All Articles (2537)

Sort by

13566475869?profile=RESIZE_400xNearly 50% of consumers on both sides of the Atlantic have been targeted by social media advertising promoting retail fraud guides and services, and thinly disguised ‘refund hacks,’ according to new research from Netacea.  The UK-based cybersecurity specialist polled over 2000 consumers in the UK and US to compile its 2025 Cyberfraud in Retail report.  The study warned that fraud is increasingly normalized via high-profile ads on the surface web, designed to encourage consumers to participate in

13566489655?profile=RESIZE_400xHackers stole more than $12 million worth of cryptocurrency from the decentralized finance (DeFi) platform Cork Protocol this past week.  Company co-founder Phil Fogel said all activity on the platform has been paused.  “There was a security incident affecting the wstETH:weETH market at 11:23 UTC today.  All other Cork markets have been paused as a precaution, and no other markets have been impacted,” the company later said in a statement.  “We are actively investigating the situation and will c

13565861454?profile=RESIZE_400xChinese authorities have accused a hacker group allegedly backed by Taiwan of carrying out a cyberattack on a local technology company and targeting sensitive infrastructure across the mainland, state media reported.  According to police in Guangzhou, the group, allegedly linked to Taiwan’s ruling Democratic Progressive Party (DPP), has targeted more than 1,000 key networks in over 10 Chinese provinces, including military, energy, transportation and government systems.

Chinese authorities said t

13565898296?profile=RESIZE_400xCybersecurity researcher Jeremiah Fowler has discovered a misconfigured and unprotected database containing over 184 million unique login names and passwords.  According to Fowler’s research, shared with Hackread.com, this exposed collection amounted to approximately. 47.42 gigabytes of data.

A Massive Data Leak - The database, which lacked password protection or encryption, stored credentials for numerous online services.  These included popular email providers, major tech platforms such as Mic

13565394455?profile=RESIZE_400xAttackers continue to exploit insecure DNS configurations to hijack domain names and redirect users to malicious sites for scams, malware distribution, and other nefarious activities.  Recently, a threat actor tracked by Infoblox as "Hazy Hawk" has been leveraging a different version of the attack vector to seize control of abandoned cloud resources, such as S3 buckets and Azure endpoints, linked to prominent organizations.  Infoblox observed the threat actor using the hijacked domains to host a

13563077261?profile=RESIZE_400xThis US cyber security advisory sent through CISA highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 2616

13563318660?profile=RESIZE_400xConservative activist Robby Starbuck has filed a defamation lawsuit against Meta alleging that the social media giant’s artificial intelligence chatbot spread false statements about him, including that he participated in the riot at the US Capitol on 6 January 2021.  Starbuck, known for targeting corporate DEI programs, said he discovered the claims made by Meta’s AI in August 2024, when he was going after “woke DEI” policies at motorcycle maker Harley-Davidson.[1]  “One dealership was unhappy w

13565392486?profile=RESIZE_400xA third-party data breach has compromised the personal information of more than 200,000 Harbin Clinic patients.  The breach stems from a cyber-attack in July 2024 targeting Nationwide Recovery Services (NRS), a debt collection agency contracted by the Georgia-based healthcare provider.  The incident came to light following unusual activity on NRS systems, which led to a network outage.  Investigations revealed that threat actors accessed the NRS network between July 5 and 11, 2024, during which

13561133088?profile=RESIZE_400xNew estimates suggest that international criminal outfits are stealing hundreds of billions of dollars from the US government every year.  One of the major goals of the second Trump administration has been to cut what it perceives as government waste thousands of jobs or federal funding programs, for example.  It has not gone so smoothly, and it has caused a lot of furors, but there is one non-partisan area the government might consider applying its resources, if the goal is to save money.  In A

13561093465?profile=RESIZE_400xImproved satellite connectivity has made vessels more efficient at sea, but it has also left their operations and network systems more vulnerable to cyber-attacks.  That is one of the main takeaways from a newly released report, which lays out threats to the Marine Transportation System (MTS) that Coast Guard Cyber identified in 2024, as well as ways operators can strengthen their cyber defenses against them. 

The fourth annual Cyber Trends and Insights in the Marine Environment (CTIME) report i

13563117501?profile=RESIZE_400xVanHelsing Ransomware Overview—In mid-March 2025, the first sample of the VanHelsing ransomware was made available on a publicly accessible file-scanning site. Like other ransomware attacks, VanHelsing demands a ransom to decrypt files via dropped ransom notes. 

