Security Affairs

MARCH 8, 2025

Quantum computers threaten to break online security in minutes, expert warns ENISA NIS360 2024 Catalan court says NSO Group executives can be charged in spyware investigation Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Data breaches 67

Data breaches Hacking Artificial Intelligence Cybercrime 67

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 109

Cryptocurrency Hacking Phishing Cyber Attacks 109

Security Affairs

FEBRUARY 2, 2025

ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling MintsLoader: StealC and BOINC Delivery Cloud Ransomware Developments | The Risks of Customer-Managed Keys New TorNet backdoor seen in widespread campaign Active Exploitation: New Aquabot Variant Phones Home How we kept the Google Play & Android app ecosystems safe in 2024 Solana (..)

Malware 72

Malware Spyware Ransomware Hacking 72

Security Affairs

JUNE 2, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 123

Data breaches VPN Cloud Migration Malware 123

Security Affairs

APRIL 21, 2024

carmaker with phishing attacks Law enforcement operation dismantled phishing-as-a-service platform LabHost Previously unknown Kapeka backdoor linked to Russian Sandworm APT Cisco warns of a command injection escalation flaw in its IMC.

Data breaches 131

Data breaches Ransomware Phishing Malware 131

Security Affairs

SEPTEMBER 14, 2024

CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M

Data breaches 122

Data breaches Computers and Electronics Spyware Cybercrime 122

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches 127

Data breaches Social Engineering Malware Hacking 127

Security Affairs

JULY 28, 2024

Ukraine’s cyber operation shut down the ATM services of major Russian banks A bug in Chrome Password Manager caused user credentials to disappear BIND updates fix four high-severity DoS bugs in the DNS software suite Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections Progress Software fixed (..)

Spyware 122

Spyware Data breaches Cybercrime Banking 122

Security Affairs

JULY 7, 2024

GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io

Data breaches 120

Data breaches Hacking Banking Spyware 120

Security Affairs

JULY 14, 2024

CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog Evolve Bank data breach impacted over 7.6 Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Their focus? million miles on U.S.

Data breaches 117

Data breaches VPN Malware Banking 117

Security Affairs

MARCH 16, 2025

CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog GitLab addressed critical auth bypass flaws in CE and EE North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities Meta warns of actively exploited (..)

Spyware 72

Spyware Cybercrime Ransomware IoT 72

SecureList

DECEMBER 9, 2024

Cisco Duo supply chain data breach What happened? User data was stolen from Cisco Duo, a service that provides organizations with multi-factor authentication (MFA) and single sign-on (SSO) network access, as a consequence of a phishing attack targeting an employee of a third-party telephony provider.

Internet 107

Internet Internet Risk Social Engineering 107

Security Affairs

JANUARY 1, 2024

TWO SPYWARE SENDING DATA OF MORE THAN 1.5M million downloads have been discovered spying on users and sending data to China. DARKBEAM LEAKS BILLIONS OF EMAIL AND PASSWORD COMBINATIONS DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches.

Cybersecurity 133

Cybersecurity Spyware Data breaches Passwords 133

Security Affairs

NOVEMBER 28, 2021

Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition HAEICHI-II: Interpol arrested +1,000 suspects linked to various cybercrimes IKEA hit by a cyber attack that uses stolen internal reply-chain emails Marine services provider Swire Pacific Offshore (SPO) hit by Clop ransomware Threat actors target crypto and (..)

Spyware 100

Spyware Data breaches Cyber Attacks Ransomware 100

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime 71

Cybercrime Artificial Intelligence Hacking VPN 71

Security Affairs

SEPTEMBER 3, 2023

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM) Social engineering attacks target Okta customers to achieve a highly privileged role Talos wars of customizations of the open-source info stealer SapphireStealer UNRAVELING EternalBlue: inside the WannaCry’s enabler Researchers released a free decryptor for the Key (..)

