Information security

[ follow ]
Information security
fromTechCrunch
5 hours ago

The ZoraSafe app wants to protect older people online and will present at TechCrunch Disrupt 2025 | TechCrunch

ZoraSafe will provide older adults with an app combining scam detection, AI call analysis, and gamified microlearning to prevent fraud and teach digital safety.
#ransomware
fromIT Pro
2 days ago
Information security

Rocketing number of ransomware groups as new, smaller players emerge

fromIT Pro
2 days ago
Information security

Rocketing number of ransomware groups as new, smaller players emerge

Information security
fromWIRED
1 day ago

'Happy Gilmore' Producer Buys Spyware Maker NSO Group

North Korean operatives are posing as architecture professionals using fake profiles, résumés, and Social Security numbers to infiltrate US companies.
#sonicwall
#cybersecurity
fromDataBreaches.Net
3 days ago
Information security

Shad White's office finds nearly a third of Mississippi's state agencies fail cybersecurity requirements - DataBreaches.Net

Information security
fromThe Hacker News
3 days ago

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

Attackers increasingly combine social engineering, AI-driven manipulation, and cloud exploitation, widening attack surfaces across communication platforms, devices, and cloud services.
Information security
fromIT Pro
4 days ago

Repeated cyber attacks act as a stark reminder this cybersecurity awareness month

Cyberattacks are inflicting severe operational and financial damage on businesses and their supply chains, causing production halts, revenue loss, and supplier failures.
fromDataBreaches.Net
3 days ago
Information security

Shad White's office finds nearly a third of Mississippi's state agencies fail cybersecurity requirements - DataBreaches.Net

fromIT Pro
4 days ago
Information security

Repeated cyber attacks act as a stark reminder this cybersecurity awareness month

#cybercrime
fromDataBreaches.Net
1 day ago
Information security

In a few days, the PowerSchool hacker will learn his sentence, and his life as he has known it will end. - DataBreaches.Net

fromDataBreaches.Net
1 day ago
Information security

In a few days, the PowerSchool hacker will learn his sentence, and his life as he has known it will end. - DataBreaches.Net

fromwww.theguardian.com
1 day ago

Hackers leak Qantas data containing 5 million customer records after ransom deadline passes

The Qantas data, which was stolen from a Salesforce database in a major cyber-attack in June, included customers' email addresses, phone numbers, birth dates and frequent flyer numbers. It did not contain credit card details, financial information or passport details. On Saturday the group marked the data as leaked, writing: Don't be the next headline, should have paid the ransom.
Information security
Information security
fromInfoQ
1 day ago

Google DeepMind Introduces CodeMender, an AI Agent for Automated Code Repair

CodeMender automatically detects, repairs, and hardens software vulnerabilities using AI reasoning, static/dynamic analysis, fuzzing, and verification to generate validated patches for upstream submission.
Information security
fromSFGATE
1 day ago

SF tech company hit with 3 straight lawsuits after wild month

A third-party customer support breach exposed sensitive Discord user data for roughly 70,000 people and prompted negligence lawsuits and extortion claims.
fromThe Hacker News
1 day ago

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

The threat actor's use of the security utility was documented by Sophos last month. It's assessed that the attackers weaponized the on-premises SharePoint vulnerabilities known as ToolShell to obtain initial access and deliver an outdated version of Velociraptor (version 0.73.4.0) that's susceptible to a privilege escalation vulnerability ( CVE-2025-6264) to enable arbitrary command execution and endpoint takeover, per Cisco Talos.
Information security
Information security
fromSecurityWeek
2 days ago

In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware

Active exploitation of Gladinet and Zimbra vulnerabilities and social-engineered payroll attacks against US universities have led to ongoing mitigations and warnings.
#zero-trust
fromSecuritymagazine
2 days ago
Information security

Help Desk Havoc: Why Identity Verification Is Still the Weakest Link in Targeted Attacks

