LATEST POST
0day for vBulletin: PoC is already online, but no one is installing the patch
When criminals note that there is an unpatched vulnerability, expect more attacks to follow. A Russian-language forum recently picked up a report from SecurityLab.ru. It begins (translation): Popular forums on vBulletin have once again been found to have holes through which arbitrary code can be executed directly on the server – without a login and […]
Victim Pays $800,000 in Bitcoin—But the Chat Was Not Private as Claimed by Akira
Ransomware gangs will swear not to reveal that you were a victim if you pay their ransom demands. SBut if they fail to secure their negotiation chat servers, researchers and intel analysts can discover who their victims are and shoulder-surf any negotiations or payment arrangements. The SuspectFile blog reports on another case like that where […]
Customers questioned top super fund about security weakness before cyberattacks
Australia’s biggest superannuation fund was questioned by its own clients about a security weakness in its accounts before cybercriminals stole hundreds of thousands of dollars in retirement savings. ABC Australia reports: Two AustralianSuper customers have told the ABC they had asked for multi-factor authentication (MFA) on their accounts but were rebuffed — one of them […]
FBI investigating efforts to impersonate White House chief of staff Susie Wiles
Yet another member of President Trump’s staff has been caught up in a data security incident. The Guardian reports: The FBI is investigating an apparent impersonator who pretended to be the White House chief of staff, Susie Wiles, in texts and calls to her contacts, including prominent Republicans. Wiles has privately informed colleagues that the contacts in her personal cellphone […]
DOXXED: Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
The Register reports that a mystery whistleblower calling himself “GangExposed” has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked […]
Hogan Lovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
Hogan Lovells has released a new guide exploring data protection and security developments in the APAC area. The guide reviews: Download the Asia-Pacific Data, Privacy, and Cybersecurity Guide 2025.
Mid-year State Privacy and Enforcement Updates
James Sherer of BakerLaw recently sent out an interesting email update on state laws, which we are passing along to our readers: If you would like to receive the firm’s CLE/weekend update emails, reach out to jsherer@bakerlaw.com.
Australian ransomware victims now must tell the government if they pay up
The Record reports: Australia became on Friday the first country in the world to require victims of ransomware attacks to declare to the government any extortion payments made on their behalf to cybercriminals. The law, initially proposed last year, only applies to organizations with an annual turnover greater than AUS $3 million ($1.93 million) alongside a smaller […]