Social Engineering 125

Social Engineering Data breaches Spyware Malware 125

Security Affairs

APRIL 16, 2023

hacking tools and electronics A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches 98

Data breaches Spyware Retail Surveillance 98

Security Affairs

AUGUST 7, 2022

of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5%

Spyware 141

Spyware Manufacturing Small Business Surveillance 141

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 98

Spyware Hacking Malware Social Engineering 98

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS 130

DDOS VPN Data breaches Cybercrime 130

Security Affairs

MAY 24, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches 101

Data breaches Advertising Spyware Hacking 101

Security Affairs

NOVEMBER 11, 2023

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform Serbian pleads guilty to running ‘Monopoly’ dark web drug market McLaren Health Care revealed that a data breach impacted 2.2 Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams How a ‘Refund Fraud’ Gang Stole $700,000 From Amazon Info from 5.6

DDOS 127

DDOS Data breaches Ransomware Marketing 127

Security Affairs

FEBRUARY 14, 2021

COMB breach: 3.2B COMB breach: 3.2B

Phishing 111

Phishing Spyware Data breaches Surveillance 111

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware 98

Spyware Data breaches VPN Hacking 98

Security Affairs

AUGUST 29, 2021

Braun Infusomat pumps could be hacked to alter medication doses CISA publishes malware analysis reports on samples targeting Pulse Secure devices Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches Kaseya fixed two of the three Kaseya Unitrends zero-days found in July Personal Data and docs of Swiss town Rolle available on the (..)

Data breaches 107

Data breaches Spyware Hacking Ransomware 107

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 125

Spyware Surveillance DDOS Identity Theft 125

Security Affairs

JUNE 26, 2022

SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022 Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer Flagstar Bank discloses a data breach that impacted 1.5

Small Business 98

Small Business Spyware Data breaches Surveillance 98

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Spyware 111

Spyware Backups Manufacturing Data breaches 111

Security Affairs

DECEMBER 20, 2020

Hacked Subway UK marketing system used in TrickBot phishing campaign Pay2Key hackers stole data from Intels Habana Labs PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs Security Affairs Newsletter is back! Details for 1.9M Details for 1.9M

Hacking 105

Hacking Spyware Marketing Ransomware 105

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches 98

Data breaches DDOS Backups Firewall 98

Security Affairs

JULY 15, 2023

Government agencies SonicWall urges organizations to fix critical flaws in GMS/Analytics products Citrix fixed a critical flaw in Secure Access Client for Ubuntu Cl0p hacker operating from Russia-Ukraine war front line – exclusive Fortinet fixed a critical flaw in FortiOS and FortiProxy Microsoft mitigated an attack by Chinese threat actor Storm-0558 (..)

Spyware 98

Spyware Hacking Data breaches Mobile 98

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 98

Spyware Ransomware Malware Data breaches 98

Security Affairs

MARCH 4, 2023

stolen credit/debit cards Pegasus spyware used to spy on a Polish mayor Hundreds of thousands of websites hacked as part of redirection campaign MQsTTang, a new backdoor used by Mustang Panda APT against European entities Trusted Platform Module (TPM) 2.0 FiXS, a new ATM malware that is targeting Mexican banks BidenCash leaks 2.1M

Data breaches 98

Data breaches Spyware Ransomware Hacking 98

Security Affairs

AUGUST 4, 2024

US sued TikTok and ByteDance for violating children’s privacy laws Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware Investors sued CrowdStrike over false claims about its Falcon platform Avtech camera vulnerability actively exploited in the wild, CISA warns Over 20,000 internet-exposed VMware ESXi instances (..)

Spyware 123

Spyware Phishing Malware Ransomware 123

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 128

Artificial Intelligence Hacking VPN Firewall 128

Security Affairs

JUNE 21, 2020

Maze ransomware gang hacked M&A firm Threadstone Advisors LLP Ransomware attack disrupts operations at Australian beverage company Lion Tech firms suspend use of ‘biased facial recognition technology Accessories giant Claires is the victim of a Magecart attack, credit card data exposed Black Kingdom ransomware operators exploit Pulse VPN flaws (..)

DDOS 104

DDOS Spyware Advertising Mobile 104

Security Affairs

JANUARY 30, 2022

QNAP force-installs update against the recent wave of DeadBolt ransomware infections US FCC bans China Unicom Americas telecom over national security risks NCSC warns UK entities of potential destructive cyberattacks from Russia Finnish diplomats’ devices infected with Pegasus spyware Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits (..)

Ransomware 98

Ransomware Data breaches Spyware Cybercrime 98