Help desks are a critical, under-protected attack vector in zero trust deployments, enabling social-engineering breaches that bypass authentication and cause major disruption.
fromSecurityWeek
4 days ago
Information security

Virtual Event Today: Zero Trust & Identity Strategies Summit

Virtual Zero Trust summit emphasizes ZTNA, identity management, machine identity, and seamless authentication with sessions, vendor demos, and networking from 11AM–4PM ET.
Information security
fromHarvard Business Review
2 days ago

The Business Rewards and Identity Risks of Agentic AI - SPONSOR CONTENT FROM CYBERARK

Agentic AI introduces a new, complex identity class combining human-like decision-making with machine characteristics, significantly expanding identity security challenges for access, governance, and deprovisioning.
Information security
fromSecuritymagazine
2 days ago

85,000 Pet and Pet Owner Records Exposed

An unsecured, unencrypted database exposed 85,361 files (158 GB) containing policyholder and pet PII—including names, contact details, medical records, and partial credit card numbers.
Information security
fromComputerWeekly.com
2 days ago

Beyond the refresh: Your cyber strategy must include AI PCs | Computer Weekly

Modern AI-powered PC refreshes strengthen security, productivity and resilience while addressing expanded attack surfaces from hybrid work and ageing device risks.
Information security
fromDataBreaches.Net
2 days ago

Telstra Denies Scattered Spider Data Breach Claims Amid Ransom Threats - DataBreaches.Net

Telstra denies a claimed breach of nearly 19 million records, saying data was scraped publicly and no sensitive credentials were exposed.
Information security
fromSecurityWeek
2 days ago

ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities

Multiple high-severity input-validation vulnerabilities in Ivanti Endpoint Manager allow authenticated attackers to achieve remote code execution or local privilege escalation.
Information security
fromInfoWorld
2 days ago

Lessons from the Salesforce breach

Enterprise data interconnectedness requires continuous evolution of cloud security from both providers and customers to mitigate cascading breaches.
fromNextgov.com
2 days ago

When AI agents go rogue, the federal government needs reversible resilience

The age of agentic AI - where autonomous systems make decisions and take actions at speed - has dawned in ways government agencies may struggle to grasp. As agencies explore ways to bring agentic AI into public service, resilience can no longer be a component of the strategy; it is the strategy. When integrating AI agents, the federal government must prioritize rapid reversibility and transparent, auditable recovery.
Information security
Information security
fromMedium
3 weeks ago

DevOps Quantum Leap: Emerging Use Cases of Quantum-Safe Cryptography

Integrate post-quantum cryptography into CI/CD pipelines now to protect secrets, keys, and infrastructure from future quantum-computer attacks.
#github-actions
fromMedium
2 weeks ago
Information security

From Jenkins to GitHub Actions: Evolving a Secure DevSecOps Pipeline with Canary Deployments

fromMedium
2 weeks ago
Information security

From Jenkins to GitHub Actions: Evolving a Secure DevSecOps Pipeline with Canary Deployments

Information security
fromSecurityWeek
2 days ago

Juniper Networks Patches Critical Junos Space Vulnerabilities

Juniper released patches addressing nearly 220 vulnerabilities across Junos OS, Junos Space, and Security Director, including nine critical-severity flaws.
Information security
fromTheregister
2 days ago

Zero-day in popular file-sharing software actively exploited

Apply the available mitigation immediately for Gladinet CentreStack and Triofox to mitigate actively exploited CVE-2025-11371, as no patch is available.
Information security
fromTheregister
2 days ago

Hacktivists deactivate after falling into researchers' trap

TwoNet hacktivists were deceived by a honeypot into compromising a fake water treatment plant, demonstrating real risks to ICS and critical infrastructure.
fromSecurityWeek
2 days ago

