News
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.…
FBI issues warning as crooks ramp up emergency data request scams
Cybercrooks abusing emergency data requests in the US isn't new, but the FBI says it's becoming a more pronounced issue as the year draws to a close.…
Dark web crypto laundering kingpin sentenced to 12.5 years in prison
The operator of the longest-running money laundering machine in dark web history, Bitcoin Fog, has been sentenced to 12 years and six months in US prison.…
Alleged Snowflake attacker gets busted by Canadians – politely, we assume
in brief One of the suspected masterminds behind the widespread Snowflake breach has been arrested in Canada – but the saga isn't over, eh. …
Scattered Spider, BlackCat claw their way back from criminal underground
Two high-profile criminal gangs, Scattered Spider and BlackCat/ALPHV, seemed to disappear into the darkness like their namesakes following a series of splashy digital heists last year, after which there were arrests and website seizures.…
Winos4.0 abuses gaming apps to infect, control Windows machines
Criminals are using game-related applications to infect Windows systems with a malicious software framework called Winos4.0 that gives the attackers full control over compromised machines.…
Don't open that 'copyright infringement' email attachment – it's an infostealer
Organizations should be on the lookout for bogus copyright infringement emails as they might be the latest ploy by cybercriminals to steal their data.…
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system
Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert.…
Officials warn of Russia's tech-for-troops deal with North Korea amid Ukraine conflict
The EU has joined US and South Korean officials in expressing concern over a Russian transfer of technology to North Korea in return for military assistance against Ukraine.…
Cybercrooks are targeting Bengal cat lovers in Australia for some reason
Fresh from a series of serious reports detailing its five-year battle with Chinese cyberattackers, Sophos has dropped a curious story about users of a popular infostealer-cum-RAT targeting a niche group of victims.…
Operation Synergia II sees Interpol swoop on global cyber crims
Interpol is reporting a big win after a massive combined operation against online criminals made 41 arrests and seized hardware thought to be used for nefarious purposes.…
Cyberattackers stole Microlise staff data following DHL, Serco disruption
Telematics tech biz Microlise says an attack that hit its network likely did not expose customer data, although staff aren't so lucky.…
China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks
Chinese government cyberspies Volt Typhoon reportedly breached Singapore Telecommunications over the summer as part of their ongoing attacks against critical infrastructure operators.…
Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale
IntelBroker, a notorious peddler of stolen data, claims to have pilfered source code, private keys, and other sensitive materials belonging to Nokia.…
Schneider Electric ransomware crew demands $125k paid in baguettes
Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked.…
A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years
The FBI has recovered $8 million in funds from a cryptocurrency scam that netted $47 million and devastated the Kansas city of Elkhart.…
Criminals open DocuSign's Envelope API to make BEC special delivery
Business email compromise scammers are trying to up their success rate by using a DocuSign API.…
Ongoing typosquatting campaign impersonates hundreds of popular npm packages
An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of millions, to infect systems with info-stealing and snooping malware.…
Washington courts grapple with statewide outage after 'unauthorized activity'
A statewide IT outage attributed to "unauthorized activity" is affecting the availability of services provided by all courts in Washington.…
Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed
Google claims one of its AI models is the first of its kind to spot a memory safety vulnerability in the wild – specifically an exploitable stack buffer underflow in SQLite – which was then fixed before the buggy code's official release.…