Hackers exploit FortiClient EMS flaw to push infostealer malware
… Earlier this month, cybersecurity company Arctic Wolf observed attacks leveraging the vulnerability to deliver the EKZ infostealer. …
Search
New Shai-Hulud malware wave compromises 600 npm packages
… According to application security company Socket, the hackers published 639 malicious versions across 323 unique packages in about one hour. …
Charter Communications data breach affects 4.9 million accounts
… Download Now Related Articles: 7-Eleven confirms data breach claimed by the ShinyHunters gang Home security giant ADT data breach affects 5.5 million people Data breach at edtech giant McGraw Hill affects 13.5 million accounts Charter confirms data breach after ShinyHunters extortion threat 7-Eleve… …
Microsoft Self-Service Password Reset abused in Azure data theft attacks
… To defend against Storm-2949 attacks, Microsoft recommends following security hardening and best practices that include adopting the principle of least privilege, enabling conditional access policies, adding MFA protection for all users, and ensuring phishing-resistant MFA for users with privileged… …
Microsoft Defender can now automatically isolate hacked endpoints
… "Automatic isolation helps reduce the risk of further impact on the organization, limit attacker lateral movement, and prevent impacts such as data exfiltration and ransomware propagation." Automatic device isolation works only on onboarded end-user workstations managed by Microsoft Defender for En… …
Instructure confirms hackers used Canvas flaw to deface portals
… The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger and Softpedia. …
California AG sues 23andMe over 2023 breach exposing health data
… Specifically, the firm claimed before the incident that its security met high standards. …
New PCPJack worm steals credentials, cleans TeamPCP infections
… During this initial stage, PCPJack explicitly checks for TeamPCP tooling and attempts to delete everything, thus claiming the compromise for themselves. …
Why the browser is now the front line for AI security
… Sensitive data leaves the organization through clipboard pastes and file uploads to AI tools that security teams didn't approve and can't monitor. AI browser extensions collect browsing context from internal applications, creating a data exfiltration path that operates outside traditional DLP. …