Category: CYBER SECURITY

UK telecommunications company TalkTalk is investigating a potential data breach involving a third-party supplier after a threat actor began offering alleged customer data for sale on a hacking forum.

UnitedHealth has confirmed that the cyberattack on its subsidiary, Change Healthcare, last February impacted around 190 million people—almost double the initial estimate.

Security researchers uncovered a critical vulnerability in Subaru’s Starlink service that could have allowed attackers to hijack and control vehicles in the U.S., Canada, and Japan using only a license plate number.

Two severe security vulnerabilities have been identified in the RealHome theme and Easy Real Estate plugin for WordPress, which could allow attackers to gain administrative access to websites without authentication.

A critical vulnerability in the 7-Zip file archiver (CVE-2025-0411) has been discovered, enabling attackers to bypass the Mark of the Web (MotW) Windows security feature.

Ransomware groups are adopting advanced techniques that combine email bombing with fake Microsoft Teams IT support calls to infiltrate company networks.

The largest DDoS attack ever recorded reached a colossal 5.6 terabits per second (Tbps), originating from a Mirai-based botnet comprising 13,000 compromised devices.

A Russian nation-state actor known as Star Blizzard has launched a new spear-phishing campaign aimed at compromising WhatsApp accounts of individuals in key sectors, including government, diplomacy, defense policy, international relations, and Ukraine aid organizations.

The Federal Trade Commission (FTC) has mandated that web hosting giant GoDaddy implement stronger security protections following years of inadequate safeguards.

The U.S. Treasury Department has imposed sanctions on a network of individuals and front companies linked to North Korea’s Ministry of National Defense.

A critical security vulnerability in the W3 Total Cache plugin poses serious risks by potentially exposing sensitive information, including metadata from cloud-based applications.

Non-profit privacy group None of Your Business (noyb) has filed formal complaints against six major companies—TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi—accusing them of illegally transferring European user data to China.

Cybercriminals are now leveraging Google search advertisements to promote phishing sites designed to steal advertisers’ credentials for the Google Ads platform.

Cybersecurity researcher Jeremiah Fowle uncovered a major data breach involving Willow Pays, a fintech company specializing in AI-powered payment solutions.

Just days ahead of Donald Trump’s inauguration as the 47th US President, the Securities and Exchange Commission (SEC) has filed a lawsuit against his best ally, Elon Musk, over an alleged securities violation related to his acquisition of Twitter (now called X) in 2022.

The U.S. Department of Justice has revealed that the FBI successfully removed the Chinese PlugX malware from over 4,200 infected computers across the United States.

A new malware campaign has compromised over 5,000 WordPress websites, allowing attackers to create unauthorized admin accounts, install malicious plugins, and steal sensitive data.

A joint report by the United States, Japan, and South Korea has revealed that North Korean hackers stole $659 million in cryptocurrency through multiple heists in 2024.

Nominet, the official registry for .UK domains and one of the largest country code registries globally, have confirmed a network breach linked to a zero-day vulnerability in Ivanti VPN software.

Apple has patched a significant macOS vulnerability that allowed attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers.