Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network. READ MORE...
Hewlett Packard Enterprise has started notifying people that their personal information was likely compromised in a December 2023 hack attributed to a Russian threat actor. The incident was disclosed a year ago, when HPE notified the US Securities and Exchange Commission that the state-sponsored hacking group known as Midnight Blizzard compromised its cloud-based email environment and accessed a small percentage of mailboxes. READ MORE...
US newspaper publisher Lee Enterprises is one week into tackling a nondescript "cybersecurity event," saying the related investigation may take "weeks or longer" to complete. The publisher's CEO, Kevin Mowbray, confirmed the incident with a statement issued late in the evening of February 7. He said they had notified law enforcement and were working to determine "what information - if any - may have been affected by the situation." READ MORE...
A cybercriminal acting under the moniker "emirking" offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself. A translation of the Russian statement by the poster says: "When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn't stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me-this is a treasure." READ MORE...
A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall. A brute force attack is when threat actors attempt to repeatedly log into an account or device using many usernames and passwords until the correct combination is found. READ MORE...
The Taliban government of Afghanistan is reeling after unidentified hackers successfully carried out a massive cyber attack against its computer systems and published over 50GB of stolen documents and files online. A group calling itself TabiLeaks publicised on social media links to the haul of information it had exfiltrated from 21 Taliban ministries and government agencies. READ MORE...
Sophisticated "LLMjacking" operations have obtained stolen access to DeepSeek models, just weeks after their public release. LLMjacking, like proxyjacking and cryptojacking, involves the illicit use of someone else's computing resources for one's own purposes. In this case, it's individuals using popular and otherwise expensive large language models (LLMs) from OpenAI, Anthropic, etc., to generate images, circumvent national bans, and more, while passing the bill along to someone else. READ MORE...
Security researchers warned about a surge in web login brute force attacks against edge devices from a suspected botnet since mid-to-late January, according to a post on X from the Shadowserver Foundation. The threat activity targeted devices from several major vendors, including Palo Alto Networks, SonicWall and Ivanti, with more than 2.8 million source IPs per day, according to Shadowserver. READ MORE...
A critical vulnerability potentially affecting Orthanc servers can pose a serious risk to medical data and healthcare operations, according to a researcher. The US cybersecurity agency CISA last week published an ICS medical advisory to inform organizations about CVE-2025-0896, a critical authentication issue discovered in Orthanc, an open source and lightweight DICOM server for medical imaging. The product is used worldwide in the healthcare and public health sector. READ MORE...
Website developers are unwittingly putting their companies at risk by incorporating publicly disclosed ASP.NET machine keys from code documentation and repositories into their applications, Microsoft is warning. The tech giant has issued an alert on the insecure practice, after observing threat actors in December using a static, known ASP.NET machine key to deploy the Godzilla post-exploitation cyberattack framework, known for stomping all over corporate environments. READ MORE...