What defenders are learning from Black Basta's leaked chat logs
Black Basta's internal chat logs, which were leaked earlier this month, are providing defenders with actionable intelligence on the ransomware group's operations, cybercrime experts told CyberScoop. Researchers sifting through Black Basta's exposed communications found details about the group's preferred tools and techniques, including custom malware loaders, indicators of compromise, cryptocurrency wallets and email addresses associated with the syndicate's affiliates. READ MORE...
How North Korea pulled off a $1.5 billion crypto heist-the biggest in history
The cryptocurrency industry and those responsible for securing it are still in shock following Friday's heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history. Bybit officials disclosed the theft of more than 400,000 ethereum. The notification said the digital loot had been stored in a "Multisig Cold Wallet" when, somehow, it was transferred to one of the exchange's hot wallets. READ MORE...
Orange Group confirms breach after hacker leaks company documents
A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the systems of Orange Group, a leading French telecommunications operator and digital service provider. The threat actor published on a hacker forum details about the stolen data after trying to extort the company unsuccessfully. Orange confirmed the breach to BleepingComputer saying that it occurred on a non-critical application. READ MORE...
China's Silver Fox spoofs medical imaging apps to hijack patients' computers
A Chinese government-backed group is spoofing legitimate medical software to hijack hospital patients' computers, infecting them with backdoors, credential-swiping keyloggers, and cryptominers. Forescout's Vedere Labs researchers on Monday sounded the alarm after identifying dozens of malware samples masquerading as Philips DICOM medical image viewers and other legitimate software. READ MORE...
Attackers exploiting Cisco vulnerabilities tied to Salt Typhoon campaign
GreyNoise researchers observed active exploitation of two Cisco vulnerabilities, CVE-2018-0171 and CVE-2023-20198, which reportedly have been used in recent attacks by the Chinese nation-state threat group known as Salt Typhoon. Attackers exploited CVE-2018-0171, a vulnerability in the Smart Install feature of Cisco IOS and Cisco IOS XE software, between December 2024 and January of this year. READ MORE...
Massive botnet hits Microsoft 365 accounts
A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers at SecurityScorecard are examining possible connections to China-affiliated threat actors, citing evidence of infrastructure linked to CDS Global Cloud and UCLOUD HK, which have operational ties to China. READ MORE...
Exploits for unpatched Parallels Desktop flaw give root on Macs
Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. Parallels Desktop is a virtualization software that allows Mac users to run Windows, Linux, and other operating systems alongside macOS. It is very popular among developers, businesses, and casual users who need Windows applications on their Macs without rebooting. READ MORE...
Microsoft Power Pages vulnerability exploited in the wild
A zero-day vulnerability in Microsoft Power Pages has been exploited in the wild. The vulnerability, listed as CVE-2025-24989, is an improper access control flaw that allows privilege escalation in Microsoft Power Pages, a low-code SaaS development platform for enterprise website-building. Microsoft disclosed and patched the high-severity vulnerability on Wednesday. In a security advisory, Microsoft warned the flaw has been exploited in the wild. READ MORE...
What Microsoft's Majorana 1 Chip Means for Quantum Decryption
The potential power of quantum computing is difficult to imagine, but it will revolutionize society and science. It will help produce new medicines, provide more productive farming, and develop new materials - potentially solving many of humanity's current intractable concerns. So, at some point, advances in AI and quantum computing will become better and faster - the combination will become a continuing and accelerating virtuous cycle. READ MORE...
- ...in 1836, Samuel Colt is granted a patent for the Colt revolver, the first gun manufactured on an assembly line using interchangeable parts.
- ...in 1901, industrialist J.P. Morgan incorporates the United States Steel Corporation by financing the merger of three smaller steel companies for $492 million.
- ...in 1928, The Federal Radio Commission issues the first television broadcast license to inventor and early TV pioneer Charles Jenkins.
- ...in 1971, actor Sean Astin ("Rudy", "Lord of the Rings") is born in Santa Monica, CA.
