Data breach hitting PowerSchool looks very, very bad
Parents, students, teachers, and administrators throughout North America are smarting from what could be the biggest data breach of 2025: an intrusion into the network of a cloud-based service storing detailed data of millions of pupils and school personnel. The hack, which came to light earlier this month, hit PowerSchool, a Folsom, California, firm that provides cloud-based software to some 16,000 K-12 schools worldwide. READ MORE...
Supply chain attack hits Chrome extensions, could expose millions
Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already. Dozens of Chrome extension developers have fallen victim to the attacks thus far, which aimed to lift API keys, session cookies, and other authentication tokens from websites such as ChatGPT and Facebook for Business. READ MORE...
Asus lets processor security fix slip out early, AMD confirms patch in progress
AMD has confirmed at least some of its microprocessors suffer a microcode-related security vulnerability, the existence of which accidentally emerged this month after a fix for the flaw appeared in a beta BIOS update from PC maker Asus. All we know for now is that the security issue is a "microcode signature verification vulnerability." Microcode is information typically loaded into the processor by the system firmware or operating system at boot time. READ MORE...
Mirai botnet behind the largest DDoS attack to date
Researchers have uncovered two Mirai-based botnets harnessing Internet of Things (IoT) devices to DDoS target organizations around the world. Qualys researchers have laid bare the "Murdoc" botnet, consisting of some 1,300 IoT devices saddled with a variant of the Mirai malware that exploits vulnerabilities to compromise AVTECH Cameras and Huawei HG532 routers. READ MORE...
Homebrew macOS Users Targeted With Information Stealer Malware
A newly discovered malvertising campaign targeting macOS users is dropping information stealer malware via a fake Homebrew website. The threat actors behind the campaign relied on Google advertisements for the popular open source package manager Homebrew, which allows macOS and Linux users to install open source software using their terminal. The malicious ads, developer Ryan Chenkie discovered, were displaying the link to the legitimate Homebrew site. READ MORE...
Researchers say new attack could take down the European power grid
Late last month, researchers revealed a finding that's likely to shock some people and confirm the low expectations of others: Renewable energy facilities throughout Central Europe use unencrypted radio signals to receive commands to feed or ditch power into or from the grid that serves some 450 million people throughout the continent. Fabian Bräunlein and Luca Melette stumbled on their discovery largely by accident while working on what they thought would be a much different sort of hacking project. READ MORE...
Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker
The top Democrat on the House Homeland Security Committee and a number of cyber professionals on Wednesday lamented the Trump administration's decision to purge a cyber incident investigation board of its membership. But the move had some supporters, including the chairman of that same committee. Acting Department of Homeland Security Secretary Benjamine Huffman issued a memorandum Monday that strips all advisory committees of its members. READ MORE...
MasterCard DNS Error Went Unnoticed for Years
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals. READ MORE...
Critical zero-days impact premium WordPress real estate plugins
The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. Although the two flaws were discovered in September 2024 by Patchstack, and multiple attempts were made to contact the vendor (InspiryThemes), the researchers say they have not received a response. READ MORE...
'Severe' bug in ChatGPT's API could be used to DDoS websites
A vulnerability in ChatGPT's API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI. In a security advisory posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST requests to the back-end server. READ MORE...
- ...in 1944, actor Rutger Hauer ("Blade Runner", "Ladyhawke") is born in Utrecht, Netherlands.
- ...in 1957, former US Air Force pilot Walter Morrison sells his invention, called the "Pluto Platter", to Wham-O. It would go on to become a household name, as the Frisbee.
- ...in 1986, the Rock and Roll Hall of Fame inducts its first honorees, including Little Richard, Chuck Berry, Buddy Holly, Jerry Lee Lewis, and Elvis Presley, among others.
- ...in 1998, Netscape announces the formation of Mozilla. It would outlive its parent company, releasing the Firefox web browser and several other open-source products.
