News Feed

Black Hat USA

Name That Toon Contest

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Rust-Written IronWorm Hits NPM Supply Chain

Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.

Brave Software releases Origin for a paid, bloat-free browsing experience

Brave has announced the public release of Brave Origin, a paid minimalist version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused features. [...]

Hola Browser for Windows compromised to deliver cryptominer

The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. [...]

China's TA4922 Expands Cybercrime Attacks Globally

One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.

4 Critical Threats Where Attackers Have the Advantage

Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]

DentaQuest data breach exposed info of 2.6 million accounts

A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. [...]

Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’

The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus.

UN food agency discloses breach affecting 600,000 Gaza households

The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]

CISA directive for AI executive order to be released this week, Andersen says

The binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the TechNet Cyber conference in Baltimore.

Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs

Organizations are growing serious about what nation’s rules apply to their data. Experts point to geopolitical tensions as a main contributing factor.

Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook

Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]

UN food agency investigates breach exposing data of Gaza aid recipients

In a message sent to aid recipients via Telegram over the weekend, the World Food Programme (WFP) said that "unauthorized parties" had accessed data stored in its self-registration application in Gaza.

Microsoft blames unexpected Windows driver updates on caching issue

On Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. [...]

Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process

The security researcher, Ammar Askar, released the new proof-of-concept exploit on his personal blog — alongside the public tracker for issues in VS Code — giving a GitHub security contact roughly one hour's notice beforehand.

Five Eyes warn Chinese spies are using job sites to recruit insiders

The alert warned that Chinese intelligence officers are posing as recruiters and consultants for front companies based outside China in order to target Five Eyes government and military personnel “and anyone with access to classified or privileged information.”