News

Taking the shine off BreachForums

Bys s June 26, 2025

ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums

News

Extensive US public school employee data compromise reported from Carruth Compliance Consulting breach
Bys s March 8, 2025

SC Media reports: Oregon-based third-party retirement plan administrator Carruth Compliance Consulting had information from more than 40,000 public school teachers and employees in California, Illinois, New York, Oregon, and Pennsylvania exfiltrated following a December attack by the newly emergent Skira Team hacking group, which purported the theft of data from 36 public schools across the…

Read More Extensive US public school employee data compromise reported from Carruth Compliance Consulting breach
News

US Considers TP-Link Ban After Volt Typhoon Hacking Campaign
Bys s December 23, 2024

Major Chinese Router Manufacturer Facing Increased Scrutiny After Chinese EspionageU.S. authorities have launched multiple investigations while reportedly considering banning the widely popular Chinese-manufactured TP-Link routers amid ongoing security risks linked to Chinese cyberespionage and hacking campaigns targeting American critical infrastructure sectors.

Read More US Considers TP-Link Ban After Volt Typhoon Hacking Campaign
News

CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
Bys s March 20, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to

Read More CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
News

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome
Bys s July 30, 2025

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components…

Read More Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome
News

Scalable Vector Graphics files pose a novel phishing threat
Bys s February 5, 2025

The SVG file format can harbor malicious HTML, scripts, and malware

Read More Scalable Vector Graphics files pose a novel phishing threat
News

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware
Bys s May 8, 2025

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. “LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker,” the Google Threat

Read More Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

Similar Posts