Zacks Investment hit in data breach – 12 million users potentially at risk

A report by BleepingComputer cites a thread posted on an underground hacking forum claiming to have breached Zacks in June 2024, gaining sensitive information on 12 million people, including names, usernames, email addresses, postal addresses, and phone numbers. The forum Read More …

Israel: Extortionists posed as women online, trapped victims with intimate photos

Two men were arrested on Thursday for operating a sophisticated sexual extortion network. According to the investigation, they posed as women on social media lured victims into sending intimate photos, and then threatened to expose the images unless they paid Read More …

Active Exploitation of Critical Vulnerability Chain in SimpleHelp

SimpleHelp has released security updates to address one critical and two high severity vulnerabilities in SimpleHelp. SimpleHelp is a remote monitoring and management (RMM) tool that allows administrators and service desk technicians to provide remote support and monitor devices on Read More …

China’s Salt Typhoon hackers continue to breach telecom firms despite US sanctions

Security researchers say the Chinese government-linked hacking group, Salt Typhoon, is continuing to compromise telecommunications providers, despite the recent sanctions imposed by the U.S. government on the group. In a report shared with TechCrunch, threat intelligence firm Recorded Future said Read More …

Storm-2372 conducts device code phishing campaign

Microsoft discovered cyberattacks being launched by a group they call Storm-2372, who they assess with medium confidence aligns with Russia’s interests and tradecraft. The attacks appear to have been ongoing since August 2024 and have targeted governments, NGOs, and a Read More …

Spyware maker caught distributing malicious Android apps for years

Italian spyware maker SIO, known to sell its products to government customers, is behind a series of malicious Android apps that masquerade as WhatsApp and other popular apps but steal private data from a target’s device, TechCrunch has exclusively learned. Read More …

Upper Michigan: Cyber attack hits Sault Tribe offices

A ransomware attack that shut down gaming at all five Kewadin Casino locations also impacted other offices at an eastern Upper Peninsula tribe. The tribe made the announcement Monday and said it could be a week or more before regular Read More …

Ivanti Releases February 2025 Security Updates

Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products. In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides Read More …

SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024-53704)

A proof-of-concept (PoC) exploit has been published by security researchers for an authentication bypass vulnerability in the SonicOS SSL VPN component. SonicWall appliances provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. SonicWall formally disclosed and released security updates addressing Read More …