Category: Security

Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims’ activity, and harvesting credentials after breaching their networks. […]

Read more →

Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. […]

Read more →

Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. […]

Read more →

Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. […]

Read more →

Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. […]

Read more →

The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. […]

Read more →

PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid. […]

Read more →

A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. […]

Read more →

Passwords alone aren’t cutting it—31% of breaches involve stolen credentials. Learn from Specops Software about how Universal 2nd Factor (U2F) and strong password policies can work together to keep your organization secure. […]

Read more →

CISA warned critical infrastructure organizations of “unsophisticated” threat actors actively targeting the U.S. oil and natural gas sectors. […]

Read more →

​Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. […]

Read more →

The Legal Aid Agency (LAA), an executive agency of the UK’s Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. […]

Read more →

You can’t protect what you can’t see. From shadow IT to supplier risk, modern attack surfaces are sprawling fast — and External Attack Surface Management (EASM) is how security teams take back control. Learn from Outpost24 how EASM powers proactive digital risk protection. […]

Read more →

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. […]

Read more →

TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked. […]

Read more →

The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide. […]

Read more →

The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide. […]

Read more →

Following three high-profile cyberattacks impacting major UK retailers, the country’s National Cyber Security Centre (NCSC) has published guidance that all companies are advised to follow to strengthen their cybersecurity defenses. […]

Read more →

Let me start by very simply explaining the problem we’re trying to solve with passkeys. Imagine you’re logging on to a website like this: And, because you want to protect your account from being logged into by someone else who may obtain your username and password, you’ve turned on two-factor authentication (2FA). That means that…

Read more →

The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. […]

Read more →

The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. […]

Read more →

A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. […]

Read more →

The United Kingdom’s National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a “wake-up call.” […]

Read more →

A California man who used the alias “NullBulge” has pleaded guilty to illegally accessing Disney’s internal Slack channels and stealing over 1.1 terabytes of internal company data. […]

Read more →

London’s iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. […]

Read more →

London’s iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. […]

Read more →

Seven malicious PyPi packages were found using Gmail’s SMTP servers and WebSockets for data exfiltration and remote command execution. […]

Read more →

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. […]

Read more →

Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn’t gain access to customer backup data. […]

Read more →

The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. […]

Read more →

British supermarket chain Co-op Food has confirmed to BleepingComputer via a statement that it has suffered limited operational disruption as it responds to a cyberattack. […]

Read more →

Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. […]

Read more →

Today, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. […]

Read more →

South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May. […]

Read more →

IBM has added new agentic and automation capabilities to its managed detection and response (MDR) services to help customers more quickly and efficiently secure enterprise resources. Specifically, Big Blue is launching an agentic AI system called Autonomous Threat Operations Machine (ATOM), which is designed to provide automated threat triage, investigation, and remediation and reduce the…

Read more →

Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as “Scattered Spider” BleepingComputer has learned from multiple sources. […]

Read more →

Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. […]

Read more →

Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people.  […]

Read more →

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. […]

Read more →

The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. […]

Read more →

A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a “critical patch” that adds a WordPress backdoor to the site. […]

Read more →

British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. […]

Read more →

African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. […]

Read more →

​Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. […]

Read more →