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign

The threat intelligence firm initially warned of scanning attempts targeting Cisco ASA devices in early September, roughly three weeks before Cisco disclosed two zero-day vulnerabilities impacting Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. The bugs, tracked as CVE-2025-20333 (CVSS score of 9.9) and CVE-2025-20362 (CVSS score of 6.5), were exploited in attacks linked to the ArcaneDoor espionage campaign, which has been attributed to hackers based in China.
Information security
Information security
fromSecurityWeek
2 days ago

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks

Attackers exploited Oracle E-Business Suite, including CVE-2025-61882, to deploy malware such as GoldVein.Java and deliver second-stage payloads for extortion.
Information security
fromThe Hacker News
2 days ago

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

A deserialization vulnerability in GoAnywhere MFT's License Servlet (CVE-2025-10035) has been actively exploited since September 11, enabling unauthenticated command injection and Medusa ransomware deployment.
fromThe Hacker News
2 days ago

The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?

The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt. From prompt-dependent copilots to autonomous, multi-agent systems, the current market offers everything from smart assistants to force-multiplying automation.
Information security
Information security
fromThe Hacker News
2 days ago

Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries

Storm-2657 hijacks employee HR SaaS accounts via phishing and AitM attacks, then redirects salary payments to attacker-controlled bank accounts by modifying payment settings.
#oracle-e-business-suite
fromDataBreaches.Net
2 days ago

Watsonville Community Hospital had a data breach - or two. It would be helpful to know which. - DataBreaches.Net

On December 8, 2024, DataBreaches reported that Watsonville Community Hospital in California was continuing to respond to what they referred to as a cyberattack on November 29. No gang had claimed responsibility at that point, patients hadn't been notified yet, and the hospital wasn't stating whether the attack involved encryption of any files. Weeks later, and in a substitute notice posted on December 31, 2024, they noted that patients' name, date of birth, Social Security number, passport number, and diagnosis information may have been present in files that had been accessed in a "recent data security event" that was still under investigation. The hospital did not confirm or deny whether this was a ransomware attack.
Information security
fromThe Hacker News
2 days ago

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Stealit leverages Node.js SEA and Electron, spreading via fake game and VPN installers to deliver subscription-based RATs and steal data across Windows and Android.
Information security
fromIT Pro
2 days ago

Researchers sound alarm over AI hardware vulnerabilities that expose training data

GATEBLEED: power-gating behavior in ML accelerators leaks distinguishable usage signals that can reveal whether specific data were used to train an AI model.
#phishing
#breachforums
Information security
fromThe Hacker News
2 days ago

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

175 malicious npm packages host redirect scripts via the unpkg CDN to facilitate Beamglea credential-harvesting phishing targeting over 135 industrial, technology, and energy companies.
#discord
fromZDNET
3 days ago
Information security

70,000 government IDs were exposed in a Discord breach - could yours be next?

fromZDNET
3 days ago
Information security

70,000 government IDs were exposed in a Discord breach - could yours be next?

#rondodox
Information security
fromWIRED
2 days ago

North Korean Scammers Are Doing Architectural Design Now

North Korean-linked freelancers produce real architectural and structural plans—sometimes via front companies—posing safety risks and potential compromises to residential and critical infrastructure.
Information security
fromDataBreaches.Net
2 days ago

Don't breathe that sigh of relief just yet: BreachForums is gone, but the Salesforce leak site isn't - DataBreaches.Net

BreachForums was seized by the FBI and international partners; ShinyHunters declares the forum dead, warns of compromised databases, seized servers, and imminent crackdown.
Information security
fromABC7 San Francisco
2 days ago

San Jose dad lured to Bitcoin ATM by scammer claiming to be son in latest scheme to steal money

Scammers use Bitcoin ATMs to force victims to convert cash into cryptocurrency, enabling rapid theft while leaving blockchain traces that can sometimes aid investigations.
Information security
fromChannelPro
3 days ago

