City of Toronto confirms data theft, Clop claims responsibility
City of Toronto is among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree. Other victims listed alongside the Toronto city...
cybersecurity
WordPress force patching WooCommerce plugin with 500K installs
Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of...
PoC exploits released for Netgear Orbi router vulnerabilities
Proof-of-concept exploits for vulnerabilities in Netgear’s Orbi 750 series router and extender satellites have been released, with one flaw a...
Hackers inject credit card stealers into payment processing modules
A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding...
Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023
On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day...
Dole discloses employee data breach after ransomware attack
Fresh produce giant Dole Food Company has confirmed threat actors behind a February ransomware attack have accessed the information of...
Facebook accounts hijacked by new malicious ChatGPT Chrome extension
A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over...
North Korean hackers using Chrome extensions to steal Gmail emails
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence...
Coinbase Wallet ‘Red Pill’ flaw allowed attacks to evade detection
Coinbase wallet and other decentralized crypto apps (dapps) were found to be vulnerable to "red pill attacks," a method that...
Hackers use new PowerMagic and CommonMagic malware to steal data
Security researchers have discovered attacks from an advanced threat actor that used “a previously unseen malicious framework” called CommonMagic and...
LockBit ransomware gang now also claims City of Oakland breach
Another ransomware operation, the LockBit gang, now threatens to leak what it describes as files stolen from the City of Oakland's...
Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen
The Clop ransomware gang claims to have attacked Saks Fifth Avenue on its dark web leak site. The cyber security...
Breached hacking forum shuts down, fears it’s not ‘safe’ from FBI
The notorious Breached hacking forum has shut down after the remaining administrator, Baphomet, disclosed that they believe law enforcement has...
Hackers target .NET developers with malicious NuGet packages
Threat actors are targeting and infecting .NET developers with cryptocurrency stealers delivered through the NuGet repository and impersonating multiple legitimate...
General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen
Leading Bitcoin ATM maker General Bytes disclosed that hackers stole cryptocurrency from the company and its customers using a zero-day...
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022
Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022,...
Google Pixel flaw allowed recovery of redacted, cropped images
An 'Acropalypse' flaw in Google Pixel's Markup tool made it possible to partially recover edited or redacted screenshots and images,...
Ferrari discloses data breach after receiving ransom demand
Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company's...
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks
A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS...
Emotet malware now distributed in Microsoft OneNote files to evade defenses
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more...
NBA alerts fans of a data breach exposing personal information
The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, "held" by...
RAT developer arrested for infecting 10,000 PCs with malware
Ukraine's cyberpolice has arrested the developer of a remote access trojan (RAT) malware that infected over 10,000 computers while posing...
Hitachi Energy confirms data breach after Clop GoAnywhere attacks
Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day...
Alleged BreachForums owner ‘Pompompurin’ arrested on cybercrime charges
U.S. law enforcement arrested on Wednesday a New York man believed to be Pompompurin, the owner of the BreachForums hacking...
