Parents, students, teachers, and administrators throughout North America are smarting from what could be the biggest data breach of 2025: an intrusion into the network of a cloud-based service storing detailed data of millions of pupils and school personnel. The hack, which came to light earlier this month, hit PowerSchool, a Folsom, California, firm that provides cloud-based software to some 16,000 K-12 schools worldwide. READ MORE...
Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already. Dozens of Chrome extension developers have fallen victim to the attacks thus far, which aimed to lift API keys, session cookies, and other authentication tokens from websites such as ChatGPT and Facebook for Business. READ MORE...
AMD has confirmed at least some of its microprocessors suffer a microcode-related security vulnerability, the existence of which accidentally emerged this month after a fix for the flaw appeared in a beta BIOS update from PC maker Asus. All we know for now is that the security issue is a "microcode signature verification vulnerability." Microcode is information typically loaded into the processor by the system firmware or operating system at boot time. READ MORE...
Researchers have uncovered two Mirai-based botnets harnessing Internet of Things (IoT) devices to DDoS target organizations around the world. Qualys researchers have laid bare the "Murdoc" botnet, consisting of some 1,300 IoT devices saddled with a variant of the Mirai malware that exploits vulnerabilities to compromise AVTECH Cameras and Huawei HG532 routers. READ MORE...
A newly discovered malvertising campaign targeting macOS users is dropping information stealer malware via a fake Homebrew website. The threat actors behind the campaign relied on Google advertisements for the popular open source package manager Homebrew, which allows macOS and Linux users to install open source software using their terminal. The malicious ads, developer Ryan Chenkie discovered, were displaying the link to the legitimate Homebrew site. READ MORE...
Late last month, researchers revealed a finding that's likely to shock some people and confirm the low expectations of others: Renewable energy facilities throughout Central Europe use unencrypted radio signals to receive commands to feed or ditch power into or from the grid that serves some 450 million people throughout the continent. Fabian Bräunlein and Luca Melette stumbled on their discovery largely by accident while working on what they thought would be a much different sort of hacking project. READ MORE...
The top Democrat on the House Homeland Security Committee and a number of cyber professionals on Wednesday lamented the Trump administration's decision to purge a cyber incident investigation board of its membership. But the move had some supporters, including the chairman of that same committee. Acting Department of Homeland Security Secretary Benjamine Huffman issued a memorandum Monday that strips all advisory committees of its members. READ MORE...
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals. READ MORE...
The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. Although the two flaws were discovered in September 2024 by Patchstack, and multiple attempts were made to contact the vendor (InspiryThemes), the researchers say they have not received a response. READ MORE...
A vulnerability in ChatGPT's API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI. In a security advisory posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST requests to the back-end server. READ MORE...