The Office of the Comptroller of the Currency has notified Congress that a February breach of its email system is classified as a major cybersecurity incident. The incident was first disclosed Feb. 26, though the OCC provided virtually no details at the time, only saying that it had resolved a security incident "involving an administrative account in the OCC email system" and that a "limited number of affected email accounts" were disabled following a broader investigation. READ MORE...
Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations. In an 8-K filing to the U.S. Securities and Exchange Commission (SEC), Sensata says that the attack occurred on Sunday, April 6, and involved data theft, too. "The incident has temporarily impacted Sensata's operations, including shipping, receiving, manufacturing production, and various other support functions," reads the notification. READ MORE...
In July 2024, ESET Research noticed suspicious activity on the system of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, we made an unexpected discovery in the victim's network: malicious tools belonging to FamousSparrow, a China-aligned APT group. There had been no publicly documented FamousSparrow activity since 2022, so the group was thought to be inactive. READ MORE...
The Russian state-backed hacking group Gamaredon (aka "Shuckworm") has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. Symantec threat researchers say the campaign started in February 2025 and continued until March, with hackers deploying an updated version of the GammaSteel info-stealing malware to exfiltrate data. READ MORE...
Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. The company says Daniel Rozeboom of the FortiSwitch web UI development team discovered the vulnerability (CVE-2024-48887) internally. Unauthenticated attackers can exploit this unverified FortiSwitch GUI password change security flaw (rated with a 9.8/10 severity score) in low-complexity attacks that don't require user interaction. READ MORE...
A newly identified Python framework spamming the contact forms and chat widgets on the websites of small and medium-sized businesses has made over 80,000 victims over the past half a year, SentinelOne reports. Dubbed AkiraBot due to its use of domains that have 'Akira' as the search engine optimization (SEO) service brand, the framework can evade CAPTCHA filters and network detections. The name 'ServiceWrap' also stands out in its SEO domain naming. READ MORE...
US President Donald Trump has signed an Executive Order on Wednesday to revoke security clearance held by Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), and his colleagues at SentinelOne. "The Order also suspends any active security clearance held by individuals at entities associated with Krebs, including SentinelOne, pending a review of whether such clearances are consistent with the national interest," the White House announced. READ MORE...
When you next type something sensitive on your computer keyboard, be sure that no-one else is watching. A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malwareware. In a class action lawsuit, six women have accused pharmacist Matthew Bathula of invading their privacy by spying on them at work and at home. The lawsuit claims that this gave Bathula login credentials for the victims' personal accounts and systems. READ MORE...
Researchers have demonstrated that a series of vulnerabilities affecting the Nissan Leaf electric vehicle can be exploited to remotely hack the car, including for spying and the physical takeover of various functions. The research was conducted by PCAutomotive, a company that offers penetration testing and threat intelligence services for the automotive and financial services industries. The Nissan Leaf hacking was detailed last week at Black Hat Asia 2025. READ MORE...
Attackers are exploiting a zero-day vulnerability in the Windows Common Log File System to deploy ransomware against various targets, including information technology and real estate organizations in the U.S., according to researchers at Microsoft. Researchers who discovered the flaw said the exploit had been deployed via PipeMagic malware. A threat actor tracked as Storm-2460 has used PipeMagic to deploy ransomware, according to researchers. READ MORE...