News

Beyond the kill chain: What cybercriminals do with their money (Part 1)

Bys s May 15, 2025

Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled

News

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
Bys s February 18, 2025

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. “This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP

Read More New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
News

[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)
Bys s May 13, 2026

TL;DR: Stop chasing thousands of “toast” alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a “Lethal Chain” to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece…

Read More [Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)
News

Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
Bys s May 7, 2025

An internal information security breach has been identified in the Social Services, Health Care and Rescue Services Division of the City of Helsinki. The breach concerns client data from certain Family Law Services, which between 2012 and 2019 was stored on the Division’s internal network without adequate access restrictions. No external parties have had access…

Read More Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
News

Trump Mobile confirms it exposed customers’ personal data, unclear whether it will notify those affected
Bys s May 22, 2026

Lorenzo Franceschi-Bicchierai reports: Phone provider Trump Mobile has confirmed that it was exposing customers’ names, email addresses, mailing addresses, cell numbers, and order identifiers to the open internet. Chris Walker, a spokesperson for the Trump-branded phone maker, told TechCrunch that the company is investigating the exposure and has not found evidence that content or financial……

Read More Trump Mobile confirms it exposed customers’ personal data, unclear whether it will notify those affected
News

RINA Accountants & Advisors is creating $400K settlement fund to settle lawsuit over 2022 data breach
Bys s January 31, 2026

Mark Emem reports: A US accounting firm has agreed to pay hundreds of thousands of dollars to settle a class action lawsuit filed over a data breach. According to the settlement administrator’s portal, RINA Accountants & Advisors will set up a $400,000 settlement fund to compensate victims of the data security incident that occurred nearly four……

Read More RINA Accountants & Advisors is creating $400K settlement fund to settle lawsuit over 2022 data breach
News

5 Ways Identity-based Attacks Are Breaching Retail
Bys s July 8, 2025

From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about… In recent months, major retailers like Adidas, The North Face, Dior, Victoria’s Secret, Cartier, Marks & Spencer, and Co‑op have all been breached. These attacks weren’t sophisticated

Read More 5 Ways Identity-based Attacks Are Breaching Retail

Similar Posts