The theft of a PowerSchool engineer's passwords prior to the breach raises further doubts about the company's security practices. © 2024 TechCrunch. All rights reserved. For personal use only.

The Supreme Court has upheld a law that could potentially ban TikTok in the US

Hot on the heels of the release of the first PoC exploit for a critical RCE vulnerability in the Windows LDAP, known as CVE-2024-49112, another vulnerability in the same software protocol in...

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their...

Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication...

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the...

SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments

Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known...

Security for the Internet of Things (IoT) is any process used to protect a network of over 18 billion interconnected devices worldwide that collect and share data. These smart devices can be found...

As the incoming Trump administration prepares to take office, it confronts a critical juncture for cybersecurity. The escalating digital threats from state-sponsored adversaries like China, Iran,...

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [...]

Outgoing U.S. President Joe Biden issued an Executive Order aimed at enhancing the nation’s cybersecurity, focused on defending... The post Biden issues executive order to further strengthen...

Explore how AI tools like OpenAI’s Sora face restrictions in Europe due to GDPR, with insights on bypassing…

Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement

​Microsoft has fixed a known issue that caused Microsoft 365 applications and Classic Outlook to crash on Windows Server 2016 or Windows Server 2019 systems. [...]

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company...

The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year's Salt Typhoon security breaches. [...]

The agency has embraced performance goals, provided resources to small systems and improved coordination, its deputy secretary writes. The post How HHS has strengthened cybersecurity of hospitals...

AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi are accused of operating unlawful data transfers to China

Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access.

​Microsoft has started the forced rollout of Windows 11 24H2 to eligible, non-managed systems running the Home and Pro editions of Windows 11 22H2 and 23H2. [...]

Silverfort has discovered that a misconfiguration can bypass an Active Directory Group Policy designed to disable NTLMv1, allowing…

Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations...

The EU’s DORA regulation is in effect as of January 17, with mixed evidence around compliance levels among financial firms

Shopping for OT systems? A new CISA guide outlines OT cyber features to look for. Meanwhile, the U.S. government publishes a playbook for collecting AI vulnerability data. Plus, a White House EO...

2025-01-13 • Sekoia • Amaury G., Erwan Chevalier, Félix Aime, Maxime A. • vbs.hatvibe Open article on Malpedia

The federal government and multiple cybersecurity firms warned of a zero-day vulnerability in FortiGate firewalls that hackers are actively exploiting.

CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. The post Threat Brief: CVE-2025-0282 and...

A breach of AT&T that exposed “nearly all” of the company's customers may have included records related to confidential FBI sources, potentially explaining the Bureau's new embrace of end-to-end...

An Otelier employee's workstation was infected with an infostealer, leading to compromise of their Jira credentials. The threat actor abused these to gain access to the Jira server, which...