Hackers breach ISP to poison software updates with malware
A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [...]
Stay updated on the latest compromise incidents in infosec. Discover how breaches occur and learn strategies to protect your data and networks.
Search across headline titles and summaries.
Background for this topic.
Compromise in information security means unauthorized access or control over a system, network, or data, often resulting from exploiting vulnerabilities like software bugs, weak credentials, or misconfigurations. It indicates that an attacker has bypassed security measures to read, modify, or disrupt resources without permission.
Such compromises pose risks including data theft, unauthorized system manipulation, and persistent attacker presence. Detecting and containing compromises requires monitoring for unusual activity, applying timely patches, and enforcing strong access controls to limit attacker movement and reduce the impact of exploited weaknesses.
A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [...]
A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos
Cybersecurity researchers have uncovered a new Android remote access trojan (RAT) called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware
A Vipre study reveals a 20% increase in business email compromise attacks
Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years
It took 13 months to notice 40 million voters' data was compromised The UK's Electoral Commission has received a formal slap on the wrist for a litany of security failings that led to the theft of personal data belonging to around 40 million voters.…
Leaves a trail of ransomware infections, data theft, business email compromise in its wake Insight The developers of EvilProxy – a phishing kit dubbed the "LockBit of phishing" – have produced guides on using legitimate Cloudflare services to disguise malicious traffic. This adds to the ever-growing arsenal of tools offering criminals who lack actual technical expertise to get into the digital thievery biz.…
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script
Thousands of customers of cryptocurrency exchange Gemini have had personal data compromised