Troy Hunt

MAY 8, 2025

Their Office of Cyber-Security & Information Assurance (OCSIA) now has free and open access to query the government domains of their jurisdiction. Today we welcome the 39th government and first self-governing British Crown Dependency to Have I Been Pwned, The Isle of Man.

Government 301

Government 301

Krebs on Security

FEBRUARY 6, 2025

The device information shared, combined with the user’s Internet address and data gathered from mobile advertising companies , could be used to deanonymize users of the DeepSeek iOS app, NowSecure warned. Image: NowSecure. “Since this protection is disabled, the app can (and does) send unencrypted data over the internet.”

Risk 285

Risk Artificial Intelligence Mobile Encryption 285

Schneier on Security

APRIL 28, 2025

Greek authorities, in cooperation with INTERPOL, traced the IP address to Windscribe’s infrastructure and, unlike standard international procedures, proceeded to initiate criminal proceedings against Sak himself, rather than pursuing information through standard corporate channels.

VPN 249

VPN Internet Internet Data collection 249

Schneier on Security

APRIL 17, 2025

“The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution our vendor uses operates on-device, which means there is no collection of any biometric information when you scan your face.

Hacking 211

Hacking Media 211

Schneier on Security

APRIL 16, 2025

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled , as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal.

CSO 317

CSO Government Software Cybersecurity 317

Krebs on Security

NOVEMBER 9, 2024

. “Cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” the FBI warned. Don’t be discouraged.

Hacking 280

Hacking Accountability Government Social Engineering 280

Schneier on Security

JANUARY 17, 2025

They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. A few days ago I started getting phishing SMS messages with a new twist. But because they came from unknown phone numbers, the links did not work.

Social Engineering 293

Social Engineering Engineering Phishing 293

The Last Watchdog

NOVEMBER 12, 2024

But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. This could dovetail with a national information privacy law. The last thing we need is a patchwork of 50 different laws across the States.

CISO 263

CISO CSO Risk Cyber threats 263

Adam Shostack

JANUARY 2, 2025

I explained that Microsoft could fix ransomware tomorrow, and was surprised that the otherwise well-informed people I was speaking to hadn't heard about this approach. My latest article at Dark Reading is Microsoft Can Fix Ransomware Tomorrow. It starts: Recently, I was at a private event on security by design.

Ransomware 246

Ransomware Encryption Software 246

Troy Hunt

NOVEMBER 13, 2024

I am interested in finding how my information ended up in your database. That last one seems perfectly reasonable, and fortunately, DemandScience does have a link on their website to Do Not Sell My Information : Dammit! So, he asked them: I seem to have found my email in your data breach. If, like me, you're part of the 99.5%

Data breaches 319

Data breaches Passwords B2B Technology 319

Krebs on Security

NOVEMBER 19, 2024

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. If you have any additional information about this incident, please reach out to krebsonsecurity @ gmail.com or at protonmail.com. This is a developing story.

Data breaches 294

Data breaches Banking Cybercrime Advertising 294

Schneier on Security

MAY 2, 2025

It’ll combine personal information about you, transactional data that you are a party to, and general information about the world. I joined Inrupt years ago because I thought that Solid could do for personal data what HTML did for published information. This Active Wallet is an example of an AI assistant.

Data privacy 239

Data privacy 239

Schneier on Security

MARCH 26, 2025

It’s basically an AI-generated honeypot.

325

325

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. Image: Darkbeast, ke-la.com.

Healthcare 294

Healthcare Insurance Computers and Electronics Data breaches 294

Schneier on Security

JANUARY 16, 2025

” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to a DOJ press release , the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based

Malware 248

Malware Hacking Software 248

Schneier on Security

FEBRUARY 13, 2025

For example, the Treasury Department systems contain the technical blueprints for how the federal government moves money, while the Office of Personnel Management (OPM) network contains information on who and what organizations the government employs and contracts with.

Government 363

Government Artificial Intelligence Banking Software 363

Malwarebytes

OCTOBER 15, 2024

Broadly, Malwarebytes found that: 74% of people “consider US election season a risky time for personal information.” Distrust in political ads is broad—62% said they “disagree” or “strongly disagree” that the information they receive in US election-related ads is trustworthy. The reasons could be obvious.

Scams 139

Scams Identity Theft Cybercrime Accountability 139

Schneier on Security

NOVEMBER 8, 2024

Privacy rules also give a person the rightful ability to control their most sensitive information ­ like decisions about their health. Laws that permit training on data often limit the resharing of that same data to protect copyright or other interests.

