Category: Security

Asahi Group Holdings, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. […]

Read more →

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. […]

Read more →

The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. […]

Read more →

Unrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their capabilities to generate malicious code, delivering functional scripts for ransomware encryptors and lateral movement. […]

Read more →

GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks. […]

Read more →

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. […]

Read more →

The NordVPN Black Friday Deal is now live, and you can get the best discount available: 77% off that applies automatically when you follow our link. If you’ve been waiting for the right moment to upgrade your online security, privacy, and streaming freedom, this is the one VPN deal we can guarantee will have you smiling…

Read more →

Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers. […]

Read more →

ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. […]

Read more →

Black Friday 2025 is almost here, and early deals are already live across security software, online courses, system administration tools, antivirus products, and VPN services. These discounts are limited-time offers and vary by provider, so if you see something that fits your needs, it’s best to act while it’s available. […]

Read more →

The FBI warns of a surge in account takeover (ATO) fraud schemes and says that cybercriminals impersonating various financial institutions have stolen over $262 million in ATO attacks since the start of the year. […]

Read more →

Tor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). […]

Read more →

Year-end budgeting is the perfect time to close real security gaps by strengthening identity controls, reducing redundant tools, and investing in outcome-driven engagements. The article highlights how targeting credential risks and documenting results helps teams maximize spend and justify next year’s budget. […]

Read more →

Thousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter and CodeBeautify online tools that format and structure code. […]

Read more →

​Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school’s Oracle E-Business Suite servers on its dark web leak site. […]

Read more →

A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. […]

Read more →

New ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. […]

Read more →

SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. […]

Read more →

Hybrid work exposes the limits of SCCM and WSUS, with remote devices often missing updates and WSUS now deprecated. Action1’s cloud-native patching keeps devices updated from any location, strengthening compliance and security. […]

Read more →

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. […]

Read more →

Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members. […]

Read more →

When infrastructure itself becomes the target In early 2024, a breach involving Snowflake, Inc. sent a quiet shockwave through boardrooms across industries. Attackers bypassed perimeter defenses entirely; no malware, no exploit kit, no zero-day. They simply walked through an identity gap: weak credentials and excessive permissions. The attackers pivoted laterally inside multiple customer environments (AT&T,…

Read more →

Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black Friday savings. […]

Read more →

Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have leaked 77 GB of data allegedly stolen from the airline. […]

Read more →

The holidays can be hard on any budget, but there may be a way to make it a little easier. Instead of dashing through the snow all around town, get all your shopping done under one roof at Costco. Right now, you can even get a 1-Year Costco Gold Star Membership plus a $40 Digital…

Read more →

Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. […]

Read more →

Huntress analysts reconstructed a Qilin ransomware attack from a single endpoint, using limited logs to reveal rogue ScreenConnect access, failed infostealer attempts, and the ransomware execution path. The investigation shows how validating multiple data sources can uncover activity even when visibility is reduced to a “pinhole.” […]

Read more →

American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with unnamed threat actors. […]

Read more →

Two British teenagers have denied charges related to an investigation into the breach of Transport for London (TfL) in August 2024, which caused millions of pounds in damage and exposed customer data. […]

Read more →

Avast is rolling out Scam Guardian, a free AI-powered protection layer that analyzes websites, messages, and links to detect rising scam threats. Powered by Gen Threat Labs data, it reveals hidden dangers in code and adds 24/7 scam guidance through the Avast Assistant. […]

Read more →

Deeper Network Promo

Data from Italy’s national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization’s IT services provider, Almaviva. […]

Read more →

A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. […]

Read more →

Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. […]

Read more →

American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. […]

Read more →

OPSWAT, a provider of critical infrastructure protection (CIP) cybersecurity solutions, has opened a new state-of-the-art production facility in the U.S. to manufacture hardware domestically. Facility in Florida will serve as production and logistics center for global operations Through this Tampa, Fla.-based facility, OPSWAT will enhance supply chain integrity to ensure compliance with stringent U.S. and…

Read more →

Photocall, a TV piracy streaming platform with over 26 million users annually, has ceased operations following a joint investigation by the Alliance for Creativity and Entertainment (ACE) and DAZN. […]

Read more →

Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving “customers” the option to launch highly deceptive attacks. […]

Read more →