PyTorch discloses malicious dependency chain compromise over holidays
PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency...
cybersecurity
Ransomware gang cloned victim’s website to leak stolen data
The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica...
Ransomware gang apologizes, gives SickKids hospital free decryptor
The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its...
Canadian mining firm shuts down mill after ransomware attack
The Canadian Copper Mountain Mining Corporation (CMMC) in British Columbia has announced that it was the target of a ransomware attack...
LockBit ransomware claims attack on Port of Lisbon in Portugal
An cyberattack hitting the Port of Lisbon Administration (APL), the third-largest port in Portugal, on Christmas day has been claimed...
New Linux malware uses 30 plugin exploits to backdoor WordPress sites
A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. According to...
Netgear warns users to patch recently fixed WiFi router bug
Netgear has fixed a high-severity vulnerability affecting multiple WiFi router models and advised customers to update their devices to the...
Google Home speakers allowed hackers to snoop on conversations
A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely...
Crypto platform 3Commas admits hackers stole API keys
An anonymous Twitter user published yesterday a set of 10,000 API keys allegedly obtained from the 3Commas cryptocurrency trading platform....
Ukraine shuts down fraudulent call center claiming 18,000 victims
A group of imposters operating out of a Ukrainian call center defrauded thousands of victims while pretending to be IT security...
Royal ransomware claims attack on Intrado telecom provider
The Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado on Tuesday. While Intrado is yet...
Hackers abuse Google Ads to spread malware in legit software
Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products....
Thousands of Citrix servers vulnerable to patched critical flaws
Thousands of Citrix ADC and Gateway deployments remain vulnerable to two critical-severity security issues that the vendor fixed in recent months....
Ransomware attack at Louisiana hospital impacts 270,000 patients
The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who...
Hackers steal $8 million from users running trojanized BitKeep apps
Multiple BitKeep crypto wallet users reported that their wallets were emptied during Christmas after hackers triggered transactions that didn't require...
EarSpy attack eavesdrops on Android phones via motion sensors
A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's...
BTC.com lost $3 million worth of cryptocurrency in cyberattack
BTC.com, one of the world's largest cryptocurrency mining pools, announced it was the victim of a cyberattack that resulted in...
Hacker claims to be selling Twitter data of 400 million users
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using...
Massive Twitter data leak investigated by EU privacy watchdog
Source: DALL-E The Irish Data Protection Commission (DPC) has launched an inquiry following last month's news reports of a massive Twitter...
The Week in Ransomware – December 23rd 2022 – Targeting Microsoft Exchange
Reports this week illustrate how threat actors consider Microsoft Exchange as a prime target for gaining initial access to corporate...
New info-stealer malware infects software pirates via fake cracks sites
A new information-stealing malware named ‘RisePro’ is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware...
Hackers exploit bug in WordPress gift card plugin with 50K installs
Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000...
North Korea linked threat actors have stolen an estimated billion worth of cryptocurrency and other virtual assets in the past five years
North Korea-linked threat actors have stolen an estimated $1.2 billion worth of cryptocurrency and other virtual assets in the past...
The nbsp data breach suffered by LastPass in August may have been more severe than previously thought
The data breach suffered by LastPass in August 2022 may have been more severe than previously thought.In August password management software...