DNS Security 101: Safeguarding your business from cyber threats

Organizations must strengthen DNS security to prevent phishing, malware distribution, domain and subdomain hijacking, and other cyberattacks exploiting lookalike domains.
Information security
fromComputerworld
3 days ago

Major Discord hack exposes the real risks of digital ID

Mandatory government ID requirements make third-party verification services attractive targets, creating predictable risks of sensitive user data exposure.
Information security
fromTechzine Global
3 days ago

Object First introduces Ootbi Mini for small offices

Ootbi Mini delivers compact, immutable Zero Trust storage that makes local Veeam backups ransomware-proof for small offices and edge environments.
Information security
fromThe Hacker News
3 days ago

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Stolen OAuth and API tokens enable attackers to bypass MFA and access SaaS systems, making token hygiene and rotation critical to prevent breaches.
Information security
fromTechCrunch
3 days ago

'Dozens' of organizations had data stolen in Oracle-linked hacks | TechCrunch

Clop used a zero-day in Oracle E-Business Suite to steal corporate executive and company data from dozens of organizations since at least July 10.
Information security
fromFast Company
3 days ago

This Discord feature you barely noticed could now be your biggest privacy risk

About 70,000 Discord users had government ID images and some personal data exposed after a third-party customer service vendor was hacked, creating identity theft risk.
Information security
fromTheregister
3 days ago

Zero-day lets nation-state spies cross-examine US law firm

Attackers exploited a zero-day to access Williams & Connolly attorney email accounts in a likely nation-state-linked cyberattack.
Information security
fromwww.housingwire.com
3 days ago

Proof launches new secure digital identity tool Certify

Cryptographic identity layer Certify lets users embed verifiable identity into digital media and data, enabling instantaneous authenticity verification and preventing deepfake and document fraud.
Information security
fromTechCrunch
3 days ago

Italian businessman's phone reportedly targeted with Paragon spyware | TechCrunch

Francesco Gaetano Caltagirone was notified of being targeted by Paragon spyware, expanding the list of Italian victims beyond journalists and activists.
Information security
fromSecurityWeek
3 days ago

Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day

State-sponsored hackers breached Williams & Connolly and accessed a small number of attorneys' email accounts by exploiting an unspecified zero-day vulnerability.
fromThe Hacker News
3 days ago

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front camera; and even send SMS messages or place calls directly from the victim's device," Zimperium researcher Vishnu Pratapagiri said in a report shared with The Hacker News.
Information security
Information security
fromTechzine Global
3 days ago

How to Safeguard and Prepare Exchange Server against Natural Disasters?

Implement geographically distributed high-availability (DAG), comprehensive backups, redundant power/networking, documented recovery procedures, and regular testing to minimize Exchange Server disaster impact.
Information security
fromThe Hacker News
3 days ago

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Russian-linked hackers increasingly use AI to create phishing messages and generate malware, raising incident counts and producing AI-developed stealers like WRECKSTEEL.
Information security
fromIT Pro
3 days ago

Organizations lag on deepfake protection

Deepfake attacks are increasing across multiple vectors, causing substantial financial losses while organizational defenses, budgets, and training remain insufficiently effective.
fromNextgov.com
3 days ago

Risks of cyber fraud allegations remain high for companies subject to government requirements

Investigations into alleged violations of cybersecurity requirements under the federal civil False Claims Act (FCA) and its state analogues are increasingly an area of focus for the U.S. Department of Justice (DOJ), state attorneys general and whistleblowers (known as qui tam plaintiffs or relators under the FCA). We expect a continued uptick in enforcement activity, leading to elevated risk and additional potential financial exposure for companies subject to government cybersecurity requirements.
Information security
fromTheregister
3 days ago

