Blog

Inside Source Says Chinese Government Has Privately Admitted to Ordering Volt Typhoon Cyber Attacks

China made the seeming admission at a secret meeting taking place in Geneva in December. The WSJ source said that the admission of Volt Typhoon cyber attacks was not entirely direct, rather “somewhat ambiguous” in nature but still enough to “startle” US officials.
MITRE CVE Program Safe Until Early 2026, But What Happens Then?

After an abrupt notice of the end of funding for the Common Vulnerabilities and Exposures (CVE) program caused a small panic in the cybersecurity world, it appears that a contract extension option exercised by CISA will keep it safe at least until March 2026.
Years-Long Security Breach at National Bank Regulator Leads to 150,000 Stolen Emails

During the roughly year-and-a-half that the security breach was active, about 100 email accounts were monitored by the attacker and it is estimated that they viewed about 150,000 messages in total.
Cyber Attacks on Australian Superannuation Funds Appeared to Use Recycled Passwords

Early indications are that a recent rash of cyber attacks on Australia’s biggest superannuation funds were a credential stuffing campaign making use of information from older data breaches. The attacks compromised at least a few hundred accounts and led to the theft of at least AUD 500,000.
Serious WhatsApp Vulnerability Allows Concealment of Executables as Images and Documents

Versions prior to 2.2450.6 of the Windows client are subject to a WhatsApp vulnerability that allows threat actors to attack users via file attachments that look innocuous, such as image files.
Oracle Tested on Data Breaches, Gets Low Marks For Transparency

Oracle is presently dealing with the fallout of either one or two data breaches, apparently depending upon who’s doing the asking. Recent March breach of Oracle Cloud appears to be information only available to some of the company’s larger clients, at least going by recent news reports.
Was the Data Leak of 2.8 Billion Twitter/X User Profiles the Work of a Laid-off Employee?

Many questions remain about the data leak: if it was in fact the work of a former employee, if it was a matter of revenge for Musk’s sweeping layoffs, and if the entirety of the new information is in fact new and accurate.
Massive Oracle Cloud Data Breach Impacts Unknown Number of Clients

It’s unclear how many of the 140,000 or so Oracle Cloud clients have suffered damage from the recent data breach, but the keys the attackers claim to have raise a lot of alarm.
Has DeepSeek Become a Malware Machine? New Research Finds Guardrails are Weak

The report takes DeepSeek R1 to task for its poor guardrails, documenting the creation of malware including a basic keylogger and several types of ransomware via very basic sorts of prompt hacking that other major models long ago addressed.
Organized Crimes Going High-Tech With AI-Powered Tools, Europol Warns

Types of organized crimes seeing outsized benefit from AI-powered tools include human trafficking and all types of illicit international smuggling, waste management fraud, and of course a spectrum of cyber attacks. Europol also notes use by state-sponsored hacking groups in disruption and propaganda campaigns.

Blog

Got a Question?