Security Affairs

SEPTEMBER 14, 2023

A joint investigation conducted by Access Now and the Citizen Lab revealed that the journalist, who is at odds with the Russian government, was infected with the surveillance software. The investigation started on June 22, 2023, after Timchenko received a notification from Apple that state-sponsored attackers may be targeting her iPhone.

Spyware 134

Spyware Surveillance Media Government 134

Security Affairs

NOVEMBER 26, 2023

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software New InfectedSlurs Mirai-based botnet exploits two zero-days SiegedSec hacktivist group hacked Idaho National Laboratory (INL) CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog Enterprise software provider TmaxSoft leaks 2TB of data (..)

Data breaches 131

Data breaches Surveillance Cryptocurrency Ransomware 131

Security Affairs

JULY 30, 2023

Now Abyss Locker also targets VMware ESXi servers Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency Monitor Insider Threats but Build Trust First Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS DepositFiles exposed (..)

Surveillance 98

Surveillance Cryptocurrency Cyber Attacks Hacking 98

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 128

Spyware Surveillance DDOS Identity Theft 128

Security Affairs

SEPTEMBER 24, 2023

0-days exploited by commercial surveillance vendor in Egypt PREDATOR IN THE WIRES OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes Cybersecurity Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

Cyber Attacks 124

Cyber Attacks Firewall Data breaches Telecommunications 124

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 127

Artificial Intelligence Data breaches Scams Insurance 127

Security Affairs

APRIL 16, 2023

New Android malicious library Goldoson found in 60 apps +100M downloads Siemens Metaverse exposes sensitive corporate data CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog Volvo retailer leaks sensitive files A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays Google fixed (..)

Data breaches 98

Data breaches Spyware Surveillance Cybercrime 98

Security Affairs

SEPTEMBER 1, 2024

Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong EU investigating Telegram over user numbers Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Surveillance 122

Surveillance Malware Firewall Phishing 122

Security Affairs

JULY 15, 2023

Government agencies SonicWall urges organizations to fix critical flaws in GMS/Analytics products Citrix fixed a critical flaw in Secure Access Client for Ubuntu Cl0p hacker operating from Russia-Ukraine war front line – exclusive Fortinet fixed a critical flaw in FortiOS and FortiProxy Microsoft mitigated an attack by Chinese threat actor Storm-0558 (..)

Spyware 98

Spyware Hacking Data breaches Government 98

Security Affairs

MARCH 26, 2023

If you want to also receive for free the newsletter with the international press subscribe here.

Data breaches 98

Data breaches DDOS Backups Hacking 98

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

SecureWorld News

NOVEMBER 30, 2023

The flaw, tracked as CVE-2023-6345 , marks the sixth Chrome Zero-Day exploit in 2023 and showcases a growing trend in major browsers suffering Zero-Day attacks. Surveillance players have realized that targeting browsers provides extensive monitoring of victims while avoiding app store defenses.

Spyware 113

Spyware Surveillance Malware Risk 113

Security Affairs

DECEMBER 10, 2023

Will Enable Mass Spying Reddit Says Leaked U.S.-U.K. billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Data breaches 129

Data breaches Ransomware Hacking Financial Services 129

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 98

Data breaches DDOS Ransomware Hacking 98

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 98

Spyware Ransomware Malware Data breaches 98

Security Affairs

DECEMBER 15, 2024

CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox U.S.

Firewall 66

Firewall Spyware Surveillance Cybercrime 66

Security Affairs

JULY 20, 2023

Most recent samples of DraginEgg are dated April 2023. “After it’s installed and launched, WyrmSpy uses known rooting tools to gain escalated privileges to the device and perform surveillance activities specified by commands received from its C2 servers. ” reads the report published by Lookout.

Spyware 98

Spyware Surveillance Malware Mobile 98

Security Affairs

FEBRUARY 19, 2023

Twitter will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers GoDaddy discloses a new data breach Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb German airport websites hit by DDos attacks once again Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine CISA adds Cacti, Office, Windows (..)

DDOS 98

DDOS Data breaches Ransomware Hacking 98

Security Affairs

APRIL 16, 2023

The phishing attacks began in February 2023, the IT giant reported. Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms.

Accountability 98

Accountability Phishing Financial Services Surveillance 98

Zero Day

JUNE 20, 2025

As cybercrime is global problem, it can be extremely difficult for law enforcement to prosecute the perpetrators.  The attacker may conduct surveillance first, mapping a network to find the most valuable resources or to discover potential pathways to jump into other systems. What happens when an attacker is inside a network?

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. The US Cybersecurity and Infrastructure Security Agency (CISA) provided additional IoCs associated with exploitation of CVE-2023-2868. A review of last year’s predictions 1.

