The Chinese-linked cyberespionage group ‘Mustang Panda’ targeted U.S. government and policy-related officials with phishing emails themed around Venezuela. The campaign, uncovered by Acronis, exploited geopolitical events to infect systems and steal data. The U.S. Department of Justice recognizes Mustang Panda as a hacker group backed by China. Chinese-linked cyberespionage group, identified as ‘Mustang Panda,’…
Crimson Collective claims to have stolen PII on 1M+ Brightspeed customers, including names, emails, phone numbers, and partial payment data Brightspeed has not confirmed the breach, saying it is investigating reports of a cybersecurity event The company, headquartered in Charlotte, NC, operates fiber broadband across 20 states and serves millions of premises One of the…
Russian technology companies working on air defense, sensitive electronics and other defense applications were targeted in recent weeks by a cyber espionage group using AI-generated decoy documents, according to a cybersecurity analyst. The discovery by cybersecurity firm Intezer shows how AI tools can be easily harnessed for high-stakes operations, senior security researcher Nicole Fishbein said,…
China-linked hackers have been using misconfigured Cisco security products to deploy backdoors on target networks for at least the past several weeks. The hacker group, which Cisco tracks as UAT-9686, has been taking advantage of an insecure setting in Cisco’s AsyncOS software, which powers the company’s email and web security devices and virtual platforms, Cisco…
Credit report and identity verification services provider 700Credit has disclosed a data breach impacting more than 5.8 million individuals. 700Credit is the largest provider of credit checks, identity verification, fraud detection, and compliance services for automotive, marine, powersports, and RV dealers in North America. It serves roughly 18,000 dealerships. The incident, the company says, was…
The cybersecurity industry is on high alert following the disclosure of a critical React vulnerability that can be exploited by a remote, unauthenticated attacker for remote code execution. React (React.js) is an open source JavaScript library designed for creating application user interfaces. Maintained by Meta and a large community of companies and individual developers from…
Hackers are hijacking U.S. radio transmission equipment to broadcast bogus emergency messages and obscene language, the Federal Communications Commission said on Wednesday. In a public notice, opens new tab, the FCC said a “recent string of cyber intrusions against various radio broadcasters” had occurred, resulting in the issuance of the U.S. Emergency Alert System’s “Attention Signal.”…
Hackers are turning everyday web browsers into remote-control tools using a new command-and-control (C2) platform called Matrix Push C2, according to BlackFog research. The browser‑native, fileless framework abuses legitimate web push notification features to deliver malware, phishing pages, and data theft campaigns across Windows, macOS, Linux, and mobile platforms. Instead of dropping traditional malware binaries…
The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. Miljödata is an IT systems supplier for roughly 80% of Sweden’s municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it….
Chinese hackers pose a “highly sophisticated and capable” threat to the UK, GCHQ’s cyber security agency has warned. The warning came after the National Cyber Security Centre (NCSC) recorded a 50% increase in “highly significant” online incidents carried out by criminals and state-linked groups in the year to the end of August. The attacks on household names…
