That attempt was one of multiple “extremely large” ransom demands made by LockBit over the years, authorities said.

Hello BreachForums Community,Today, I am selling the entire data breach belonging to Europol. Thank...

Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key.

Follow us on Twitter (X) @Hackread - Facebook @ /Hackread

Researchers have uncovered a new class of attacks called Pathfinder that can extract encryption keys and sensitive data from Intel CPUs.

A newer version of the Hijack Loader malware has been observed with updated anti-analysis techniques to evade detection.

Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems.

Organizations that eschew cyber insurance give up not only financial protection but also advice from the insurer on improving the security of their systems.

BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes.

Thousands of ID cards plus CCTV snaps of suspects found online

MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain.

The UK Government confirmed today that a threat actor recently breached the country's Ministry of Defence and gained access to part of the Armed Forces payment network.

The report provides vulnerability and exploit statistics, key trends, and analysis of interesting vulnerabilities discovered in Q1 2024.

Hackers can exploit them to gain full administrative control of internal devices.

Five years after being discovered, the Kinsing cryptojacking operation remains very active against organizations, employing daily probes for vulnerable applications using an ever-growing list of exploits.

AhnLab SEcurity intelligence Center (ASEC) has recently discovered circumstances of a CHM malware strain that steals user information being distributed to Korean users. The distributed CHM is a type that has been constantly distributed in various formats such as LNK, DOC, and OneNote from the past. ...

The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor revealed for the first time.

Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.

The major Washington, D.C., and Maryland health network says the personal data of tens of thousands of people was likely exposed when an outsider accessed emails and files belonging to three employees.

Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.

FortiGuard Labs analysis of a zEus batch stealer distributed via a crafted Minecraft source pack. Learn more.…

Passwordless authentication standards have improved identity security, but new research indicates this technology is vulnerable to token hijacks and man-in-the-middle attacks.

Demo of our DIY USB Dead Man Switch (prototype) with a 3D-Printable Case triggering a lockscreen when the kill-cord's connection is severed.

New findings suggest the ArcaneDoor cyber espionage campaign targeting network devices from Cisco (CVE-2024-20353, CVE-2024-20359).

The flaw was nearly identical to last year's CitrixBleed flaw, but not as severe.

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option.

We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.

Security pros advise teams to use demo apps such as ChatRTX mainly in a test environment.

An international coalition of police agencies have resurrected the dark web site of the notorious LockBit ransomware gang, which they had seized earlier

Finland's Transport and Communications Agency (Traficom) has issued a warning about an ongoing Android malware campaign targeting banking accounts.

The German and Czech governments on Friday disclosed that Russian military intelligence hackers targeted political parties and critical infrastructure as part of an

Enabling domain-name-based lockdown of Windows for Zero Trust deployments in future versions of Windows

ALSO: Microsoft promises to git gud on cybersecurity; unqualified attackers are targeting your water systems, and more

The growing amount of surveillance technology being deployed in the country is concerning due to Indonesia's increasing blows to civic rights.

The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets.