California-based education tech giant PowerSchool is notifying students and educators that their personal information was compromised in a December 2024 data breach. The incident, the company says, was identified on December 28 and only involved its Student Information System (SIS) environments, which were accessed through the PowerSource community-focused customer support portal. READ MORE...
Hewlett Packard Enterprise (HPE) is probing assertions made by prolific Big Tech intruder IntelBroker that they broke into the US corporation's systems and accessed source code, among other things. In a statement sent to The Register, HPE confirmed it was informed of the cyber criminal's claims late last week. The attacker is selling the allegedly stolen data on a cybercrime forum, claiming to offer access to HPE source code taken from private GitHub repos, Docker builds, and SAP Hybris. READ MORE...
The "email bombing + posing as tech support via Microsoft Teams" combination is proving fruitful for two threat actors looking to deliver ransomware to organizations, and they seem to be ramping up their efforts. "Sophos MDR has observed more than 15 incidents involving these tactics in the past three months, with half of them in the past two weeks," the company's incident responders have warned today. READ MORE...
Microsoft has fixed a bug that was causing some Windows Server 2022 systems with two or more NUMA nodes to fail to start up. NUMA (short for non-uniform memory access) is a computer memory architecture in which multiple processors are connected to the same shared memory pool via high-speed interconnections to control performance bottlenecks. This design is extensively used in Windows servers with multiple physical central processing units (CPUs) or multi-core processors. READ MORE...
Medusa is a ransomware-as-a-service (RaaS) platform that first came to prominence in 2023. The ransomware impacts organisations running Windows, predominantly exploiting vulnerable and unpatched systems and hijacking accounts through initial access brokers. Initial access brokers (IABs) specialise in gaining unauthorised access to the networks of organisations, and then sell that access to other cybercriminals - such as ransomware gangs like Medusa. READ MORE...
Picture this: It's 2030 and China's furious with Taiwan after the island applies to the UN to be recognized as an independent state. After deciding on a full military invasion, China attempts to first cripple its rebellious neighbor's critical infrastructure. That's the scenario set up as a wargame exercise by the US Naval War College, which invited technology specialists, infrastructure experts, and hardcore hackers to study the problem. READ MORE...
Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our bosses, and sometimes be the difference between life and death. Humanity is now rapidly integrating a wholly different kind of mistake-maker into society: AI. Much of the friction-and risk-associated with our use of AI arise from that difference. READ MORE...
We've entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the "scam yourself" attacks. These aren't your run-of-the-mill phishing scams. They are a sophisticated evolution of social engineering designed to deceive even the most tech-savvy users. Attackers exploit our routines, trust, and overconfidence to manipulate us into becoming unwitting accomplices in our own compromise. READ MORE...