Red Hat, GitHub Cyberattack Exposes Customer Information
Hackers breached Red Hat and GitHub in coordinated attacks and stole customer data, underscoring risks even in widely trusted development platforms.
Read More
Velociraptor DFIR Abused as New Tool for Cyber Espionage
Cybercriminals have found a way to turn Velociraptor an open-source DFIR and endpoint monitoring tool into a stealthy persistence mechanism, deploying hidden backdoors on compromised systems. Security researchers warn that trusted forensic tools are increasingly being repurposed for post-exploitation control.
UK issues major LastPass data breach fine following 2022 incident
UK regulators have fined LastPass for security failures linked to the 2022 breach that exposed vault metadata for 16 million users. The incident revealed significant operational gaps and raised industry-wide questions about password-management safety.
TruffleNet: Stolen AWS Keys, SES Abuse, BEC Defense
TruffleNet validates stolen AWS keys, profiles accounts, and abuses Amazon SES to run high-leverage BEC. Therefore, clamp down on access keys, isolate SES to a low-trust account, and alert on first-seen identity actions. Consequently, you deny validation, break pivots, and stop invoice fraud before it lands.
Europe Moves Away From Big Tech Companies Toward Local Tech
Europe moves away from big tech companies toward regional technology alternatives driven by privacy, compliance, and digital sovereignty priorities.
Four-Year Sentence for Student Behind PowerSchool Data Breach
A college student has been sentenced to four years in federal prison for orchestrating a PowerSchool cyberattack that compromised sensitive education data. The case highlights growing concerns over insider-driven breaches targeting school information systems.
Russia Adds 24-Hour SIM Cooling-Off After Roaming
Russia introduced a 24-hour SIM cooling-off period after roaming or 72 hours of inactivity. Consequently, data and SMS pause while operators run anti-abuse checks, verify identity, and restore access in stages.
MuddyWater retro game loader: new stealth tactic explained
The Iran-linked APT MuddyWater has resurfaced with a new, stealthy malware loader disguised as a retro Snake-style game. The loader delivers a memory-only backdoor to Israeli targets. This shift shows how APTs increasingly combine social-engineering and covert execution to bypass defenses.
Microsoft Patches IE Mode Bug Exploited in Targeted Attacks
Microsoft has restricted Internet Explorer (IE) Mode in Edge after discovering it was exploited in targeted attacks. The vulnerability, now patched, allowed threat actors to bypass modern security controls by abusing legacy IE components embedded within enterprise browsers.
Instagram Data Leak Exposes Sensitive Information of Millions
An Instagram data leak affecting roughly 17.5 million accounts highlights how large-scale data aggregation and third-party exposure continue to threaten user privacy.