Cyber Security News

Sophos’ Ben Gelman and Sean Bergeron will present their research on enhancing command line classification with benign anomalous data at Las Vegas

India’s Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out “sophisticated” tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to have led to losses worth more than £390,000 ($525,000) in the…

Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company’s website, more than two billion SIMs in IoT devices have been enabled as of December 2020. The findings come…

North Country HealthCare is a federally qualified community health center that provides comprehensive medical services in 14 locations in 11 communities throughout Northern Arizona. Their services include family medicine, pediatrics, obstetrics and gynecology, dental care, behavioral health services, telemedicine, health screenings, and more. An April 2022 article about them reported that North Country served 55,000…

Gavin Reinke, Ashley Miller and Amanda Wellen of Alston & Bird write: On June 27, 2025, the District Court for the Middle District of Florida, on remand from the Eleventh Circuit, reversed course when it denied class certification to a group of plaintiffs who were purportedly impacted by a spring 2018 cyberattack on Brinker International,…

KUAC reports: Multiple class action lawsuits recently filed in federal court claim an Interior Alaska Native Corporation failed to take reasonable steps to protect personal data from a cyberattack last year. Court filings show at least four different plaintiffs have lodged a complaint against Doyon, Ltd., in Alaska District Court since mid-June, on behalf of…

NVIDIA is urging customers to enable System-level Error Correction Codes (ECC) as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units (GPUs). “Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design specification, and system settings,” the GPU maker said in an advisory released this…

Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. “Laravel’s APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e.g., on GitHub),” GitGuardian said. “If attackers get access to this key, they can exploit a deserialization flaw…

Annie Grayer and Sean Lyngaas report: Suspected Chinese hackers have broken into the email accounts of attorneys and advisers at a powerful Washington, DC, law firm in an apparent intelligence-gathering operation, the firm, Wiley Rein, told clients this week in a memo reviewed by CNN. The hackers responsible have been known to target information related…

By the end of yesterday, federal agencies should all have patched. But did they? And how many others have yet to patch?  Bill Toulas reports: The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day…