US Government Considers National Ban on TP-Link Routers Over Chinese Security Risks
Federal agencies are investigating Chinese-made TP-Link routers for potential national security threats after Microsoft revealed government-backed hackers had compromised the devices. The proposed ban, which could take effect next year, reflects growing US-China tensions over technology and security concerns.
LastPass Breach Sparks $45M Cryptocurrency Heist Wave
A catastrophic LastPass security breach has led to over $45 million in cryptocurrency thefts affecting more than 150 users since 2022. The latest attack before Christmas saw hackers steal $5.36 million from approximately 40 users, highlighting ongoing vulnerabilities from the initial breach.
CISA Updates National Cybersecurity Response Framework, Seeks Public Input
CISA has released a major draft update to the National Cyber Incident Response Plan, the first since 2016, incorporating modern threat responses and cross-sector collaboration frameworks. The updated plan, developed with over 150 experts from 66 organizations, is open for public comment through January 2025.
Massive Malvertising Campaign Spreads Lumma Malware Through Fake CAPTCHA Scam
Cybercriminals have launched a sophisticated attack reaching millions of users through compromised ad networks, using fake CAPTCHA verification pages to distribute the Lumma information stealer. The campaign generates over 1 million daily ad impressions across 3,000+ websites, targeting sensitive data like banking credentials and personal files.
Arctic Wolf's $160M Acquisition of BlackBerry's Cylance Reshapes Cybersecurity Landscape
Arctic Wolf's strategic $160M acquisition of BlackBerry's Cylance endpoint security business combines AI-powered protection with advanced security operations. The deal includes cash payments and company shares, positioning Arctic Wolf for market expansion while maintaining service continuity for existing customers.
Critical Security Flaws Found in Smart Car Camera Systems
Researchers uncover serious vulnerabilities in cloud-connected vehicle cameras that could allow hackers to access private location data and footage. While one vendor has patched the security holes, another remains exposed despite being notified over a year ago.
Hackers Turn the Tables: 390,000 WordPress Credentials Stolen in Supply Chain Attack
A sophisticated hacking group dubbed MUT-1244 executed a year-long campaign targeting cybercriminals and researchers through trojanized software tools. The attackers successfully stole over 390,000 WordPress credentials along with other sensitive data using deceptive GitHub repositories and infected npm packages.
HeartCrypt: The $20 Malware Service Making Cyber Attacks More Accessible
A new malware packing service called HeartCrypt has emerged, allowing criminals to hide malicious code in legitimate-looking software for just $20. The service's sophisticated concealment techniques and growing adoption by cybercriminals highlight evolving threats in the cybersecurity landscape.
Major Data Breach at Byte Federal Exposes 58,000 Bitcoin ATM Users' Personal Data
A significant security breach at Byte Federal, a leading US Bitcoin ATM operator, has compromised sensitive data of 58,000 customers through a GitLab vulnerability. The breach exposed personal information including government IDs and transaction records, prompting immediate security measures and customer warnings.
Critical Security Flaws Found in 336,000 Exposed Prometheus Monitoring Servers
Researchers discovered over 336,000 Prometheus monitoring servers and exporters exposed online, leaking sensitive data and vulnerable to DoS attacks. The investigation revealed plaintext passwords, authentication tokens, and internal API addresses were accessible, while also identifying risks from 'repojacking' vulnerabilities.