their IT and security policies.
Information security
Information security
fromSecurityWeek
1 day ago

Virtual Event Today: Zero Trust & Identity Strategies Summit

Virtual Zero Trust summit emphasizes ZTNA, identity management, machine identity, and seamless authentication with sessions, vendor demos, and networking from 11AM–4PM ET.
Information security
fromSecurityWeek
1 day ago

Radiflow Unveils New OT Security Platform

Radiflow launched Radiflow360, an AI-driven OT security platform for mid-sized enterprises offering unified asset discovery, anomaly detection, risk management, and accelerated incident response.
Information security
fromTechzine Global
1 day ago

Kaseya acquires INKY for AI-driven email security

Kaseya's acquisition of INKY equips MSPs with generative-AI and behavioral-analysis email protection to detect and respond to advanced phishing attacks.
#ddos
fromIT Pro
1 day ago
Information security

Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intense

fromIT Pro
1 day ago
Information security

Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intense

Information security
fromSecuritymagazine
1 day ago

The Prevention Partnership: Executive Protection & Behavioral Threat Teams

Executive Protection combines proactive advance work and Behavioral Threat Assessment and Management to protect individuals from imminent physical harm.
fromForbes
1 day ago

Why Brand Impersonation Is A Marketing Crisis, Not Just A Cybersecurity Problem

Cybercriminals aren't just breaking into systems anymore; increasingly, they're breaking into identities. By impersonating trusted companies through look-alike domains, fake apps or cloned websites, attackers turn logos, tone and messaging into tools of deception. For communications and marketing leaders, this is a reputational flash fire that spreads faster than your crisis comms team can respond. And with generative AI making fake campaigns nearly indistinguishable from the real thing, brand impersonation has become one of the most under-recognized business risks today.
Information security
Information security
fromTechzine Global
1 day ago

Fifty years of security by design: why isn't it working?

Persistent misguided incentives, siloed stakeholders, and a speed-first Silicon Valley culture prevented adoption of security-by-design, leaving modern systems as insecure as decades ago.
fromSecuritymagazine
1 day ago

Why a Unified View Across IT, Continuity, and Security Makes or Breaks Crisis Response

The truth is, these teams are working on the same event. They're just seeing it from different angles. If they aren't connected, response becomes fragmented and valuable time gets lost. Connecting the Dots in Real Time This is where a unified approach to critical event management makes a real difference. It's not about layering on more tools. It's about connecting the ones already in place and giving people a shared view and a clear process when something goes wrong.
Information security
fromThe Cipher Brief
1 day ago

A Deniable Attack with Strategic Precision: Why the Red Hat Breach Looks More Like Statecraft Than Mere Crime

As the U.S. federal government ground to a halt at 12:01 a.m. EDT on October 1, 2025, a cybercriminal group calling itself the Crimson Collective chose that precise moment to publicly disclose one of the most significant supply chain compromises in recent memory. The breach of Red Hat's consulting division, affecting approximately 800 organizations, including critical defense contractors and government agencies, represents more than just another data breach; it demonstrates a sophisticated understanding of how to weaponize American politics for maximum strategic impact.
Information security
fromChannelPro
1 day ago

Kaseya expands backup portfolio, acquires email security specialist INKY

As part of its backup portfolio expansion, Kaseya announced the arrival of its next-generation Datto SIRIS 6, which it said represents the most powerful backup appliance in the industry, offering speedier recovery times at the "lowest cost on the market." The firm also announced Datto Backup for Microsoft Entra ID, a new purpose-built backup and recovery solution designed to protect identity data.
Information security
Information security
fromThe Cipher Brief
1 day ago

Inside the Policy Failure Putting America's Critical Infrastructure at Risk

Expiration of key cyber-sharing and local-defense programs, combined with congressional inaction, has created a widening gap in national cyber defenses.
Information security
fromSecurityWeek
1 day ago

DraftKings Warns Users of Credential Stuffing Attacks

DraftKings detected a credential stuffing attack using externally harvested credentials that may have exposed user account data and is enforcing password resets and MFA.
Information security
fromSecurityWeek
1 day ago

Google Offers Up to $20,000 in New AI Bug Bounty Program

Google launched a dedicated AI Vulnerability Reward Program excluding prompt injections, jailbreaks, and alignment issues while prioritizing security and abuse vulnerability reports.
fromTechzine Global
1 day ago

Docker makes secure images accessible to smaller businesses

Docker is launching a new subscription service for its Hardened Images catalog. The secure container images are designed to help organizations achieve near-zero CVEs without the high costs that were previously associated with this. With this launch, Docker is committed to democratizing container security. Every developer often starts their journey at Docker Hub. According to the company, this first step should be secure by default, without a premium price tag.
Information security
fromThe Verge
23 hours ago