Hacking 141

Hacking Energy and Utilities Malware Media 141

Zero Day

JUNE 22, 2025

As cybercrime is global problem, it can be extremely difficult for law enforcement to prosecute the perpetrators.  The attacker may conduct surveillance first, mapping a network to find the most valuable resources or to discover potential pathways to jump into other systems. What happens when an attacker is inside a network?

Passwords 101

Passwords Data breaches Password Management Accountability 101

SecureWorld News

DECEMBER 11, 2023

In July of 2023, the city of Hayward, California, declared a state of emergency after a cyberattack had degraded their emergency services dispatching capability. What Stoll was calling us to do is to take the threats of scams, misinformation campaigns, and cybercrime seriously. Let's start with a quick story.

Technology 109

Technology Artificial Intelligence Cybercrime Government 109

BH Consulting

FEBRUARY 15, 2024

It also predicts that organised gangs will use cybercrime more, because it offers easy money for lower risk. The move was prompted by the pending Digital Markets Act There’s a strong overview of the surveillance technology landscape from privacy campaigner Johnny Ryan. VentureBeat also has a good writeup of the key findings.

Passwords 52

Passwords Surveillance Risk Data breaches 52

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday.

Cybercrime 287

Cybercrime Mobile Media Telecommunications 287

Krebs on Security

MARCH 22, 2023

Google said it believes the exploit chain for Samsung devices belonged to a “commercial surveillance vendor,” without elaborating further. 3, 2023 post on BreachForums, comparing the redacted code from the DarkNavy analysis with the same function in the Pinduoduo app available for download at the time.

Malware 329

Malware eCommerce Mobile Marketing 329

SecureList

OCTOBER 17, 2023

This is our latest installment, focusing on activities that we observed during Q3 2023. The most remarkable findings In early 2023, we discovered an ongoing attack targeting government entities in the APAC region by compromising a specific type of a secure USB drive, which provides hardware encryption.

Government 141

Government Malware Manufacturing VPN 141

Krebs on Security

AUGUST 15, 2024

On July 21, 2024, denizens of the cybercrime community Breachforums released more than 4 terabytes of data they claimed was stolen from nationalpublicdata.com, a Florida-based company that collects data on consumers and processes background checks. billion rows of records — they claimed was taken from nationalpublicdata.com. .”

Hacking 349

Hacking Data breaches Identity Theft Accountability 349

SecureWorld News

JUNE 18, 2025

Although harmless on its own, it highlighted how real systems, like medical imaging or surveillance, could be tricked to make critical misidentifications, simply by adding crafted noise to inputs. Privacy breach via training data (model inversion) In 2023, an incident occurred that showed the dangers of leaked training data.

Cybersecurity 103

Cybersecurity Artificial Intelligence Risk Healthcare 103

Security Affairs

SEPTEMBER 29, 2024

CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw International law enforcement operation dismantled criminal communication platform Ghost U.S.

Hacking 119

Hacking Antivirus Ransomware Cybercrime 119

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS 98

DDOS Hacking Spyware Surveillance 98

eSecurity Planet

DECEMBER 19, 2023

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. Cybercrime will go to the next level: Cyberattackers will implement improved skills, “shift left” attacks, and shifting strategies to adjust to evolving cyberdefense.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware 98

Spyware Surveillance Artificial Intelligence Data breaches 98

Security Affairs

JUNE 1, 2025

Two Linux flaws can lead to the disclosure of sensitive data Meta stopped covert operations from Iran, China, and Romania spreading propaganda US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor Victorias Secret ‘s website offline (..)

Data breaches 64

Data breaches Scams Surveillance Cybercrime 64

Krebs on Security

NOVEMBER 26, 2024

However, this person’s identity may not remain a secret for long: A careful review of Kiberphant0m’s daily chats across multiple cybercrime personas suggests they are a U.S. A surveillance photo of Connor Riley Moucka, a.k.a. ” On July 29, 2023, Reverseshell posted a screenshot of a login page for a major U.S.

DDOS 319

DDOS Cybercrime Accountability Government 319

Security Affairs

DECEMBER 22, 2024

CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog ConnectOnCall data breach impacted over 900,000 individuals Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise (..)

Data breaches 62

Data breaches Cybercrime Spyware Firmware 62

Krebs on Security

MARCH 2, 2023

The document points to the 2021 takedown of the Emotet botnet — a cybercrime machine that was heavily used by multiple Russian ransomware groups — as a model for this activity, but says those disruptive operations need to happen faster and more often. cyber interests.

Cybersecurity 286

Cybersecurity Insurance Cyber Insurance Government 286