Russian Cyber Espionage Campaign Unmasked: GamaCopy Group Mimics Kremlin-Linked Tactics
A new hacking group dubbed GamaCopy has been discovered impersonating Russian state-backed Gamaredon's tactics to infiltrate Russian-speaking targets. The group deploys UltraVNC remote access tools through sophisticated phishing campaigns, joining other threat actors targeting Russian organizations amid the Ukraine conflict.
Critical jQuery Vulnerability Added to CISA's Known Exploited List Despite 4-Year-Old Patch
CISA has added a medium-severity jQuery vulnerability to its Known Exploited Vulnerabilities catalog due to active exploitation in the wild. The vulnerability, patched in 2020, allows attackers to execute malicious code through cross-site scripting despite existing HTML sanitization.
Critical Security Flaw in Subaru Starlink System Exposed Vehicle Control and Location Data
Security researchers discovered a major vulnerability in Subaru's Starlink system that could allow hackers to track vehicle locations and control door locks through compromised admin accounts. The flaw, which affected vehicles across multiple countries, was swiftly patched after disclosure but highlights growing cybersecurity risks in connected cars.
Critical Wi-Fi Security Flaw Threatens Global Internet Connectivity
Researchers uncover major vulnerability in MU-MIMO technology that could impact billions of Wi-Fi devices worldwide. The security flaw allows attackers to degrade network speeds and requires fundamental changes to Wi-Fi standards for remediation.
Global Password Security Crisis: Malware Steals Over 1 Billion Credentials in 2024
A staggering report reveals malware attacks led by Redline, Vidar, and Raccoon Stealer compromised over 1 billion passwords in 2024, despite strong complexity measures. The unprecedented breach highlights critical weaknesses in traditional password security approaches and urgent need for modern protection strategies.
Critical Tunneling Protocol Vulnerabilities Put 4.2M Devices at Global Risk
Researchers uncover severe security flaws in common tunneling protocols affecting millions of VPN servers, routers, and network infrastructure worldwide. The vulnerabilities could enable attackers to hijack systems and conduct anonymous attacks by exploiting unauthenticated data transfer mechanisms.
Critical Security Flaws Found in Bambu Connect 3D Printer Software
Security researchers have exposed significant vulnerabilities in Bambu Connect's 3D printer control application, revealing weak encryption and easily bypassed security measures. The findings demonstrate how malicious actors could potentially access sensitive data through reverse engineering of the Electron-based software.
Major Law Firm Data Breach Exposes Medical Records and Personal Data of 3.5 Million People
Wolf Haldenstein law firm revealed a massive data breach compromising sensitive information of 3.5 million individuals, including Social Security numbers and medical records. The December 2023 incident highlights growing cybersecurity challenges in the legal sector, though no evidence of data misuse has been found so far.
PowerSchool Data Breach Exposes Complete Historical Records of Students and Teachers
PowerSchool, a major education technology provider, confirms unauthorized access to its Student Information System led to comprehensive theft of current and former student and teacher data. The breach exposed sensitive information including personal details, medical records and academic data across multiple school districts.
UK Takes Bold Step to Outlaw Ransomware Payments Across Public Sector
The UK Home Office proposes groundbreaking legislation to ban ransomware payments for public sector and critical infrastructure organizations, aiming to combat rising cybercrime. The comprehensive plan includes mandatory incident reporting and payment prevention measures following several devastating attacks on essential services.