- Exploitation of Critical Vulnerability CVE-2025-23006 in SonicWall SMA1000 Series Appliances
January 23, 2025
SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC). SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device ...
- FBI Agents’ Call And Text Logs Potentially Stolen In Data Breach
January 23, 2025
The FBI has raised alarm that hackers who breached AT&T’s system last year may have stolen months of agents’ call and text logs, which could potentially lead to the identities of anonymous informants connected to investigations. While the hackers did not access the content of conversations, the stolen call log metadata—records of who called whom, when ...
- 7-Zip bug could allow a bypass of a Windows security feature – update now
January 22, 2025
A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that ...
- Trump administration fires members of cybersecurity review board in ‘horribly shortsighted’ decision
January 22, 2025
On Tuesday, a day after Donald Trump’s inauguration as the new U.S. president, the Department of Homeland Security told members of several advisory committees that they were effectively fired. Among the committees impacted is the Cyber Safety Review Board, or CSRB, according to sources familiar with the board who spoke to TechCrunch, as well as reporting ...
- Conduent confirms outage was due to a cybersecurity incident
January 22, 2025
U.S. government contractor Conduent, which provides technology to support services such as child support and food assistance, has confirmed that a recent outage was caused by a cybersecurity incident. Conduent confirmed the disruption, which left some U.S. residents without access to support payments, to TechCrunch on Tuesday but declined to say whether the outage was related ...
- Odds & Ends: Unraveling the Surebet Playbook
January 22, 2025
The global sports betting market has seen explosive growth in recent years, fueled by the rise of online gambling platforms, increased internet access and penetration, and the legalization of betting in numerous countries. As of 2023, research showed that the global sports betting market was valued at around $92.1 billion, with projections suggesting it could ...
- ChatGPT API vulnerability could enable large-scale DDoS attacks
January 21, 2025
A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub. According to Flesch, the flaw lies in the ...
- eCommerce data breach exposes details on half a million users
January 21, 2025
The North Pole Company, a Canadian gift basket delivery service, allegedly suffered a data breach in which half a million customers lost sensitive personal information. The claim was made on BreachForums, a popular underground community where cybercriminals come to share tools, resources, and experiences, to find partners and plan future attacks. As cybersecurity researchers from Incogni ...
- Hit by wave of cyber attacks, Japan shifts to ‘active cyber defence’
January 20, 2025
apan aims to take a more proactive approach to cyber defence by allowing hackers working for the authorities to “attack” pre-emptively to prevent or stop sabotage attempts. Under a new strategy of “active cyber defence”, Japan plans to allow hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers to neutralise the source ...
- HPE’s sensitive data exposed in alleged IntelBroker hack
January 20, 2025
IntelBroker has struck again. This time, the notorious BreachForums bigwig, which has a long list of high-profile victims, including Europol, Cisco, and GE, has claimed to have breached IT giant Hewlett Packard Enterprise (HPE). The suspected Serbian-origin hacker is offering to sell on BreachForums, sensitive data allegedly stolen from HPE including product source codes and personally ...