Clik here to view.
Ukrainian extradited to US for Nefilim ransomware attacks
A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. The suspect, Artem Aleksandrovych...
View ArticleClik here to view.
Hacker ‘NullBulge’ pleads guilty to stealing Disney’s Slack data
A California man who used the alias “NullBulge” has pleaded guilty to illegally accessing Disney’s internal Slack channels and stealing over 1.1 terabytes of internal company data. According to the...
View ArticleClik here to view.
Microsoft makes all new accounts passwordless by default
Microsoft has announced that all new Microsoft accounts will be “passwordless by default” to secure them against password attacks such as phishing, brute force, and credential stuffing. The...
View ArticleClik here to view.
Microsoft fixes Exchange Online bug flagging Gmail emails as spam
Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. Tracked as EX1064599 in the Microsoft 365 admin center,...
View ArticleClik here to view.
TikTok fined €530 million for sending European user data to China
The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China,...
View ArticleClik here to view.
UK NCSC: Cyberattacks impacting UK retailers are a wake-up call
The United Kingdom’s National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a “wake-up call.” Part of the GCHQ British intelligence...
View ArticleClik here to view.
US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
A 36-year-old Yemeni national, who is believed to be the developer and primary operator of ‘Black Kingdom’ ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft...
View ArticleClik here to view.
Magento supply chain attack compromises hundreds of e-stores
A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. Sansec researchers who...
View ArticleClik here to view.
Co-op confirms data theft after DragonForce ransomware claims attack
The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. “As a result of ongoing...
View ArticleClik here to view.
Microsoft ends Authenticator password autofill, moves users to Edge
Microsoft has announced that it will discontinue the password storage and autofill feature in the Authenticator app starting in July and will complete the deprecation in August 2025. The decision is...
View ArticleClik here to view.
StealC malware enhanced with stealth upgrades and data theft tools
The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. The latest version of...
View ArticleClik here to view.
UK shares security tips after major retail cyberattacks
Following three high-profile cyberattacks impacting major UK retailers, the country’s National Cyber Security Centre (NCSC) has published guidance that all companies are advised to follow to...
View ArticleClik here to view.
Darcula PhaaS steals 884,000 credit cards via phishing texts
The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide. The cyber heist was done over seven...
View ArticleClik here to view.
Microsoft finds default Kubernetes Helm charts can expose data
Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. In...
View ArticleClik here to view.
Unofficial Signal app used by Trump officials investigates hack
TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked. Smarsh, the...
View ArticleClik here to view.
New “Bring Your Own Installer” EDR bypass used in ransomware attack
A new “Bring Your Own Installer” EDR bypass technique is exploited in attacks to bypass SentinelOne’s tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR)...
View ArticleClik here to view.
Luna Moth extortion hackers pose as IT help desks to breach US firms
The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. According to...
View ArticleClik here to view.
Linux wiper malware hidden in malicious Go modules on GitHub
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that...
View ArticleClik here to view.
Why EASM is vital to modern digital risk protection
Modern organizations face mounting challenges in securing their public-facing assets. From the rise of shadow IT to third-party supplier exposures, the array of risks and pitfalls in today’s digital...
View ArticleClik here to view.
Google fixes actively exploited FreeType flaw on Android
Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability. FreeType is a...
View Article