Data Security News
The Hacker News
- Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentialsby [email protected] (The Hacker News)
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets […]
- Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expandsby [email protected] (The Hacker News)
The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the […]
- Redefining Cyber Value: Why Business Impact Should Lead the Security Conversationby [email protected] (The Hacker News)
Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still […]
- Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malwareby [email protected] (The Hacker News)
An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The […]
- DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedownby [email protected] (The Hacker News)
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains […]
- Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCIby [email protected] (The Hacker News)
Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, […]
- Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader Appby [email protected] (The Hacker News)
Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing (aka vishing) campaigns designed […]
- Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloadsby [email protected] (The Hacker News)
Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting […]
Graham Cluley Blog
- The AI Fix #53: An AI uses blackmail to save itself, and threats make AIs work betterby Graham Cluley
In episode 53 of The AI Fix, our hosts suspect the CEO of Duolingo has been kidnapped by an AI, Sergey Brin says AIs work better if you threaten them […]
- Damascened Peacock: Russian hackers targeted UK Ministry of Defenceby Graham Cluley
The UK’s Ministry of Defence has revealed that it was the target of a sophisticated cyber attack that saw Russia-linked hackers pose as […]
- Interlock ransomware: what you need to knowby Graham Cluley
"We don’t just want payment; we want accountability." The malicious hackers behind the Interlock ransomware try to justify their attacks. Learn […]
- Smashing Security podcast #419: Star Wars, the CIA, and a WhatsApp malware mirageby Graham Cluley
Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world's hotspot for scam call centres? And can a […]
- Adidas customers’ personal information at risk after data breachby Graham Cluley
Lovers of Adidas clothes would be wise to be on their guard against phishing attacks, after the German sportswear giant revealed that a cyber attack […]
- The AI Fix #52: AI adopts its own social norms, and AI DJ creates diversity scandalby Graham Cluley
In episode 52 of The AI Fix, our hosts watch a non-existent musical about garlic bread, Graham shares a summer reading list of books that don't […]
- 3AM ransomware attack poses as a call from IT support to compromise networksby Graham Cluley
Cybercriminals are getting smarter. Not by developing new types of malware or exploiting zero-day vulnerabilities, but by simply pretending to be […]
- DOJ charges 12 more in $263 million crypto fraud takedown where money was hidden in squishmallow stuffed animalsby Graham Cluley
Crypto fraud meets cuddly toys! US authorities have charged a group accused of stealing $263 million in cryptocurrency - and then laundering the […]
Infosecurity Magazine
- #Infosec2025: Cybersecurity Lessons From Maersk’s Former CISO
2017 ransomware attack on shipping company A P Moller Maersk marked a turning point for the cybersecurity industry, according to its former CISO Adam […]
- #Infosec2025: DNS Hijacking, A Major Cyber Threat for the UK Government
During Infosecurity Europe 2025, Nick Woodcraft, from the UK Government, shared his experience in implementing measures to protect domains within the […]
- #Infosec2025: Ransomware Victims Urged to Engage to Take Back Control
Engagement with ransomware actors doesn’t necessarily mean payment; it’s about getting the best outcomes, a leading negotiator had argued
- #Infosec2025: Know Your Audience to Make an Impact, CISOs Tell Their Peers
A panel of CISOs at Infosecurity Europe urged their peers to use risk management and clear communication to tame a chaotic cyber landscape
- #Infosec2025: Threat Actors Weaponizing Hardware Devices to Exploit Fortified Environments
Sophisticated nation-state and cybercriminal groups are using insiders to infect targets via hardware devices, despite a lack of reporting of this […]
- #Infosec2025: Defenders and Attackers are Locked in an AI Arms Race
Malicious actors are making more use of AI in attacks, even as governments look to boost AI investments
- #Infosec2025: Seven Steps to Building a Mature Vulnerability Management Program
At Infosecurity Europe 2025, Axonius’ Jon Ridyard proposed seven best practices to build mature vulnerability management processes
- #Infosec2025: Securing Endpoints is Still Vital Amid Changing Threats
Endpoint and network security is still essential, even as malicious actors turn to supply chains, identities and AI
Dark Reading News
- Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloudby Kristina Beek, Associate Editor, Dark Reading
The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as […]
- Backdoored Malware Reels in Newbie Cybercriminalsby Kristina Beek, Associate Editor, Dark Reading
Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August […]
- Questions Swirl Around ConnectWise Flaw Used in Attacksby Rob Wright
ConnectWise issued a patch to stave off attacks on ScreenConnect customers, but the company's disclosures don't explain what the vulnerability is and […]
- Finding Balance in US AI Regulationby John Hurley
The US can't afford to wait for political consensus to catch up to technological change.
- Iranian APT 'BladedFeline' Hides in Network for 8 Yearsby Alexander Culafi, Senior News Writer, Dark Reading
ESET published research on the Iranian APT "BladedFeline," which researchers believe is a subgroup of the cyber-espionage entity APT34.
- Cybersecurity Training in Africa Aims to Bolster Professionals' Ranksby Robert Lemos, Contributing Writer
The United Nations, Carnegie Mellon University, and private organizations are all aiming to train the next generation of cybersecurity experts, boost […]
- 35K Solar Devices Vulnerable to Potential Hijackingby Kristina Beek, Associate Editor, Dark Reading
A little more than three-quarters of these exposed devices are located in Europe, followed by Asia, with 17%.
- Vishing Crew Targets Salesforce Databy Jai Vijayan, Contributing Writer
A group that Google is tracking as UNC6040 has been tricking users at many organizations into installing a malicious version of a Salesforce app to […]
