A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN)...

New ESET research reveals that 73% of UK educational institutions experienced at least one cyber-attack or breach in the past five years

The energy sector plays a crucial role in national security by ensuring the delivery of essential infrastructure services and supporting transportation systems. Acknowledging the need to safeguard...

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. [...]

President Trump pardons Silk Road founder Ross Ulbricht, slamming prosecutors as “scum.” The move reignites debates on cybercrime…

NCC Group observed 574 global ransomware attacks in December, the highest monthly volume it has recorded

Discover how to create a unique and secure username for your online accounts, and find out why it’s just as important as having a strong password.

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a...

Oracle addresses 186 CVEs in its first quarterly update of 2025 with 318 patches, including 30 critical updates.BackgroundOn January 21, Oracle released its Critical Patch Update (CPU) for January...

New research from DNV recorded that growing attention is being paid to operational technology (OT) cybersecurity – securing... The post DNV report highlights increased OT cybersecurity investment...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released three advisories on Tuesday detailing current security issues, vulnerabilities,... The post CISA discloses security flaws...

The U.S. Department of Homeland Security (DHS) published Tuesday an official notice that the Transportation Security Oversight Board... The post DHS ratifies TSA security directives to boost rail...

The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they've stolen the personal data of 62.4 million students and 9.5 million teachers, BleepingComputer...

Cyble has found thousands of security vendors' credentials on the dark web, likely pulled from infostealer logs

American business services giant and government contractor Conduent confirmed today that a recent outage resulted from what it described as a "cyber security incident." [...]

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to...

Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year

Courts and federal regulators too often treat consumers as bystanders, a Center for Cybersecurity Policy and Law expert argues. The post Government battles against tech could leave consumers less...

Phishing-as-a-Service (PhaaS) provides attackers with advanced toolsets and templates that enable them to quickly deploy phishing campaigns.

Microsoft says Windows 11 24H2 has entered the broad deployment phase and is now available to all seekers via Windows Update. [...]

Cloudflare warns of a surge in hyper-volumetric DDoS after revealing it stopped a massive 5.6Tbps attack

South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company's VPN installer to deploy the custom...

Creating a custom password-exclusion list can help prevent employees from using passwords that are likely to be guessed. Learn from Specops Software on using AI to generate password dictionary for...

On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards. [...]

Torrance, United States / California, 22nd January 2025, CyberNewsWire

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

Donald Trump pardoned the creator of the world’s first dark web drug market, who is now a libertarian cause célèbre in some parts of the crypto community.

BreachForums admin Conor Fitzpatrick (Pompompurin) faces resentencing after his lenient 17-day sentence was vacated, highlighting the serious consequences…

MasterCard recently corrected a significant DNS misconfiguration that had persisted for nearly five years, potentially allowing cybercriminals to intercept or divert its Internet traffic. While...

A researcher at Sophos told CyberScoop that the company observed these tactics being used against multiple individuals and at least 15 organizations. The post Ransomware groups pose as fake tech...