Cyber Security News

Buyers need to demand better.

Linsey Lewis reports: OYO Hotel & Casino Las Vegas was hit by a cyberattack sometime in early January, allegedly exposing the personal information of more than 4,700 people, according to documents provided by authorities in Maine. OYO Hotel and Casino, located just off the Las Vegas Strip on Tropical Avenue near Koval Lane and owned……

Rachel Means reports on what sounds like a cyberattack with encryption: Kaufman County officials have confirmed that the county experienced a “security incident” on October 20, disrupting access to certain courthouse computer systems and employee files. While the county has not released details on the cause, InForney can confirm that some computers at the courthouse are infected, and some employees……

Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims’ cryptocurrency wallet keys. The package, Netherеum.All, has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and

Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S.,…

If the court continues issuing such injunctions, the Department of Telecommunications may need an entire department and staff just to respond to these situations. Should the responsibility be on the DoT, or is there a better way? Azdhan reports: The Bombay High Court has granted urgent ad-interim relief to Generali Central Life Insurance Company after the insurer……

From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels, metadata, and context. What’s missing is a system…

The advice didn’t change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on password length, rather than complexity. Length is the more important security factor, and passphrases are…

Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky. The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America…

Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in late August 2025. It impacts several