LATEST POST
TalkTalk investigates breach after data for sale on hacking forum
Bleeping Computer reports: UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. “As part of our regular security monitoring, given our ongoing focus on protecting customers’ personal data, we were made aware of unexpected access to, and misuse of, one […]
ChatGPT API flaw could allow DDoS, prompt injection attacks
Another day, another vulnerability. CSO Online reports that a researcher discovered an OpenAI development oversight that could allow attackers to launch DDoS attacks on unsuspecting victims: OpenAI-owned ChatGPT might have a vulnerability that could allow threat actors to launch distributed denial of service (DDoS) attacks on unsuspecting targets. According to a discovery made by German security researcher […]
WORST Healthcare Breach Ever: 1 in 2 Americans affected by UnitedHealth ransomware attack, new disclosure shows
The Minnesota Star Tribune reports: UnitedHealth Group says the impact from the cyberattack last year at its Change Healthcare subsidiary is much wider than previously understood, affecting roughly 190 million patients — up from previous estimates of about 100 million people. The updated tally extends the scope beyond what was previously described by company Chief Executive Andrew […]
Simple STARLINK Bug Let Hackers Control Every Connected Subaru
Security researchers gained complete control of Subaru vehicles worldwide using only basic customer information like license plates or ZIP codes Motor Illustrated reports: Security researchers discovered a critical vulnerability in Subaru‘s STARLINK connected vehicle service that allowed unauthorized access to vehicles and customer data across the United States, Canada, and Japan, according to a blog post published by […]
Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management
Another day, another critical patch. The Register reports: Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices. Cisco Meeting Management is the management software for the tech giant’s on-premises video meeting platform. […]
PowerSchool data breach a ‘statewide issue,’ more than 300,000 teachers had SS number exposed
On December 28, PowerSchool discovered that its Student Information System (SIS) program had been compromised. Since then, more and more schools in the U.S. and Canada have been notifying parents and students that student information stored in the system — including a lot of historical data on former students — was involved in the breach. […]
New York State Department of Financial Services Secures $2 Million Cybersecurity Settlement with PayPal, Inc.
PayPal’s Cybersecurity Failures Led to the Exposure of Customers’ Social Security Numbers January 23, 2025 New York State Department of Financial Services Superintendent Adrienne A. Harris today announced that PayPal, Inc. (PayPal) will pay a $2 million penalty to New York State for violations of DFS’s Cybersecurity Regulation. An investigation determined PayPal failed to use qualified […]
NYS Attorney General James Announces Court Win Allowing Lawsuit Against Citibank to Continue
Citi cannot dodge lawsuit over failure to protect customer accounts from fraud A press release issued by AG James on January 21: NEW YORK – New York Attorney General Letitia James today announced a significant victory in her case against Citibank (Citi) after a judge denied Citi’s motion to dismiss the Office of the Attorney […]