LATEST POST
Security bug at compliance firm Vanta exposed customer data to other users
TechRadar reports: Security and compliance automation company Vanta has confirmed sharing sensitive customer data with other customers by mistake. In a statement (via TechCrunch), the company said a change it had made in the code resulted in a security breach. In it, some sensitive data from a small subset of customers was shared with other customers. […]
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
GBHackers reports: OpenSSH has become a standard tool for secure remote management on both Linux and Windows systems. Since its inclusion as a default component in Windows 10 version 1803, attackers have increasingly exploited its presence, leveraging it as a “Living Off the Land Binary” (LOLBIN). This means adversaries use trusted system tools ssh.exe to evade detection […]
0day for vBulletin: PoC is already online, but no one is installing the patch
When criminals note that there is an unpatched vulnerability, expect more attacks to follow. A Russian-language forum recently picked up a report from SecurityLab.ru. It begins (translation): Popular forums on vBulletin have once again been found to have holes through which arbitrary code can be executed directly on the server – without a login and […]
Victim Pays $800,000 in Bitcoin—But the Chat Was Not Private as Claimed by Akira
Ransomware gangs will swear not to reveal that you were a victim if you pay their ransom demands. SBut if they fail to secure their negotiation chat servers, researchers and intel analysts can discover who their victims are and shoulder-surf any negotiations or payment arrangements. The SuspectFile blog reports on another case like that where […]
Customers questioned top super fund about security weakness before cyberattacks
Australia’s biggest superannuation fund was questioned by its own clients about a security weakness in its accounts before cybercriminals stole hundreds of thousands of dollars in retirement savings. ABC Australia reports: Two AustralianSuper customers have told the ABC they had asked for multi-factor authentication (MFA) on their accounts but were rebuffed — one of them […]
FBI investigating efforts to impersonate White House chief of staff Susie Wiles
Yet another member of President Trump’s staff has been caught up in a data security incident. The Guardian reports: The FBI is investigating an apparent impersonator who pretended to be the White House chief of staff, Susie Wiles, in texts and calls to her contacts, including prominent Republicans. Wiles has privately informed colleagues that the contacts in her personal cellphone […]
DOXXED: Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
The Register reports that a mystery whistleblower calling himself “GangExposed” has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked […]
Hogan Lovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
Hogan Lovells has released a new guide exploring data protection and security developments in the APAC area. The guide reviews: Download the Asia-Pacific Data, Privacy, and Cybersecurity Guide 2025.