GitHub patches Copilot Chat flaw that could leak secrets

Researcher Omer Mayraz of Legit Security disclosed a critical vulnerability, dubbed CamoLeak, that could be used to trick Copilot Chat into exfiltrating secrets, private source code, and even descriptions of unpublished vulnerabilities from repositories. The flaw was scored 9.6 on the CVSS scale in the disclosure. The root cause is simple. Copilot Chat runs with the permissions of the signed-in user and ingests contextual text that humans might not see.
Information security
Information security
fromThe Hacker News
3 days ago

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

China-aligned UTA0388 conducts multilingual, tailored spear-phishing campaigns delivering Go-based GOVERSHELL backdoor via DLL side-loading to targets across North America, Asia, and Europe.
Information security
fromArs Technica
3 days ago

AI models can acquire backdoors from surprisingly few malicious documents

Small numbers of malicious training samples can install simple backdoors in LLMs, but safety fine-tuning and curated datasets can largely mitigate them.
Information security
fromSecuritymagazine
4 days ago

The Future of Cybersecurity Training and What It Means for Employers

Effective cybersecurity training must combine hands-on, team-based practical experience with strategic business understanding to build resilient professionals.
Information security
fromTelecompetitor
4 days ago

Nokia Threat Report: DDoS and LOTL Among the Dangers

Widespread living-off-the-land attacks, massive rapid DDoS events, exposed residential endpoints, and shrinking certificate lifetimes are elevating network and data security risks.
fromSecuritymagazine
4 days ago

Protecting Critical Infrastructure With Limited Funding

Why are utilities a prime target for cyberattacks? What can security leaders do to prevent them? What happens when unexpected budget cuts slice your department in half? Tune in to learn how security leaders can simplify complexity, embrace cloud-native platforms, and design scalable, resilient command centers for the future. Protecting Critical Infrastructure With Limited Funding Romero shares common threats towards critical infrastructure and advice for security leaders navigating different challenges.
Information security
fromChannelPro
4 days ago

How bridging the IT visibility gap empowers channel partners

Cloud migration and flexible working policies have contributed to the sprawl, but part of the reason it's so unmanageable is that companies still rely on the same old discovery tools built for a static network. Whenever we scan a new environment, we always uncover a large number of devices that were completely off the radar and out of scope of the protection of their IT and security policies.
Information security
Information security
fromSecurityWeek
4 days ago

Radiflow Unveils New OT Security Platform

Radiflow launched Radiflow360, an AI-driven OT security platform for mid-sized enterprises offering unified asset discovery, anomaly detection, risk management, and accelerated incident response.
Information security
fromTechzine Global
4 days ago

Kaseya acquires INKY for AI-driven email security

Kaseya's acquisition of INKY equips MSPs with generative-AI and behavioral-analysis email protection to detect and respond to advanced phishing attacks.
Information security
fromIT Pro
4 days ago

Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intense

DDoS attacks on critical networks have surged to terabit-scale, exploiting compromised home connections and causing rapid, intense outages and data breaches.
Information security
fromSecuritymagazine
4 days ago

The Prevention Partnership: Executive Protection & Behavioral Threat Teams

Executive Protection combines proactive advance work and Behavioral Threat Assessment and Management to protect individuals from imminent physical harm.
fromForbes
4 days ago

Why Brand Impersonation Is A Marketing Crisis, Not Just A Cybersecurity Problem

Cybercriminals aren't just breaking into systems anymore; increasingly, they're breaking into identities. By impersonating trusted companies through look-alike domains, fake apps or cloned websites, attackers turn logos, tone and messaging into tools of deception. For communications and marketing leaders, this is a reputational flash fire that spreads faster than your crisis comms team can respond. And with generative AI making fake campaigns nearly indistinguishable from the real thing, brand impersonation has become one of the most under-recognized business risks today.
Information security
Information security
fromTechzine Global
4 days ago

Fifty years of security by design: why isn't it working?

Persistent misguided incentives, siloed stakeholders, and a speed-first Silicon Valley culture prevented adoption of security-by-design, leaving modern systems as insecure as decades ago.
[ Load more ]