China-linked hackers have been using misconfigured Cisco security products to deploy backdoors on target networks for at least the past several weeks. The hacker group, which Cisco tracks as UAT-9686, has been taking advantage of an insecure setting in Cisco’s AsyncOS software, which powers the company’s email and web security devices and virtual platforms, Cisco…
Credit report and identity verification services provider 700Credit has disclosed a data breach impacting more than 5.8 million individuals. 700Credit is the largest provider of credit checks, identity verification, fraud detection, and compliance services for automotive, marine, powersports, and RV dealers in North America. It serves roughly 18,000 dealerships. The incident, the company says, was…
A ransomware operation has discovered it can target large corporations by going after network security devices pitched to smaller enterprises. The market for SonicWall SSL VPN devices tends to be small- and medium-sized firms – but when those businesses are bought by larger businesses, the devices suddenly are part of a network worth real money…
Hackers are hijacking U.S. radio transmission equipment to broadcast bogus emergency messages and obscene language, the Federal Communications Commission said on Wednesday. In a public notice, opens new tab, the FCC said a “recent string of cyber intrusions against various radio broadcasters” had occurred, resulting in the issuance of the U.S. Emergency Alert System’s “Attention Signal.”…
Cybersecurity giant CrowdStrike has confirmed the termination of an insider who allegedly provided sensitive internal system details to a notorious hacking collective. The incident, which came to light last week, involved the leak of internal screenshots on a public Telegram channel operated by the threat group known as “Scattered Lapsus$ Hunters.” The leaks surfaced when…
Hackers are turning everyday web browsers into remote-control tools using a new command-and-control (C2) platform called Matrix Push C2, according to BlackFog research. The browser‑native, fileless framework abuses legitimate web push notification features to deliver malware, phishing pages, and data theft campaigns across Windows, macOS, Linux, and mobile platforms. Instead of dropping traditional malware binaries…
A critical vulnerability in Microsoft Entra could have let hackers access any user account. The flaw affected key authentication processes, allowing normal security checks to be bypassed. Microsoft released a patch quickly, but accounts that are not updated remain exposed. Experts urge immediate action to protect sensitive information. Applying the latest updates promptly ensures personal…
The new hacking group, which claimed to have stolen confidential source code and sensitive project files from SK Telecom last month, is now threatening to leak that data if the telecommunications giant doesn’t start negotiations. The previously unheard-of ransomware group, CoinbaseCartel, apparently hoping to garner attention for itself and get a ransom payout from the…
Crimson Collective, cyber criminal gang claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach of one of its GitLab instances. This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network and platforms. Red…
Google warns its 1.8 billion Gmail users about a new cybersecurity threat called indirect prompt injections, where hackers hide malicious commands in emails. Google warns of wave of new threats This threat affects not just people but also businesses and governments, in a post Google explained the danger, “With the rapid adoption of generative AI,…
