Supply chain attack traces back to suspected North Korea state-backed hackers exploiting an open source vulnerability that allowed malware to be inserted into legitimate software updates (signed with valid 3CX certificates).
One of the biggest dark web markets for trading in stolen identity information is now offline thanks to an international law enforcement operation that involved hundreds of raids across 17 countries.
Data breach at Nebu, a piece of marketing software used by numerous Dutch market research firms for creating surveys and maintaining contact information, impacted at least two million residents including Netherlands national railway and VodafoneZiggo.
Vulkan Files provided insight into Russian cyberwar activities including government disinformation campaigns on social media, domestic surveillance and attacks on the critical infrastructure of foreign countries.
Google’s Threat Analysis Group (TAG) finds that a group of about 30 of the world’s more serious commercial spyware vendors are peddling zero-days for Android, iOS, Chrome and Samsung’s pre-installed mobile device software.
Latitude, a major financial service provider in Australia, has lost about 14 million customer records to a data breach. The incident previously reported that 328,000 records had been exposed.
Proprietary Twitter code was sitting in a GitHub repository from early January to sometime in March. Inside anonymous sources believe that the source code leak was perpetuated by a former employee that was laid off when Musk took over.
Preventing ransomware attacks on critical infrastructure companies has been a major focus for the Biden administration, and a new program has tasked CISA with warning companies when major vulnerabilities are detected.
Attackers were able to hijack a video upload feature on the bitcoin ATMs to upload malicious JavaScript. At least 15 operators were compromised and $1.5 Million in crypto was confirmed stolen for now.
Versions of the Chinese shopping app up to the most recent release were found to have malware present. The malicious code is an attack chain that specifically targets Samsung mobile devices, first discovered in early 2021.