What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-27 13:03:02 | Hackers steal $85 million worth of cryptocurrency from Phemex (lien direct) | The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. [...]
The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. [...] |
Threat | ★★★ | |
|
2025-01-27 12:43:27 | Microsoft Teams phishing attack alerts coming to everyone next month (lien direct) | Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...]
Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...] |
★★★ | ||
|
2025-01-27 11:36:38 | Clone2Leak attacks exploit Git flaws to steal credentials (lien direct) | A set of three distinct but related attacks, dubbed \'Clone2Leak,\' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]
A set of three distinct but related attacks, dubbed \'Clone2Leak,\' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...] |
Threat | ★★★ | |
|
2025-01-26 11:29:17 | UnitedHealth now says 190 million impacted by 2024 data breach (lien direct) | UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure. [...]
UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure. [...] |
Ransomware Data Breach Medical | ★★★ | |
|
2025-01-25 16:23:24 | TalkTalk investigates breach after data for sale on hacking forum (lien direct) | UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. [...]
UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. [...] |
Data Breach Threat | ★★ | |
|
2025-01-25 10:15:25 | PayPal to pay $2 million settlement over 2022 data breach (lien direct) | New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state\'s cybersecurity regulations, leading to a 2022 data breach. [...]
New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state\'s cybersecurity regulations, leading to a 2022 data breach. [...] |
Data Breach | ★★★ | |
|
2025-01-24 11:34:40 | Hacker infects 18,000 "script kiddies" with fake malware builder (lien direct) | A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. [...]
A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. [...] |
Malware Threat | ★★★ | |
|
2025-01-23 14:05:34 | Hundreds of fake Reddit sites push Lumma Stealer malware (lien direct) | Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. [...]
Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. [...] |
Malware | ★★★ | |
|
2025-01-23 13:00:00 | New Android Identity Check locks settings outside trusted locations (lien direct) | Google has announced a new Android "Identity Check" security feature that lock sensitive settings behind biometric authentication when outside a trusted location. [...]
Google has announced a new Android "Identity Check" security feature that lock sensitive settings behind biometric authentication when outside a trusted location. [...] |
Mobile | ★★★ | |
|
2025-01-23 11:51:57 | CISA: Hackers still exploiting older Ivanti bugs to breach networks (lien direct) | CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks. [...]
CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks. [...] |
Cloud | ★★★ | |
|
2025-01-23 10:26:36 | Stealthy \\'Magic Packet\\' malware targets Juniper VPN gateways (lien direct) | A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a "magic packet" in the network traffic. [...]
A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a "magic packet" in the network traffic. [...] |
Malware | ★★★ | |
|
2025-01-22 15:35:44 | Telegram captcha tricks you into running malicious PowerShell scripts (lien direct) | Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into executing PowerShell code that infects them with malware. [...]
Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into executing PowerShell code that infects them with malware. [...] |
Malware Threat | ★★★ | |
|
2025-01-22 10:11:48 | IPany VPN breached in supply-chain attack to push custom malware (lien direct) | South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company\'s VPN installer to deploy the custom \'SlowStepper\' malware. [...]
South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company\'s VPN installer to deploy the custom \'SlowStepper\' malware. [...] |
Malware | ★★★ | |
|
2025-01-22 10:00:10 | Use this AI chatbot prompt to create a password-exclusion list (lien direct) | Creating a custom password-exclusion list can help prevent employees from using passwords that are likely to be guessed. Learn from Specops Software on using AI to generate password dictionary for securing your organization\'s credentials. [...]
Creating a custom password-exclusion list can help prevent employees from using passwords that are likely to be guessed. Learn from Specops Software on using AI to generate password dictionary for securing your organization\'s credentials. [...] |
★★★ | ||
|
2025-01-21 16:04:09 | Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack (lien direct) | The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. [...]
The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. [...] |
★★★★ | ||
|
2025-01-21 14:58:20 | Fake Homebrew Google ads target Mac users with malware (lien direct) | Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. [...]
Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. [...] |
Malware | ★★★ | |
|
2025-01-21 10:59:29 | Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (lien direct) | Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. [...]
Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. [...] |
Ransomware Malware | ★★★ | |
|
2025-01-20 14:06:38 | HPE investigates breach as hacker claims to steal source code (lien direct) | Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company\'s developer environments. [...]
Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company\'s developer environments. [...] |
Threat | ★★★ | |
|
2025-01-17 15:17:22 | Otelier data breach exposes info, hotel reservations of millions (lien direct) | Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests\' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. [...]
Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests\' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. [...] |
Data Breach Threat Cloud | ★★★ | |
|
2025-01-17 11:57:01 | US sanctions Chinese firm, hacker behind telecom and Treasury hacks (lien direct) | The U.S. Department of the Treasury\'s Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. [...]
The U.S. Department of the Treasury\'s Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. [...] |
Threat | ★★★ | |
|
2025-01-16 11:26:41 | Wolf Haldenstein law firm says 3.5 million impacted by data breach (lien direct) | Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. [...]
Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. [...] |
Data Breach | ★★ | |
|
2025-01-15 21:57:23 | Hackers leak configs and VPN credentials for 15,000 FortiGate devices (lien direct) | A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. [...]
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. [...] |
Technical | ★★★ | |
|
2025-01-15 15:04:45 | MikroTik botnet uses misconfigured SPF DNS records to spread malware (lien direct) | A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. [...]
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. [...] |
Malware | ★★★ | |
|
2025-01-15 14:44:28 | Label giant Avery says website hacked to steal credit cards (lien direct) | Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers\' credit cards and personal information. [...]
Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers\' credit cards and personal information. [...] |
Data Breach | ★★★ | |
|
2025-01-14 15:54:28 | WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (lien direct) | A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...]
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...] |
Malware | ★★★ | |
|
2025-01-14 11:26:26 | FBI deletes Chinese PlugX malware from thousands of US computers (lien direct) | The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...]
The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...] |
Malware | ★★★ | |
|
2025-01-14 10:57:07 | Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (lien direct) | Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...]
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...] |
Threat | ★★★ | |
|
2025-01-14 10:24:27 | Fortinet warns of auth bypass zero-day exploited to hijack firewalls (lien direct) | Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]
Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...] |
Vulnerability Threat | ★★★ | |
|
2025-01-13 17:36:16 | OneBlood confirms personal data stolen in July ransomware attack (lien direct) | Blood-donation not-for-profit OneBlood confirms that donors\' personal information was stolen in a ransomware attack last summer. [...]
Blood-donation not-for-profit OneBlood confirms that donors\' personal information was stolen in a ransomware attack last summer. [...] |
Ransomware | ★★★ | |
|
2025-01-13 15:33:46 | Stolen Path of Exile 2 admin account used to hack player accounts (lien direct) | Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. [...]
Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. [...] |
Hack Threat | ★★★ | |
|
2025-01-13 11:50:12 | UK domain registry Nominet confirms breach via Ivanti zero-day (lien direct) | Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...]
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...] |
Vulnerability Threat | ★★★★ | |
|
2025-01-11 10:21:31 | Fake LDAPNightmware exploit on GitHub spreads infostealer malware (lien direct) | A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [...]
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [...] |
Malware Threat | ★★★ | |
|
2025-01-10 14:15:09 | Telefónica confirms internal ticketing system breach after data leak (lien direct) | Spanish telecommunications company Telefónica confirms its internal ticketing system was breached after stolen data was leaked on a hacking forum. [...]
Spanish telecommunications company Telefónica confirms its internal ticketing system was breached after stolen data was leaked on a hacking forum. [...] |
★★★ | ||
|
2025-01-10 13:12:17 | New Web3 attack exploits transaction simulations to steal crypto (lien direct) | Threat actors are employing a new tactic called "transaction simulation spoofing" to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. [...]
