Ivanti patches Connect Secure zero-day exploited since mid-March
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a ...
Texas State Bar warns of data breach after INC ransomware claims attack
The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the ...
Genetic data site openSNP to close and delete data over privacy concerns
The openSNP project, a platform for sharing genetic and phenotypic data, will shut down on April 30, 2025, and delete all ...
Verizon Call Filter API flaw exposed customers' incoming call history
A vulnerability in Verizon's Call Filter feature allowed customers to access the incoming call logs for another Verizon ...
Oracle privately confirms Cloud breach to customers
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017.
Recent GitHub supply chain attack traced to leaked SpotBugs token
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise ...
Scallywag ad-fraud operation generated 1.4 billion ad requests per day
A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.
GitHub expands security tools after 39 million secrets leaked in 2024
Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations ...
Cisco warns of CSLU backdoor admin account used in attacks
Cisco warns admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor ...
Police shuts down KidFlix child sexual exploitation platform
Kidflix, one of the largest platforms used to host, share, and stream child sexual abuse material (CSAM) on the dark web, was ...
Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans
A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with ...
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain
A RAR file, a fake summons, and a Nietzsche quote—all part of a multi-stage malware chain delivering DCRat & Rhadamanthys.