In November 2022, the All India Institute of Medical Sciences (“AIIMS“) reportedly suffered a ransomware attack. They may have just escaped another incident thanks to the responsible disclosure of a vulnerability found by a researcher. Ashish Khaitan reports: A critical vulnerability in the AIIMS portal exposed highly sensitive data of voluntary organ and tissue donors…
Martin Fornusek reports: Aeroflot, Russia’s largest airline, reported a massive malfunction in its information system on July 28, forcing the cancellation of dozens of flights to and from Moscow. “There has been a failure in the airline’s information systems. Service disruptions are possible,” the Russian flag carrier said on Telegram without clarifying the cause of the disruptions….
Ravie Lakshmanan reports: The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. “The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s…
We are pleased to openly share our pledges and the progress we are making in each of the seven core pillars of product security in the Secure by Design framework
The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. “The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s Mandiant…
Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium’s Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. “These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device,” Nozomi Networks Labs said in a
Bill Toulas reports: Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. According to the Google Threat Intelligence Group (GITG), the attackers keep employing their usual tactics that do not include vulnerability exploits but rely on perfectly executed social engineering…
After BreachForums went offline in April, several clones emerged to try to replace it, but none were truly successful. Yesterday, the “official” BreachForums (if it can be said that there is an “official” one) reappeared on its darkweb address. The forum looked the same and some of the moderators’ names were familiar, but it was…
Aditya Raghuwanshi reports: NASCAR’s cybersecurity defenses were put to the test earlier this year, and now the sport has confirmed what had long been rumored: a ransomware group successfully breached its internal systems in March 2025. The attack, carried out by the Medusa group, reportedly resulted in over 1 terabyte of sensitive data being stolen—including…
Zack Whittaker reports: U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the “majority” of its customers, financial professionals, and employees during a mid-July data breach. The company disclosed the data breach on Saturday in a legally required filing with Maine’s attorney general, but did not immediately provide a number…
