Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least...

In March 2025, the French vehicle inspection company AUTOSUR suffered a data breach exposing over 10M customer records, though only 487k unique email addresses were present. The compromised data...

PornHub sent emails out to many users and published a statement warning that it was affected by a recent breach of data analytics service provider Mixpanel.

In August 2012, the forum for making money with botting "The Botting Network" suffered a data breach that exposed 96k user records. The now defunct vBulletin forum leaked 96k email addresses,...

Amadey, an established malware loader active since at least 2018, was observed downloading second-stage payloads from a hijacked self-hosted GitLab instance hosted on gitlab[.]bzctoons[.]net. The...

SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked as...

A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and...

Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE ever. The post...

No timeline for a patch Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure...

In July 2016, the Web Hosting Talk forum suffered a data breach that was subsequently listed for sale. The breach of the vBulletin based forum exposed 515k user records including usernames, email...

Plus: automated SBOMs, $250,000 bounties ahead interview No good idea - like rewarding open source software developers and maintainers for their contributions - goes unabused by cybercriminals,...

A Russian national was also indicted for running the platform. The post DOJ announces takedown of alleged laundering platform used by cybercriminal groups appeared first on CyberScoop.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca.The vulnerabilities mentioned in this...

The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, a webmail and...

The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian cybersecurity vendor...

Precious resources needed to respond to the next campus shooting or other mass-casualty incident could be strained by escalating swatting and bomb threats that intentionally cry wolf to disrupt...

Under a settlement with the FTC, the Nomad platform will have to redistribute stolen funds that white-hat hackers returned to the company after thieves aggressively exploited a vulnerability in 2022.

Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! The intrusion began in early March 2025 with a single successful Remote Desktop Protocol (RDP) logon to an...

Federal records show CBP is moving from testing small drones to making them standard surveillance tools, expanding a network that can follow activity in real time and extend well beyond the border.

Understand how the 700Credit data breach developed, and the key lessons security teams should take from this incident. The post 700Credit Breach: What Organizations Need to Know appeared first on...

Modern security teams often feel like they’re driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for...

Cisco Talos is tracking the active targeting of Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance (ESA), and Cisco Secure Email and Web...

The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South...

The new feature, which was announced October 1 and rolled out Tuesday, will “start personalizing content and ad recommendations on our platforms based on people’s interactions with our generative...

Regulator makes various additional demands over alleged cybersecurity failings In proposing a settlement agreement, the Federal Trade Commission (FTC) says that Illusory Systems must repay users...

Buckle up to innovate at speed, says PwC Sponsored Post As AI spreads across the enterprise, so too do the security and compliance risks. Regulations are evolving, risk postures are shifting, and...

A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006.Key takeaways:CVE-2025-40602 is a local...

Build a digital backbone faster than adversaries can evovle or lose the information war NATO is in an existential race to develop sovereign cloud based technologies to underpin its mission, the...

Part 1 of 2: Escalating outages in 2025, combined with evolving security risks, are causing more organizations to rethink their cloud strategy

Folder permission changes cause queue failures and misleading error messages, no real fix yet Microsoft has good news for administrators: while some organizations now pay for security updates on...