LATEST POST
British govt agents demand action after UK mega-cyberattacks surge 50%
The Register reports: Cyberattacks that meet upper severity thresholds set by the UK government’s cyber agents have risen 50 percent in the last year, despite almost zero change in the volume of cases handled. GCHQ’s cyber arm, the National Cyber Security Centre’s (NCSC), said in its annual review published today that its incident management team handled 429 […]
Harvard investigating breach linked to Oracle zero-day exploit
Bleeping Computer reports: Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle’s E-Business Suite servers. “Harvard is aware of reports that data associated with the University has been obtained […]
Crimson Collective claims to have hacked Nintendo
Computing.co.uk reports; Notorious hacking group Crimson Collective has claimed responsibility for a major breach of Nintendo’s internal systems. Crimson Collective says it has access to sensitive production assets, developer files, and backup data. This claim was given weight by cybersecurity intelligence firm Hackmanac which shared a screenshot on X purportedly showing folders labeled “Production Assets,” “Dev Builds,” […]
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
KrebsOnSecurity.com reports: The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet’s attacks, which shattered […]
FBI Alert: Update Red Hat OpenShift AI Now
The FBI urges all organizations using Red Hat’s OpenShift AI platform to address a 9.9/10 security flaw. It allows an attacker with authenticated access to a low-privileged account to escalate privileges, potentially leading to stolen data, disrupted services, and complete takeover of the underlying infrastructure. If you have OpenShift deployed in your environment, urgent action is […]
Policyholder Plot Twist: Cyber Insurer Sues Policyholder’s Cyber Pros
Hunton Andrews Kurth writes: When a cyber incident occurs and the insurer pays out the claim, they often face the frustrating reality that pursuing the actual criminals – the threat actors – for indemnification is virtually impossible. Thus, insurers are now turning to subrogation claims against the very cybersecurity vendors entrusted by policyholders to protect […]
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions (1)
CSO reports: Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. DragonForce, Qilin, and LockBit announced the partnership in early September, with DragonForce proposing the collaboration shortly after LockBit reemerged with its LockBit 5.0 […]
Hackers claim Discord breach exposed data of 5.5 million users
Bleeping Computer reports: Discord says they will not be paying threat actors who claim to have stolen the data of 5.5 million unique users from the company’s Zendesk support system instance, including government IDs and partial payment information for some people. The company is also pushing back on claims that 2.1 million photos of government IDs […]