EmeraldWhale, a global threat actor, has stolen over 15,000 cloud account credentials by exploiting misconfigured Git configuration files in a campaign that targeted approximately 67,000 URLs.
View full story…

Over the past five years, Chinese state-sponsored cyber threats have infiltrated at least 20 Canadian government networks, targeting sensitive information and conducting cyber-espionage amid rising geopolitical tensions.
View full story…

A recent report reveals that 81% of US small businesses experienced a data breach last year, prompting many to enhance their cybersecurity measures in response to escalating threats.
View full story…

The “Enterprise Identity Threat Report 2024” highlights that many organizations are at risk of data breaches due to weak credentials, shadow identities, and inadequate password security, with a significant portion of corporate logins occurring without proper protection.
View full story…

Noma has unveiled a new application security platform, backed by $32 million in funding, aimed at addressing the unique security challenges of the Data & AI Lifecycle, particularly in mitigating vulnerabilities associated with AI technologies.
View full story…

The UK Cyber Security and Resilience Bill, aligning with the EU’s NIS2 directive, aims to enhance cybersecurity by expanding regulations to cover critical infrastructure and a wider range of digital services.
View full story…

A new malware campaign, utilizing a deceptive Python package named “CryptoAITools,” is targeting developers and cryptocurrency enthusiasts by extracting sensitive information and draining assets from their wallets.
View full story…

The recently patched CrossBarking vulnerability in the Opera web browser allowed malicious extensions to exploit non-public APIs, leading to unauthorized access and harmful actions such as hijacking accounts and modifying browser settings.
View full story…

On October 29, 2024, Apple issued critical security updates for iOS 18.1, iPadOS 18.1, and macOS 15.1, fixing 77 vulnerabilities including issues that could allow unauthorized access and data leaks.
View full story…

North Korean threat actor Jumpy Pisces has shifted from cyberespionage to financially motivated attacks by collaborating with the Play ransomware group, leading to significant cyber incidents affecting approximately 300 organizations.
View full story…

The SYS01stealer campaign, active since early 2023, targets Facebook business accounts through malvertising to steal sensitive data and distribute malware.
View full story…

FakeCall, an advanced Android banking Trojan, hijacks calls to bank customer support, enabling attackers to extract sensitive data from unsuspecting users.
View full story…

The United States government is investigating a significant cybersecurity breach involving unauthorized access to telecommunications infrastructure by a Chinese cyber espionage group known as Salt Typhoon, which has targeted high-profile individuals, including members of the Trump family and officials from the Biden administration, raising serious national security concerns.
View full story…

Recent outages involving CrowdStrike and Verizon underscore the critical need for robust security measures and monitoring to protect against potential disruptions in essential services.
View full story…