- Ninth day of pro-Russia cyber attacks on Italian sites
February 25, 2025
A pro-Russian hacker group, Noname057(16), staged for the ninth consecutive morning on Tuesday a new wave of cyberattacks against Italian websites, specifically targeting local administrations. The provinces of Trapani, Ragusa, Caltanissetta, Enna, the municipality of Catania and the Puglia region were among those affected by the attacks. The Agency for National Cybersecurity is providing help to ...
- The GitVenom campaign: cryptocurrency theft using GitHub
February 24, 2025
In our modern world, it’s difficult to underestimate the impact that open-source code has on software development. Over the years, the global community has managed to publish a tremendous number of projects with freely accessible code that can be viewed and enhanced by anyone on the planet. With more and more open-source projects being published, both ...
- F5 Releases Quarterly Security Notification
February 24, 2025
F5 has released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IP Next. The overview of security advisories addresses 13 vulnerabilities rated as high impact, 3 rated as medium impact, and 1 as low impact. One of the high impact advisories concerns the command injection vulnerability CVE-2025-20029, which has a CVSSv4 ...
- Crypto exchange Bybit says it fully replenished reserves after record $1.5 billion hack
February 24, 2025
Bybit said it replenished its reserves following a $1.5 billion hack last week, the largest in the history of the crypto industry. In less than 72 hours, Bybit pieced together hundreds of thousands of ether tokens through a mix of emergency loans and large deposits. While the rapid recovery restored the exchange’s balance and kept customer ...
- Medixant Releases Security Update for RadiAnt DICOM Viewer
February 24, 2025
Medixant has released a security update to address an improper certificate validation vulnerability in RadiAnt DICOM Viewer. CVE-2025-1001 has a CvSSv4 score of 5.7 and could allow an attacker with privileged network access to impersonate RadiAnt’s update server. An attacker could modify the server’s response to deliver a malicious update to the user, performing a machine-in-the-middle ...
- South African Weather Service systems restored amid increasing cyber attacks
February 24, 2025
The SAWS Information and Communication Technology (ICT) systems went down on January 26 following a security breach by criminals. Aspects of critical services including aviation and marine were all interrupted. The SAWS email system and website, which is the hub of critical weather information, were also affected. The attack was the second in the space of ...
- New York amends data breach law
February 24, 2025
On December 24, New York Gov. Kathy Hochul (D) signed into law an amendment to section 899-aa of the N.Y. General Business Law, also known as The Shield Act, modifying the law’s data breach notification requirements. The amendment, which took effect immediately, incorporates provisions that other states have adopted in recent years. First, the amendment shortens ...
- Over a million clinical records exposed in data breach
February 21, 2025
Security researcher Jeremiah Fowler discovered the DM Clinical Research database containing 1,674,218 records, totaling 2TB, including names, medical information, phone numbers, email addresses, medications, and health conditions – along with other data. Although the name of the dataset indicates the details belong to DM Clinical Research, it’s not clear if this was owned and managed by ...
- Angry Likho: Old beasts in a new forest
February 21, 2025
Angry Likho (referred to as Sticky Werewolf by some vendors) is an APT group we’ve been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we’ve analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho’s attacks tend to be targeted, with a more compact infrastructure, a limited ...
- North Korean Hackers Were Behind Crypto’s Largest ‘Theft of All Time’
February 21, 2025
Blockchain analytics firm Arkham Intelligence said North Korea’s Lazarus Group was behind Bybit’s $1.46 billion hack. In an earlier post on social media platform X, Arkham offered a bounty of 50,000 ARKM tokens for anyone who could identify the attackers for Friday’s hack. Later, the platform said onchain sleuth ZachXBT submitted “definitive proof” that the attackers ...
- Apple pulls data protection feature in UK amid government demands
February 21, 2025
Apple is scrapping its most advanced security encryption feature for cloud data in Britain, the company said on Friday, an unprecedented response to government demands for access to user data. The change affects a feature called Advanced Data Protection (ADP), which extends end-to-end encryption across a wide range of cloud data. Apple said it is no ...