Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.
A new package mimicked the popular ‘requests’ library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.
The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel.
Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm.
Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website.
The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization’s systems on Christmas Eve.
Europol, the European Union’s law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data.
The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks.
The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City’s authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation.
A recent partnership announcement between OpenAI and Stack Overflow has some members concerned that their data is being used without permission and, when trying to remove their posts, find their accounts are suspended.
The UK Government confirmed today that a threat actor recently breached the country’s Ministry of Defence and gained access to part of the Armed Forces payment network.
BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes.
Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data.
