Author: s s

We are pleased to openly share our pledges and the progress we are making in each of the seven core pillars of product security in the Secure by Design framework

The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. “The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s Mandiant…

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium’s Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. “These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device,” Nozomi Networks Labs said in a

Bill Toulas reports: Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. According to the Google Threat Intelligence Group (GITG), the attackers keep employing their usual tactics that do not include vulnerability exploits but rely on perfectly executed social engineering…

After BreachForums went offline in April, several clones emerged to try to replace it, but none were truly successful. Yesterday, the “official” BreachForums (if it can be said that there is an “official” one) reappeared on its darkweb address. The forum looked the same and some of the moderators’ names were familiar, but it was…

Aditya Raghuwanshi reports: NASCAR’s cybersecurity defenses were put to the test earlier this year, and now the sport has confirmed what had long been rumored: a ransomware group successfully breached its internal systems in March 2025. The attack, carried out by the Medusa group, reportedly resulted in over 1 terabyte of sensitive data being stolen—including…

Zack Whittaker reports: U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the “majority” of its customers, financial professionals, and employees during a mid-July data breach. The company disclosed the data breach on Saturday in a legally required filing with Maine’s attorney general, but did not immediately provide a number…

On May 5, 2025, Infinite Services in New York became aware of suspicious activity when employees were unable to log into the network. “Several servers were off, but one remained on which had an extension from the threat actor group,” external counsel SpencerFane informed the New Hampshire Attorney General. “The electricity was unplugged from the…

Kevin Collier and Angela Yang report: Hackers have breached the Tea app, which recently went viral as a place for women to safely talk about men, and tens of thousands of women’s selfies and photo IDs have now seemingly been leaked online. A spokesperson confirmed the hack Friday afternoon. The company estimates that 72,000 images, including…

David Hollingworth reports: A collective claiming to be behind Qantas’ recent cyber hack sent the airline nine pages of data it had apparently stolen from customers and then demanded a reply within 72 hours. The threat was revealed in documents that the Flying Kangaroo submitted to court to obtain an injunction, which has, for the first…