Artificial Intelligence 343

Artificial Intelligence 343

Malwarebytes

NOVEMBER 14, 2024

Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. The entered information went straight to the phishers and allowed the criminals to monitor the emails of those employees.

Accountability 143

Accountability Banking Internet Internet 143

Security Affairs

APRIL 7, 2025

These falsely obtained credentials enable cyber criminals to successfully mimic a real-world investigation by inducing platform operators to provide extremely sensitive information. FROM ACCOUNT THEFT TO A FULL-FLEDGED SERVICE: THE EVOLUTION OF THE MODEL The phenomenon has rapidly upgraded complexity, as detailed in the Meridian Group report.

Cybercrime 138

Cybercrime Social Engineering Accountability Government 138

Security Affairs

APRIL 13, 2025

Compromised data includes full names, contact details, ID numbers, banking information, drivers license numbers, medical records and passport details. The company engaged top cybersecurity and forensic experts, informed authorities, and is actively supporting affected stakeholders. The gang claimed the theft of 2 TB of data.

Data breaches 127

Data breaches Unstructured Data Identity Theft Healthcare 127

Malwarebytes

APRIL 24, 2025

In a data breach notice on its website, Blue Shield says it had begun notifying certain members of a potential data breach that may have included elements of their protected health information. This likely included protected health information. ” The transmission of data took place between April 2021 and January 2024.

Insurance 123

Insurance Data breaches Passwords Phishing 123

Malwarebytes

JANUARY 27, 2025

Stolen information The data breach at Change Healthcare is the largest healthcare data breach in US history. However, the exposed information may include: Contact information: Names, addresses, dates of birth, phone numbers, and email addresses. Set up identity monitoring.

Data breaches 129

Data breaches Healthcare Passwords Insurance 129

Malwarebytes

FEBRUARY 25, 2025

But when the apps are installed, they steal information from the victims device that can be used to blackmail the victim. Among the stolen information are listed contacts, call logs, text messages, photos, and the devices location. The apps in the SpyLoan family offer attractive loan terms with virtually no background checks.

Passwords 145

Passwords Password Management Phishing Authentication 145

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. million in revenue.

Cybercrime 130

Cybercrime Cryptocurrency Banking Accountability 130

Krebs on Security

MARCH 27, 2025

“All observed campaigns had similar traits and shared a common objective: collecting personal information from site-visiting victims. com), and uses a similar Google Forms page to collect information from would-be members. ” Further reading: Silent Push report, Russian Intelligence Targeting its Citizens and Informants.

Phishing 213

Phishing Government Engineering Internet 213

Malwarebytes

APRIL 1, 2025

Once logged in, follow the prompts to review and confirm your tax information. The IRS’s annual Dirty Dozen list of tax scams shows common schemes that threaten your tax and financial information. And when it does, it is only to send general information and in an ongoing case with an assigned IRS employee.

Scams 139

Scams Phishing Artificial Intelligence Social Engineering 139

Malwarebytes

NOVEMBER 5, 2024

With access to your email account, a cybercriminal can find a lot of useful information about you, such as where you bank, your account numbers, your favorite shops, and more. This information could then be used for targeted cyberattacks that mention information that’s relevant to you only, leaving you more likely to fall for them.

Accountability 145

Accountability Authentication Malware Banking 145

Security Affairs

MARCH 4, 2025

HGFS information-disclosure vulnerability: the vulnerability is an information disclosurevulnerability that impacts VMware ESXi, Workstation, and Fusion. The virtualization giant confirmed that it has information to suggest that exploitation of the three flaws has occurred in the wild. CVE-2025-22226 (CVSS score of 7.1)

Hacking 113

Hacking Information Security 113

Security Affairs

JANUARY 19, 2025

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. The vulnerability allows authenticated attackers with Subscriber access to exploit a missing capability check, leading to information disclosure.

Consumer Services 125

Consumer Services Authentication Hacking 125

Security Affairs

MAY 3, 2025

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are targets of opportunity. In December 2023, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks.

Government 124

Government Ransomware Hacking Manufacturing 124

Security Affairs

APRIL 26, 2025

African multinational telecommunications company MTN Group disclosed a data breach that exposed subscribers’ personal information. The company disclosed a data breach that exposed subscribers’ personal information, it added that the incident did not impact core network, billing system,s and financial services infrastructure.

Data breaches 105

Data breaches Telecommunications Financial Services Mobile 105

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Financial information, like your banking credentials and crypto wallets.

Malware 139

Malware Adware Education Phishing 139