The cybercriminal group known as Mimo has shifted its focus from Craft CMS to Magento ecommerce platforms, escalating its attacks on high-value financial targets. In its latest campaign, Mimo hacks Magento systems by exploiting vulnerabilities in PHP-FPM, allowing unauthorized access to sensitive customer data and backend controls. Researchers at DATADOG Security Labs uncovered the campaign […]
Brave Software has announced that its privacy-centric browser will prevent Microsoft’s Windows Recall from capturing screenshots of browser windows. This move, described as a default setting, aims to shield users from potential privacy intrusions tied to the controversial Windows feature. Brave blocks Windows Recall to ensure that sensitive browsing activity remains confidential and inaccessible to […]
Multiple hacking groups, including state-sponsored actors from China, have exploited a Microsoft SharePoint flaw in outdated, on-premises versions of the collaboration platform. The vulnerability emerged after Microsoft attempted to patch a known issue in legacy systems but failed to secure it fully. Cybersecurity researchers observed a rise in intrusions following the flawed update. Attackers are […]
Law enforcement officials in France and Ukraine, with support from Europol, have arrested the alleged administrator of xss[.]is, a notorious Russian-speaking cybercrime platform. The suspect, detained in Kyiv on July 22, is believed to have operated the forum, which had over 50,000 users and facilitated illegal trade in stolen data and cybercrime services. Authorities described […]
Clorox has filed a lawsuit against Cognizant, accusing the IT services firm of gross negligence that allegedly enabled a major cyberattack in August 2023. Clorox sues Cognizant over a reported incident in which a help desk employee reset an internal user’s password without verifying the caller’s identity. The company claims this lapse allowed hackers to […]
The White House unveiled a new AI action plan aimed at bolstering the cybersecurity of U.S. critical infrastructure. As part of the initiative, Trump pushes AI to shield national systems from emerging threats by integrating artificial intelligence into digital defense strategies. The plan urges operators of essential services, such as energy and transportation, to adopt […]
OpenAI has started rolling out a new feature in its ChatGPT web app that allows users to choose from different personality modes. As OpenAI adds personality modes, users can now customize how the chatbot interacts with them, selecting from options such as a straightforward “Robot” tone. The update aims to make ChatGPT more suited for […]
A critical vulnerability in Microsoft SharePoint enabled cybercriminals to breach multiple government entities, with the US nuclear agency hacked among the confirmed targets. The attackers exploited the flaw to gain unauthorized access to sensitive systems, signaling a troubling escalation in cyberthreats against national infrastructure. In addition to the US nuclear agency hack, the breach impacted […]
Russia taps Kyrgyz crypto exchanges to sidestep international sanctions, according to a new report by blockchain intelligence firm TRM Labs. The report reveals that entities facing sanctions have repeatedly used platforms registered in Kyrgyzstan to conduct financial transactions. Researchers say the activity highlights growing concerns over how digital assets can enable illicit financial flows across […]
The UK government plans to outlaw ransom payments by public sector bodies in response to mounting cyber threats. The move, part of a wider strategy to harden national cyber defenses, signals a clear intent by the UK to ban ransomware payments across government institutions. Authorities classify ransomware as the country’s most severe cybercrime risk, with […]
Cisco is facing a critical security crisis after researchers discovered multiple severe vulnerabilities in its network access control platform. These Cisco Security Flaws Under Exploit allow remote attackers to execute arbitrary code on affected systems without needing authentication, posing a significant threat to enterprise networks. The defects carry the highest severity rating, heightening concerns about […]
Cyware has joined forces with Carahsoft Technology to deliver advanced cyber defense capabilities to government agencies across the United States. The partnership aims to help state, local, tribal, and territorial entities gain access to AI-driven threat intelligence and automation tools. By leveraging established procurement channels, the Cyware Carahsoft expansion enables public sector organizations to strengthen […]