Tag: emerging threats
3132 articles
Cloud Security Gaps Exposed on World Cloud Security Day
On World Cloud Security Day, it's clear that cloud security gaps are a pressing concern, but how do we measure the security of a technology that's both virtual and physical? Today's snapshot of cloud security reveals an uncertain landscape where digital protections and tangible safeguards intersect.
Microsoft Uncovers Cookie-Based Web Shells Persisting on Linux Servers
Microsoft's latest discovery reveals a sneaky new tactic: hackers are hiding malicious commands in browser cookies to secretly control compromised Linux servers. This clever trick forces us to rethink what we consider normal web traffic and take a closer look at the potential threats lurking in plain sight.
Qilin Ransomware Targets German Political Party Die Linke
Die Linke, a German political party, has fallen victim to a crippling Qilin ransomware attack, forcing a shutdown of its IT systems and compromising sensitive data. The Qilin group has claimed responsibility, threatening to leak stolen information unless demands are met.
Nation-State Hackers Exploit Cloud Services for Global Espionage
In the shadows of the digital world, nation-state hackers are quietly exploiting cloud services to orchestrate global cyber espionage - but how can organizations, governments, and individuals defend against threats they can't see? The hidden world of cyber espionage poses a daunting question: what's at stake when the invisible forces of cyber threats manipulate the systems we rely on?
Ransomware Attacks Evolve to Exploit Stolen Data for Double Extortion
Ransomware attacks have taken a sinister turn, now using stolen data to blackmail victims into paying up - not just by encrypting their files, but by threatening to expose sensitive information to the world. This double extortion tactic adds a whole new level of pressure, forcing victims to weigh the cost of a data breach against the cost of a ransom.
Venom Phishing Platform Targets C-Suite Execs in Credential Theft Campaigns
Meet Venom, a sneaky new phishing platform that's putting top executives in its crosshairs, threatening to drain their credentials and wreak havoc on corporate boardrooms. This automated threat is scaling up credential theft like never before, making it a high-risk concern for senior leaders and their organizations.
Third-Party Risk Exposes Hidden Weaknesses in Client Security Posture
The next big security breach hitting your clients likely won't come from within their own walls, but from a blind spot they never suspected: their trusted third-party relationships with vendors, SaaS tools, and subcontractors. Most organizations are woefully underprepared for this expanding attack surface.
Mercor AI Startup Discloses Data Breach Involving Open AI, Anthropic Partnerships
Mercor, an AI startup partnered with industry giants OpenAI and Anthropic, has confirmed a data breach - raising concerns about the potential impact on users and the company's ability to regain trust. The incident has left many questions unanswered, including what data was compromised and who might be affected.
North Korean Hackers Target Axios Maintainer in Supply Chain Breach
A shocking supply chain breach has been uncovered, where North Korean hackers launched a highly targeted social engineering campaign against the maintainer of the Axios npm package, successfully altering code relied upon by others. The attackers' tailored approach raises urgent questions about trust and vulnerability in open-source ecosystems.
US Tightens Router Security with Ban on Foreign-Made Devices
The US has taken a major step to safeguard its digital landscape by banning foreign-made routers, citing concerns that they pose a severe cybersecurity risk and supply chain vulnerability that could disrupt the economy and national defense. As a result, all new routers manufactured outside the US will require Federal Communications Commission approval before being sold in the country.
Zoom Meetings Exposed by Rogue Web Service
Meetings meant to be private, ended up being public. A rogue web service called WebinarTV has been exploiting Zoom meeting security by searching for publicly available invites, joining and secretly recording sessions, and publishing them online.
Microsoft Grapples with Weeks-Long Exchange Online Mailbox Access Disruptions
Weeks of frustrating disruptions have left Outlook mobile and macOS users struggling to access their Exchange Online mailboxes, sparking a flurry of questions about reliability and resolution. Microsoft is actively investigating the issue, but for affected users, the wait for a fix continues.
Drift Protocol Exploited for $285 Million in Novel Social Engineering Attack
In a shocking turn of events, the Drift Protocol, a Solana-based decentralized exchange, was exploited for a staggering $285 million in a highly sophisticated social engineering attack involving durable nonces. This novel attack allowed malicious actors to swiftly gain control of the platform's administrative powers, resulting in a massive loss of funds.
Engineer Pleads Guilty to Ransomware Extortion Plot Targeting Industrial Firm
A former infrastructure engineer has pleaded guilty to a ransomware extortion plot that targeted his own employer, an industrial firm in New Jersey, by locking administrators out of 254 servers. This shocking breach of trust highlights the devastating consequences of insider threats in the digital age.
Malware Resurfaces in Mobile Apps, Targets Crypto Wallets
Beware of a sneaky new malware hiding in plain sight on both app stores, designed to steal sensitive crypto wallet recovery phrases from unsuspecting users. This deceptive SparkCat variant masquerades as harmless apps, putting your digital assets at risk.
Microsoft Accelerates Windows 11 Upgrades with Mandatory 25H2 Rollout
Microsoft is taking a bold step by automatically upgrading unmanaged Windows 11 devices running 24H2 Home and Pro editions to the latest 25H2 version, starting this week. This move marks a significant shift in the company's approach to Windows 11 upgrades.
European Commission Cloud Hack Compromises 30 EU Entities
A massive cloud hack has struck the European Commission, compromising the data of at least 30 EU entities, including the Commission itself, at the hands of the notorious threat group TeamPCP. This alarming breach raises critical questions about who holds the keys to the EU's cloud and what happens when they fall into the wrong hands.
Drift Protocol Exploited for $280 Million by North Korean Hackers
In a shocking and sophisticated attack, North Korean hackers seized control of the Drift Protocol's Security Council, resulting in a staggering loss of at least $280 million. This brazen exploit raises serious questions about the security of even the most trusted blockchain platforms.
FBI System Breach Exposes Sensitive Data
A major breach of an FBI system has sent shockwaves through the cybersecurity landscape, leaving organizations and individuals wondering if they're prepared for the worst. This alarming incident is just the latest in a string of high-profile hacks, including a data leak affecting 450,000 Lloyds records and a breach at the Dutch treasury.
US Charges Filed in High-Profile Crypto Hacks and Fentanyl Cases
This week's string of high-profile crypto hacks, indictments, and regulatory moves exposes a growing dilemma: as decentralized finance and crypto markets expand, the lines between crime, commerce, and policy are becoming increasingly blurred. From charged crypto hacks to fentanyl cases, the seams where these worlds meet are fraying in plain sight.
Hackers Exploit React2Shell Flaw to Breach 766 Next.js Hosts
In a massive credential harvesting operation, hackers exploited the React2Shell vulnerability to breach 766 Next.js hosts, scooping up sensitive database credentials, SSH private keys, and other valuable secrets. This single software flaw was turned into an automated threat, compromising hundreds of sites and putting their digital kingdoms at risk.
Iowa AG Targets Change Healthcare Over Ransomware Lapses
Iowa's attorney general is taking a stand against UnitedHealth Group, seeking financial damages and major security overhauls after a devastating 2024 ransomware attack on its Change Healthcare unit. The bold move aims to hold the healthcare giant accountable and prevent similar cyberattacks in the future.
GitHub Exposed to Infostealer Malware via Claude Code Leak
A recent leak of Claude's source code has taken a dark turn, with hackers exploiting the situation to spread Vidar, a notorious infostealer malware, by creating fake GitHub repositories that masquerade as legitimate projects. This cleverly crafted bait is luring unsuspecting users into a trap that can have serious cybercrime consequences.
Drift Protocol Compromised in $280 Million Heist
In a shocking, high-stakes heist, a sophisticated threat actor exploited a vulnerability in Drift Protocol's governance, seizing control of its Security Council and making off with at least $280 million in a single, precision strike. This brazen breach serves as a stark reminder of the devastating consequences of compromised governance controls.