Discord says 70,000 users may have had their government IDs leaked in breach

Following last week's announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord.
Information security
#salesforce
Information security
fromThe Hacker News
1 day ago

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely - Patch Now

A command injection vulnerability in the figma-developer-mcp MCP server (CVE-2025-53967) permits remote code execution via unsanitized user input.
Information security
fromLondon Business News | Londonlovesbusiness.com
1 day ago

Military communications revamp highlights barriers for SMEs in defence - London Business News | Londonlovesbusiness.com

Advanced military communication systems, including LiFi, are transforming battlefield information manoeuvre and driving modernization to protect electromagnetic transmissions and enable dispersed operations.
Information security
fromTechzine Global
1 day ago

Microsoft 365 outage disrupts Teams and Exchange access globally

Microsoft 365 outage causes widespread authentication and access failures across Teams, Exchange Online, and Entra, with MFA messages failing globally.
fromZDNET
1 day ago

Using SSH on MacOS is easy, thanks to this built-in connection manager

I use Secure Shell (SSH) every day because it's one of the most secure ways of connecting to remote machines. It doesn't matter if I'm accessing a machine within my LAN or a system beyond my home network; SSH is the tool I use. SSH is simple. You can connect to a server or desktop with the command: ssh USERNAME@SERVER Where USERNAME is the remote user and SERVER is the IP address or domain of the remote server.
Information security
Information security
fromSecurityWeek
1 day ago

Ransomware Group Claims Attack on Beer Giant Asahi

Qilin ransomware claimed responsibility for a cyberattack on Asahi, stealing 27 GB and disrupting orders, shipments, and call center operations in Japan.
Information security
fromThe Hacker News
1 day ago

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Attackers inject malicious JavaScript into WordPress theme files to load external scripts that redirect visitors via a traffic-distribution system while mimicking Cloudflare assets.
fromTelecompetitor
1 day ago

Three Reports on Wi-Fi and Emergency Services: Wireless Broadband Association

The WBA says that the reports collectively cover six areas related to emergency services: Wi-Fi as mission-critical infrastructure: Wi-Fi's evolution to a standards-compliant, resilient infrastructure capable of supporting emergency and public safety services Emergency services access: Ways to ensure support for E-911/E-112 calls over Wi-Fi regardless of mobile subscription status Priority access for NS/EP users: How to provide real-time prioritization of first responder traffic during network congestion
Information security
Information security
fromThe Verge
1 day ago

1Password says it can fix login security for AI browser agents

Secure Agentic Autofill provides credentials to AI browser agents only after explicit human approval and transmits them over an end-to-end encrypted channel.
Information security
fromThe Hacker News
1 day ago

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

Threat actors used log poisoning on exposed phpMyAdmin to deploy PHP web shells, ANTSWORD and Nezha, ultimately delivering Gh0st RAT to over 100 hosts.
fromInfoQ
1 day ago

GitHub Adds Post-Quantum Secure SSH Key Exchange to Protect Git Data in Transit

GitHub is introducing a hybrid post-quantum secure key exchange algorithm for SSH access when interacting with Git over SSH. The new algorithm, sntrup761x25519-sha512 (also known as sntrup761x25519-sha512@openssh.com), combines Streamlined NTRU Prime (a post-quantum cryptography scheme) with the classical curve X25519. This change aims to safeguard Git data against potential future threats from quantum computers that might decrypt SSH sessions recorded today.
Information security
fromCSO Online
1 day ago

Is your computer's mouse listening to you?

What makes this attack practical is the sensitivity of today's mice, both their high polling rate (the frequency at which they sample movement, measured in kHz), and the resolution with which they detect movement, measured in dots per inch (DPI).
Information security
fromDataBreaches.Net
1 day ago

US law firm with major political clients hacked in spying spree linked to China - DataBreaches.Net

Suspected Chinese government-backed hackers have breached computer systems of U.S. law firm Williams & Connolly, which has represented some of America's most powerful politicians, as part of a larger spying campaign against multiple law firms, according to a letter the firm sent clients and a source familiar with the hack. The cyber intrusions have hit the email accounts of select attorneys at these law firms, as Beijing continues a broader effort to gather intelligence to support its multi-front competition with the U.S.
Information security
fromZDNET
1 day ago