Threat actors are employing a new tactic called "transaction simulation spoofing" to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. [...] |
Threat | ★★★ | |
|
2025-01-10 11:37:59 | Docker Desktop blocked on Macs due to false malware alert (lien direct) | Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. [...]
Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. [...] |
Malware | ★★★ | |
|
2025-01-10 10:19:50 | STIIIZY data breach exposes cannabis buyers\\' IDs and purchases (lien direct) | Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. [...]
Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. [...] |
Data Breach | ★★★ | |
|
2025-01-09 16:07:03 | Largest US addiction treatment provider notifies patients of data breach (lien direct) | BayMark Health Services, North America\'s largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. [...]
BayMark Health Services, North America\'s largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. [...] |
Data Breach | ★★★ | |
|
2025-01-09 12:20:26 | MirrorFace hackers targeting Japanese govt, politicians since 2019 (lien direct) | The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed "MirrorFace" hacking group. [...]
The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed "MirrorFace" hacking group. [...] |
Legislation | ★★★ | |
|
2025-01-09 11:49:01 | US Treasury hack linked to Silk Typhoon Chinese state hackers (lien direct) | Chinese state-backed hackers, tracked as Silk Typhoon, have been linked to the U.S. Office of Foreign Assets Control (OFAC) hack in early December. [...]
Chinese state-backed hackers, tracked as Silk Typhoon, have been linked to the U.S. Office of Foreign Assets Control (OFAC) hack in early December. [...] |
Hack | ★★★ | |
|
2025-01-09 11:11:20 | Google: Chinese hackers likely behind Ivanti VPN zero-day attacks (lien direct) | Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called \'Dryhook\' and \'Phasejam\' that is not currently associated with any threat group. [...]
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called \'Dryhook\' and \'Phasejam\' that is not currently associated with any threat group. [...] |
Malware Vulnerability Threat | ★★★ | |
|
2025-01-08 15:43:34 | Ivanti warns of new Connect Secure flaw used in zero-day attacks (lien direct) | Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...]
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...] |
Malware Vulnerability Threat | ★★★ | |
|
2025-01-08 14:26:04 | Russian ISP confirms Ukrainian hackers "destroyed" its network (lien direct) | Russian internet service provider Nodex confirmed on Tuesday that its network was "destroyed" in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance [...]
Russian internet service provider Nodex confirmed on Tuesday that its network was "destroyed" in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance [...] |
★★★★ | ||
|
2025-01-08 12:28:01 | Medical billing firm Medusind discloses breach affecting 360,000 people (lien direct) | Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...]
Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...] |
Data Breach Medical | ★★★ | |
|
2025-01-08 10:05:50 | Thousands of credit cards stolen in Green Bay Packers store breach (lien direct) | American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. [...]
American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. [...] |
★★★ | ||
|
2025-01-08 08:30:46 | UN aviation agency confirms recruitment database security breach (lien direct) | The United Nations\' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. [...]
The United Nations\' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. [...] |
Threat | ★★★ | |
|
2025-01-07 23:26:09 | PowerSchool hack exposes student, teacher data from K-12 districts (lien direct) | Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. [...]
Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. [...] |
Hack Threat | ★★ | |
|
2025-01-07 16:56:52 | Casio says data of 8,500 people exposed in October ransomware attack (lien direct) | Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. [...]
Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. [...] |
Ransomware | ★★ | |
|
2025-01-07 15:21:26 | US govt launches cybersecurity safety label for smart devices (lien direct) | Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. [...]
Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. [...] |
★★★ | ||
|
2025-01-07 13:08:24 | Washington state sues T-Mobile over 2021 data breach security failures (lien direct) | Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. [...]
Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. [...] |
Data Breach | ★★ | |
|
2025-01-07 10:59:23 | UN aviation agency investigating \\'potential\\' security breach (lien direct) | On Monday, the United Nations\' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident." [...]
On Monday, the United Nations\' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident." [...] |
★★★ |
To see everything:
Our RSS (filtrered)
