Like many other data brokers, Gravy is a company you may never have heard of, but it almost certainly knows a lot about you if you're a US citizen. Data brokers come in different shapes and sizes. What they have in common is that they gather personally identifiable data from various sources-from publicly available data to stolen datasets-and then sell the gathered data on. Gravy Analytics specializes in location intelligence, meaning it collects sensitive phone location and behavior data. READ MORE...
Healthcare and substance abuse treatment provider BayMark Health Services has started notifying patients that their personal information was stolen in a data breach resulting from a ransomware attack. The Texas-based company runs one of the largest addiction treatment services in the US, operating roughly 200 facilities and over 380 programs in 35 states, and treating more than 70,000 patients every day. READ MORE...
The National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity warned Japanese organizations of a sophisticated Chinese state-backed cyber-espionage effort called "MirrorFace" to steal technology and national security secrets. Japanese authorities said the advanced persistent threat group (APT) MirrorFace has been operating since 2019. READ MORE...
A man from Toronto has described to the media how he lost $100,000 worth of cryptocurrency investment after making an elementary blunder. Art, who didn't share his surname, told CTV that back in 2021 he decided to invest a family inheritance in cryptocurrency. He chose to use Kraken, a well-known US-based cryptocurrency exchange, and having made the investment left it alone for two years. In 2023, however, he felt it was time to see how his investment was doing. READ MORE...
Conventional wisdom assumes that the more vulnerabilities a security tool flags, the easier it will be for a company to secure its infrastructure. In theory, layering more tools into a tech stack should equal more effective attack surface monitoring, right? Well, reality isn't quite panning out like that. If anything, tool sprawl has created an illusion of security, drowning security teams in the performative theatrics of squashing countless alerts - most of them false positives. READ MORE...
The macOS infostealer "Banshee" has been spotted skating by antivirus programs using a string encryption algorithm it stole from Apple. Banshee has been spreading since July, primarily via Russian cybercrime marketplaces, where it was sold as a $1,500 "stealer-as-a-service" for Macs. It's designed to steal credentials from browsers and browser extensions associated with cryptocurrency wallets. READ MORE...
Federal cyber authorities and researchers warn that attackers are exploiting a zero-day vulnerability in multiple Ivanti products, including Ivanti Connect Secure. Ivanti acknowledged CVE-2025-0282 was already exploited at the time of disclosure on Wednesday when it issued an advisory and released a patch for the critical unauthenticated stack-based buffer overflow vulnerability. READ MORE...
As a company fortunate enough to have and maintain our own pentesting team, we often do outreach with other organizations to assist with or provide our expertise in offensive security. In collaboration with the Kerala Police Cyber unit, we were able to assist with investigating a prolific scam targeting the State bank of India (SBI). SBI is the largest bank in India and one of the top 50 largest banks in the world with over half a billion customers and account holders. READ MORE...