Security shops among the 'hundreds' of Klue hack victims
As yet another extortion crew Icarus exploits Salesforce-linked integrations
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
As yet another extortion crew Icarus exploits Salesforce-linked integrations
Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation
Also, YellowKey Bypasses BitLocker, Škoda Breach, Kingdom Market Operator JailedThis week, U.S. lawmakers urged action on AI, a BitLocker exploit. Škoda, Nvidia’s GeForce NOW partner and telehealth firm OpenLoop reported breaches. Patch Tuesday. A dark market operator sentenced and pro-Ukraine and Iranian-linked hacking. Nitrogen ransomware attack on Foxconn.
Investigators Find Violations of State Cyber RegulationsNew York fined Delta Dental $2.25 million for the company's response to the mass exploit of a zero-day vulnerability in Progress Software' MOVEit file transfer application. Delta Dental is one of thousands of organizations caught up in the blast radius of an automated 2023 Memorial Day hack.
Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal HitThis week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes
Also: ZachXBT Uncovers DPRK Worker Scam, Hyperbridge Hack, Coinone FineThis week, Operation Atlantic disrupts $45M phishing fraud, ZachXBT uncovers DPRK crypto worker scheme, Hyperbridge exploit, South Korea fines Coinone $3.5M, Kraken faces extortion attempt over insider data leak and American musician loses $420K in fake Ledger app.
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there
Also, Lloyds Data Leak, Dutch Treasury Breach, Citrix Bug Exploit, Pay2Key ActivityThis week, Lloyds data leak hits 450K, Dutch treasury breach, Citrix flaw exploited, Iran-linked ransomware ops, TrueConf zero-day, Russian fraud ring sentenced, Romania targeted, patch gaps persist, and U.S. hospital breach affects 257K.
Also: Chinese Firms Indicted in Crypto-Linked Fentanyl Supply CaseThis week, charges filed in Uranium Finance hack, indictment of Chinese firms in fentanyl supply case, a class action lawsuit against Nvidia, Drift Protocol exploit, KuCoin operational barriers in the United States and a U.K. sanction filed against Xinbi.
Also: SEC Drops BitClout Founder Case, BlockFills Files for Chapter 11This week, a hacker minted $24M from Resolv, SEC dropped its case against BitClout founder, BlockFills filed for Chapter 11, Bitrefill linked hack to Lazarus, OpenClaw phishing scam hit devs, global law enforcement crackdown on scams and Balancer Labs to wind down after $128M exploit.
Cybersecurity researchers say the GitHub leak threatens to "democratize" iPhone exploits that were once reserved for nation-states, potentially putting hundreds of millions of iOS 18 devices at risk. The post DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses appeared first on CyberScoop.
Crooks claim 2 GB haul from AWS instance via React2Shell exploit Data analytics giant LexisNexis has confirmed its Legal & Professional division suffered a data breach days after the Fulcrumsec cybercrime crew claimed responsibility for the hack.…
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. [...]
Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware vulnerabilities and access users' devices. [...]
Incident Responders Detail Top Ransomware and Business Email Compromise TacticsThere's no need to invest into sophisticated hacking operations when moving fast and exploiting well-trod techniques gives threat actors all the access they want. Threat actors are prioritizing "low-complexity entry points, rather than investing in sophisticated exploits," say incident responders.
Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths
Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says