U.S. govt agency CMS says data breach impacted 3.1 million people
The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of…
Ivanti’s Cloud Service Appliance Attacked via Second Vuln
The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.
Construction firms breached in brute force attacks on accounting software
Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to…
CISA warns of Windows flaw used in infostealer malware attacks
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the…
Exploit code released for critical Ivanti RCE flaw, patch now
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly…
Malware locks browser in kiosk mode to steal Google credentials
A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering…
23andMe to pay $30 million in genetics data breach settlement
DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed…
New Linux malware Hadooken targets Oracle WebLogic servers
Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and…
The Dark Nexus Between Harm Groups and ‘The Com’
A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the…