The Oxford City Council is investigating a recent cybersecurity breach that disrupted various council services and potentially exposed the personal data of past election workers. The Oxford City Council cyberattack, which occurred over the weekend of June 7–8, was identified by the council’s automated defense show more ...
A security flaw in Apache Traffic Server (ATS) is targeting cloud service providers worldwide. The vulnerability, identified as CVE-2025-49763, exposes affected systems to denial-of-service (DoS) attacks that exploit a critical ACL issue in the server’s Edge Side Includes (ESI) plugin, enabling attackers to exhaust show more ...
Insurance giant Aflac reported today that it was hit by a cyberattack on June 12 but was able to stop the intrusion “within hours.” Aflac detailed the incident in an SEC filing and press release today. The company didn’t name the suspected attacker but said in the press release that “This attack, like many show more ...
Youve probably already seen the headlines The biggest leak in human history. The whole world is in uproar after Cybernews journalists found the logins and passwords to 16 billion accounts in the public domain — two for each inhabitant of the planet! What is this leak, and what do you need to do right now? Whats the show more ...
The communications company shared the discoveries of its investigation with government partners, but there is little information they can publicly disclose other than that there seems to be no impact on customers.
As geopolitical tensions rise, the use of cyber operations and hacktivists continues to grow, with the current conflict between Israel and Iran showing the new face of cyber-augmented war.
_Frank_Peters_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Securing the no-code supply chain isn't just about mitigating risks — it's about enabling the business to innovate with confidence.
As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers.
Minister of Health Ana ‘Akau’ola told parliament on Thursday that an unnamed ransomware gang attacked the National Health Information System, demanding millions in ransom to restore it.
A Krispy Kreme spokesperson said the “vast majority of those affected are Krispy Kreme employees, members of their families, and former employees.”
The digital certification system used by Russia's producers and suppliers of meat, dairy, eggs and other animal products was taken offline after a cyberattack.
Insurance industry giant Aflac said it disrupted a cyberattack within hours of discovering it and is now working to determine how much data was potentially breached in the incident.
A federal judge ruled against a Biden administration privacy rule intended to address worries that patients visiting abortion clinics could have their records seized by law enforcement even if their procedure was legal in the state where it took place.
Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead. The activity, codenamed Banana Squad by ReversingLabs, is assessed to be a continuation of a rogue Python campaign that was identified in 2023 as targeting the Python Package
Iran's state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against the Iranian government, according to multiple reports. It's currently not known who is behind the attack, although Iran pointed fingers at Israel, per Iran International. "If you experience disruptions or irrelevant messages while watching various TV
Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a security event over Easter weekend, they were forced to shut down their online operations, which account for
Cloudflare on Thursday said it autonomously blocked the largest ever distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. "Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks," Cloudflare's Omer
The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes the form of a "Call Lawyer" feature on the affiliate panel, per Israeli cybersecurity company Cybereason. The
Imagine for one moment that you are a cybercriminal. You have compromised an organisation's network, you have stolen their data, you have encrypted their network, and you are now knee-deep in the ransomware negotiation. However, there's a problem. Your target is stalling for time. Who can you, as the show more ...
Krispy Kreme, the dispenser of delectable doughnuts, has revealed that an astonishingly wide range of personal information belonging to past and present employees, as well as members of their families, was accessed by hackers during a cyber attack last year. Read more in my article on the Hot for Security blog.
In modern warfare, it’s not just about who has the biggest bombs — it's about who controls the story.
Source: thehackernews.com – Author: . Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns. “Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a show more ...
Source: thehackernews.com – Author: . The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed show more ...
Source: thehackernews.com – Author: . DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces “silent killer” vulnerabilities: exploitable flaws that evade show more ...
Source: go.theregister.com – Author: Thomas Claburn Researchers based in Israel and India have developed a defense against automated call scams. ASRJam is a speech recognition jamming system that uses a sound modification algorithm called EchoGuard to apply natural audio perturbations to the voice of a person show more ...
Source: go.theregister.com – Author: Connor Jones The United States is requesting [PDF] a month-long extension to the deadline for its final decision regarding an appeal against a judge’s ruling that obtaining tower dumps is unconstitutional. The tower dumps requested in this case could reveal the details show more ...
Source: go.theregister.com – Author: Connor Jones Krispy Kreme finally revealed the number of people affected by its November cyberattack, and it’s easy to see why analyzing the incident took the well-resourced company several months. According to a filing with Maine’s Attorney General, show more ...