AI is making cybercriminal workflows more efficient too, OpenAI finds

OpenAI has published research revealing how state-sponsored and cybercriminal groups are abusing artificial intelligence (AI) to spread malware and perform widespread surveillance. (Disclosure: Ziff Davis, ZDNET's parent company, filed an April 2025 lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.) AI has benefits in the cybersecurity space; it can automate tedious and time-consuming tasks, freeing up human specialists to focus on complex projects and research, for example.
Information security
Information security
fromSecurityWeek
1 day ago

North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025

North Korean hackers stole over $2 billion in crypto in the first nine months of 2025, pushing cumulative thefts past $6 billion.
Information security
fromMail Online
1 day ago

Can YOU solve Kryptos K4? Code has left the CIA baffled for 35 years

Kryptos contains four encrypted passages; three have been solved, the final passage K4 remains unsolved, and its translated text with coding charts is being auctioned.
fromThe Hacker News
1 day ago

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

The AI company said while its large language models (LLMs) refused the threat actor's direct requests to produce malicious content, they worked around the limitation by creating building-block code, which was then assembled to create the workflows. Some of the produced output involved code for obfuscation, clipboard monitoring, and basic utilities to exfiltrate data using a Telegram bot. It's worth pointing out that none of these outputs are inherently malicious on their own.
Information security
Information security
fromZero Day Initiative
1 day ago

Zero Day Initiative - Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing

A 64-bit Windows function can be abused as a stack-pivoting weird machine by loading an unaligned register into rsp and executing GDI32 calls without crashes.
Information security
fromSecurityWeek
2 days ago

Cybersecurity M&A Roundup: 40 Deals Announced in September 2025

September 2025 saw 40 cybersecurity M&A deals including major acquisitions focused on AI security, IAM, and SASE by Accenture, Cato Networks, Check Point, and CrowdStrike.
Information security
fromThe Hacker News
2 days ago

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise

AI is the largest uncontrolled channel for corporate data exfiltration, with widespread unmanaged accounts and traditional DLP tools failing to detect sensitive data flows.
fromComputerWeekly.com
2 days ago

Building resilience in the cloud: Bridging SLA gaps and mitigating risk | Computer Weekly

Today, enterprises need a robust digital infrastructure for everything from customer engagement to operational continuity, and multi-cloud technology has become a fundamental enabler of enterprise success. However, with these increased complexities, organisations face increasing challenges in managing security risks, maintaining operational uptime, and above all, to maximise value from their cloud investments. Emerging technologies and innovative approaches are reshaping the way enterprises navigate these challenges, and at the same time service level agreements (SLAs) too are evolving to align with these developments.
Information security
Information security
fromComputerWeekly.com
2 days ago

Why it takes 11 hours to resolve one ID-related cyber incident | Computer Weekly

Fragmented, opaque enterprise environments cause identity-related incidents to average 11 hours to resolve, enabling attackers to pivot and escalate privileges rapidly.
fromSecuritymagazine
2 days ago

The Power of Mentorship in Shaping Security

I'm where I am today because I stand on the shoulders of those who came before me, and I strongly believe in paying it forward. A good mentor listens, provides honest feedback, and helps you see opportunities beyond your current path. In security, mentorship is especially vital because so much of the profession is shaped by experience, judgment and context.
Information security
Information security
fromTechCrunch
2 days ago

Exclusive: Bug in India's income tax portal exposed taxpayers' sensitive data

A security flaw in India's income tax e-Filing portal exposed taxpayers' personal, financial, and Aadhaar data; authorities fixed the vulnerability after researchers reported it.
Information security
fromComputerWeekly.com
2 days ago

The Security Interviews: David Bradbury, CSO, Okta | Computer Weekly

Okta suspended development after an October 2023 helpdesk breach and launched a Secure Identity Commitment to improve products, customer practices, industry protection, and corporate hardening.
Information security
fromSecurityWeek
2 days ago

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation

A 13-year Redis use-after-free vulnerability (CVE-2025-49844, RediShell) enables remote code execution and leaves about 60,000 unauthenticated internet-facing Redis servers exposed.
Information security
fromTechzine Global
2 days ago

Red Hat leak escalates: ShinyHunters demands money after GitLab breach

ShinyHunters joined Crimson Collective's extortion, publishing stolen Red Hat customer data and threatening full release if negotiations don't begin by October 10.
Information security
fromSecurityWeek
2 days ago

Security Firm Exposes Role of Beijing Research Institute in China's Cyber Operations

BIETA and its subsidiary CIII operate as front organizations supporting China's Ministry of State Security, researching and supplying technologies for intelligence, counterintelligence, and military operations.
[ Load more ]