Financial technology giant Finastra is notifying victims of a data breach after their personal information was stolen by unknown attackers who first breached its systems in October 2024. London-based Finastra provides financial services software applications to more than 8,100 financial institutions across 130 countries, including 45 of the world's top 50 banks. As the company warned in breach notification letters sent to those impacted, the security incident was first detected on November 7. READ MORE...
Newspaper publishing giant Lee Enterprises has confirmed that a ransomware attack is behind ongoing disruptions impacting the group's operations for over two weeks. As a local news provider and one of the largest newspaper groups in the United States, Lee publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states. Its newspapers have a daily circulation of over 1.2 million, and digital editions reach more than 44 million unique visitors. READ MORE...
Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. The Russian group, known as Storm-2372, has targeted government and non-governmental organisations (NGOs), as well as firms working in IT, defence, telecoms, health, and the energy sector. READ MORE...
Juniper Networks last week published an out-of-cycle security bulletin to inform customers about the availability of patches for a critical authentication bypass vulnerability affecting its Session Smart Router product. Cybersecurity agencies in Italy and Belgium alerted organizations about the vulnerability on Monday. The security hole, tracked as CVE-2025-21589, has been described by Juniper as an authentication bypass that involves an "alternate path or channel vulnerability". READ MORE...
A new variant of the sophisticated XCSSET malware has been observed in recent, limited attacks against macOS users, Microsoft reports. First seen in 2020, XCSSET spreads through Apple Xcode, the integrated development environment for macOS: threat actors inject malicious code into Xcode projects, and the victim's system is infected when the project is executed. The malware was designed to steal information associated with numerous chat applications, take screenshots, and more. READ MORE...
Indian authorities seize loot from BitConnect crypto-Ponzi scheme Devices containing crypto wallets tracked online, then in the real world India's Directorate of Enforcement has found and seized over $200 million of loot it says are the proceeds of the BitConnect crypto-fraud scheme. BitConnect claimed it developed a bot capable of detecting and exploiting volatile cryptocurrency prices in ways that delivered investors monthly returns of 40 percent. READ MORE...