Source: go.theregister.com – Author: Connor Jones Cybersecurity experts have started a formal review into the UK cybersecurity market, at the government’s request, to identify future growth opportunities as it looks to grow the industry that’s core to the country’s Industrial Strategy. show more ...
Source: www.infosecurity-magazine.com – Author: A new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered by cybersecurity researchers. The operation, tied to the group known as Banana Squad, used 67 repositories hosting trojanized files that show more ...
Source: www.infosecurity-magazine.com – Author: A new Python-based remote access Trojan (RAT) known as PylangGhost is being deployed in cyber campaigns attributed to the North Korean-aligned group Famous Chollima. According to research from Cisco Talos, this malware, functionally similar to the previously show more ...
Source: www.infosecurity-magazine.com – Author: Krispy Kreme has revealed that over 160,000 people have had sensitive data compromised as a result of a November 2024 data security incident. The affected data includes highly sensitive financial information that could leave impacted individuals vulnerable to show more ...
Source: www.infosecurity-magazine.com – Author: Global banking giant UBS has suffered a data breach following a cyber-attack on a third-party supplier. In a statement emailed to Infosecurity, a UBS spokesperson confirmed a breach had occurred, but it had not impacted customer data or operations. “A show more ...
Source: www.infosecurity-magazine.com – Author: AI Agents hold great promise for IT ticketing services, but they also bring with them new risks. Researchers from Cato Networks have revealed that a new AI agent protocol released by Atlassian, a service desk solutions provider, could allow an attacker to submit a show more ...
Source: www.infosecurity-magazine.com – Author: The US authorities have taken custody of a 33-year-old man believed to have worked as an initial access broker (IAB) for the notorious Ryuk ransomware operation. The Office of the Prosecutor General of Ukraine confirmed the extradition in a Telegram post yesterday. show more ...
Source: thehackernews.com – Author: . Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer show more ...
Source: thehackernews.com – Author: . Cloudflare on Thursday said it autonomously blocked the largest ever distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. show more ...
Source: thehackernews.com – Author: . Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead. The activity, codenamed Banana Squad by ReversingLabs, show more ...
Source: www.infosecurity-magazine.com – Author: UK public sector cybersecurity roles offer an average salary of just £44,739 ($60,070) per annum, according to a study by Bridwell. The cybersecurity firm analyzed 768 cybersecurity job listings across a range of sectors from the recruitment website Indeed. Roles show more ...
Source: www.infosecurity-magazine.com – Author: Keir Giles, a British expert on Russian information operations, has been targeted by a sophisticated spear phishing attack using novel social engineering techniques. The writer and senior consulting fellow at the UK think tank Chatham House was lured into sending show more ...
Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Ian Stewart • June 19, 2025 8:36 AM Does anyone really care? I was talking to the manager of the gym I go to recently about another gym, that photgraphed everyone who entered. He said there should be complete surveillance everywhere, video, show more ...
Source: www.securityweek.com – Author: SecurityWeek News SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a show more ...
Source: www.securityweek.com – Author: Ionut Arghire Oxford City Council in the United Kingdom (UK) is notifying current and former employees that their personal information was likely compromised in a recent cyberattack. The incident, the council says, occurred over the weekend of June 7 and 8, when it show more ...
Source: davinciforensics.co.za – Author: cyberpro. A Continued Cycle South Africa has had a slow approach to compliance with the government regulations and laws set in place. This problem has been exposed at every turn as South Africa has continued to show its vulnerabilities, and cyber criminals see them and show more ...
Source: hackread.com – Author: Deeba Ahmed. A new and concerning cyber threat, dubbed Mocha Manakin, has been identified by cybersecurity research firm Red Canary. First tracked in January 2025, this threat uniquely combines social engineering tricking people with specially built malicious software. Mocha show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Researchers discovered two local privilege escalation flaws that could let attackers gain root access on systems running major Linux distributions. Qualys researchers discovered two local privilege escalation (LPE) vulnerabilities, an attacker can exploit show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini A cyberattack pushed the German napkin firm Fasana into insolvency, likely worsening existing financial troubles and serving as the final blow. German napkin maker Fasana filed for insolvency after a major cyberattack on May 19 paralyzed its systems, show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Researchers discovered the largest data breach ever, exposing 16 billion login credentials, likely due to multiple infostealers. Researchers announced the discovery of what appears to be the largest data breach ever recorded, with an astonishing 16 show more ...
