News

Tips to better protect your network over extended breaks.

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. “It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to

A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in…

Scott Pettigrew reports: The Ontario information and privacy commissioner has released a report following a massive privacy breach through technology used by many schools in the province. The PowerSchool incident, which affected millions of Canadians across the country, saw personal information stolen in December of 2024. The company admitted to paying a ransom to recover……

Bill Toulas reports: Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals. The incident impacts registered professional caregivers working for private employers, typically parents using the Pajemploi service part of URSSAF – the French organization that collects social……

Connor Jones reports: French telco Eurofiber says cybercriminals swiped company data during an attack last week that also affected some internal systems. The B2B wholesale telco confirmed that only its French business was affected by the November 13 attack, including its cloud division and regional brands Eurafibre, FullSave, Netiwan, and Avelia. In a disclosure published on Sunday,……

Mark Young & Paul Maynard of Covington and Burling write: As the UK Government has recognized, cyber incidents—such as Jaguar Land Rover, Marks and Spencer, Royal Mail and the British Library—are costing UK businesses billions annually and causing severe disruption. The Government recognizes that cybersecurity is a critical enabler of economic growth (“we cannot have growth……

Ionut Arghire reports: Princeton University over the weekend disclosed a data breach impacting alumni, donors, faculty, students, parents, and other members of its community. On November 10, the university says, a threat actor accessed an Advancement database containing names, addresses, email addresses, and phone numbers, along with information on fundraising activities and donations to the……

Mark Rasch writes: When something goes wrong, after exhausting all other possible alternatives, a company may go to its lawyer with the silliest question you can ever ask a lawyer — “Can I sue?” The basic answer is, “if it moves, sue it…” “If it doesn’t move… move it… then sue it…” And when asked,……

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard’s STRIKE team. Southeast Asia and European countries are some of the other regions…