Infection Vector - Information on the infection vector used by the VanHelsing ransomware threat actor is unavailable.  However, it is not likely to differ significantly from other ransomware groups.[1]

Attack Method - When run, the VanHe

13557334501?profile=RESIZE_400xIt is hard to believe that ten years have gone by since the devastating hack of the US Office of Personnel Management (OPM).  OPM handles all personnel matters for government employees, including all associated government documents.  BTW - I was a federal employee for 20 years and I am quite confident the CCP has all my personal information.  Ten years ago, that was big news.  Today, the threat remains high. 

US Senator Mark Warner warned the OPM last week that it should not end government contr

13557422897?profile=RESIZE_400xArtificial intelligence (AI) is no longer an emerging trend but a present-day disruptor.  From automated threat detection to generative content creation, AI is transforming industries, workflows, and entire careers.  While some sectors are seeing productivity gains, others are bracing for significant job displacement as AI replaces or reshapes roles that rely heavily on routine, repetitive, or pattern-based tasks.

In the cybersecurity industry and across the broader workforce, the question is no

13557277066?profile=RESIZE_400xOn 14 May 2025, the Nucor Corporation, which is the largest steel producer in the United States, disclosed a cybersecurity incident involving unauthorized access to certain IT systems.  In response, the Charlotte-based company proactively took affected systems offline and temporarily halted production at various locations as a precautionary measure.  In its 8-K filing with the US Securities and Exchange Commission, Nucor stated: "Upon detecting the incident, the company began promptly taking ste

13557349667?profile=RESIZE_192XIntel has spent much of its goodwill with customers chasing down bugs: the Spectre and Meltdown bugs it dealt with years ago, and the instability that plagued its Raptor Lake processors last year.  Now there are additional chapters in each of those stories.

You don’t have to do anything; make sure your PC is patched and updated.  But there will be a price to pay in performance in fixing the latest issue, and one you can’t do anything about.[1]

On 1 May, Intel issued another microcode update for

13557257457?profile=RESIZE_400xThe recent cyber-attacks aimed at Marks & Spencer, the Co-op and Harrods have been in the news, but this is not just an issue for retailers, as hackers strike almost any firm, in any line of business, at anytime and anywhere in the world.  The reality for business leaders, and for investors, is that the risk is practically universal.  FTSE 100 CEOs and entrepreneurs running small firms are living in fear that they will be next.  Cyber-attacks have cost UK companies £44 billion in lost revenue ov

13553792679?profile=RESIZE_400xSecurity researchers have reported on an active Phishing-as-a-service (PhaaS) operation that victimized hundreds of thousands in just a few months.   According to Norwegian security firm Mnemonic, Darcula is designed to target iPhone and Android users with phishing messages, spoofing brands to trick them into handing over card details.  Operating globally, it convinces victims to click through on SMS, RCS, and iMessage texts impersonating brands such as delivery firms. Victims are asked to pay d

13555768273?profile=RESIZE_400xIntel has spent much of its goodwill with customers chasing down bugs: the Spectre and Meltdown bugs it dealt with years ago, as well as the instability that plagued its Raptor Lake processors last year.  Now there are additional chapters in each of those stories.

You don’t have to do anything, just make sure your PC is patched and up to date.  But there will be a price to pay in performance in fixing the latest issue, and one you can’t really do anything about.[1]

On 1 May, Intel issued yet ano

13554853255?profile=RESIZE_400xThe FortiMail IR team recently uncovered a new email campaign distributing a Remote Access Trojan (RAT) using multiple evasion techniques to target organizations in Spain, Italy, and Portugal. The campaign leverages the serviciodecorreo email service provider, which is configured as an authorized sender for various domains and successfully passes SPF validation.[1]

Affected platforms: Windows (primarily), Linux & macOS (if Java is installed)

Impacted parties: Users on systems with Java Runti

13553791689?profile=RESIZE_400x

A new malware called LOSTKEYS, capable of stealing files and system data, has been identified by Google’s Threat Intelligence Group (GTIG) as part of a series of cyberattacks attributed to COLDRIVER, a threat actor linked to the Russian government.   The malware, observed in attacks during January, March, and April 2025, marks a new step in COLDRIVER’s evolving capabilities.  Previously known primarily for credential phishing targeting Western diplomats, NGOs, and intelligence personnel, the gr