X-Industry

Credit rating company TransUnion has suffered a data breach, which has impacted the personal information of nearly 4.5 million Americans.  The firm revealed that unauthorized access was gained to a third-party application serving its US consumer support operations in a notification letter to impacted customers.  The information was limited to specific data elements and did not include credit reports or core credit information.

TransUnion has not publicly provided any more details on the nature o

A new sneaky type of malware, known as Raven Stealer, has been identified by the Lat61 Threat Intelligence Team at Point Wild.  The research team, led by Onkar R. Sonawane, has found that this seemingly simple program is surprisingly adept at remaining undetected while stealing your personal information.  The research, shared with Hackread.com, reveals that the malware is primarily spread through underground forums and often bundled with pirated software.

Built using the programming languages De

A joint study by Cybersecurity at MIT Sloan (CAMS) and Safe Security has examined 2,800 ransomware incidents and found that a staggering 80.83%, or more than 2,272 attacks, were driven by artificial intelligence. This statistic is not theoretical; it's based on comprehensive, real-world data collected during 2023–2024.

The Rethinking the Cybersecurity Arms Race working paper paints a vivid picture of how AI is transforming attack methods. Adversaries are no longer relying on manual orchestration

What began as a quiet investigation into suspicious Salesforce activity has escalated into one of the most significant SaaS supply chain incidents of the year. Google's Threat Intelligence Group (GTIG) reports that a threat actor, tracked as UNC6395, exploited compromised OAuth tokens from Salesloft's Drift integrations to extract data from multiple customers' Salesforce instances. The campaign ran at least from 8 to 18 August 2025. GTIG's assessment is blunt: "GTIG assesses the primary intent o

Cybersecurity researcher Jeremiah Fowler identified two unprotected, misconfigured databases containing nearly one million records linked to Ohio Medical Alliance LLC, a company better known under its brand name Ohio Marijuana Card.  Fowler, who reported the exposure to Website Planet, found that the databases were left open without encryption or password protection, allowing anyone with an internet connection to access names, Social Security numbers (SSN), dates of birth, home addresses, and hi

Why hack when hackers are willing to sell guaranteed access to breached networks?  Increasingly, cybercrooks agree they would rather outsource than bother with the tedium of actual network penetration, leading to a flourishing initial access market.  Remote access to a victim's network now retails for an average price of $2,700, although about 40% of what's being sold goes for much less $500 to $1,000, noted in a report from cybersecurity firm Rapid7.   Research is based on listings posted over

Google has announced a significant data breach that has hit its corporate Salesforce database, and Google sent email notifications to the affected users on 08 August 2025.  Earlier, Google had said that one of its corporate Salesforce instances was compromised in June 2025 by the notorious cybercriminal group known as ShinyHunters, officially tracked as UNC6040 by the Google Threat Intelligence Group.  “We believe threat actors using the 'ShinyHunters' brand may be preparing to escalate their ex

The legal market segment has been a prime target for cybercriminals due to the highly sensitive and confidential data it holds.  A recent report from the International Legal Technology Association (ILTA) and Fenix24, "Security at Issue: State of Cybersecurity in Law Firms," reveals a crucial shift in the threat landscape.  The report, based on a survey of 60 law firms, indicates that while awareness and investment are rising, fundamental vulnerabilities persist, and human-operated attacks are no

The Cybersecurity Team at SafetyDetectives has uncovered a post on a clear web forum where a threat actor claimed to be selling a database containing 61 million records allegedly belonging to Verizon customers.  The data, packaged in a 3.1 GB CSV/JSON file and dated as “2025,” was offered for purchase on a platform known for hosting discussions on database leaks, cracks, and downloads.  Clear web forums, accessible to anyone with an internet connection, are popular among hackers for sharing and

US insurance giant Allianz Life announced on July 26 that hackers had stolen the personal information of many of its customers, financial professionals, and select Allianz Life employees in the United States.  The insurance giant's filing with Maine's attorney general did not immediately provide the number of customers affected.  According to the filing, the data breach, which the company described as a hack, occurred on July 16 and was discovered on July 17. 

TechCrunch first reported the data

The month of July could barely have started any worse for some financial institutions in Brazil.  On 30 June 2025, C&M Software, a Brazilian company that provides a "bridge" helping the country's central bank connect to local banks, revealed that it had been hacked.  810,306,000 Brazilian reals (approximately US$140 million) were stolen from the reserve accounts of six financial institutions because of the security breach.

In the wake of the attack, which made news headlines in Brazil, the count

Cybersecurity experts at Forcepoint’s X-Labs are warning about the continued activity of Remcos malware. This sophisticated threat consistently adapts to bypass security measures and maintain a hidden presence on infected computers.  This malware, often delivered through convincing phishing attacks, allows attackers to establish long-term access.

According to reports, campaigns observed between 2024 and 2025 show that Remcos malware remains highly active, continually adapting to stay hidden, as

A recent survey result of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag.  Ponemon's, "Cost of a Data Breach Report 2020" (commissioned by IBM), reveals that despite an apparent decline in the average cost of a data breach from $3.92 million in 2019 to $3.86 million this year the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.  Ponemon's analysis of