Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. WSU is a prominent Australian institution offering various undergraduate, postgraduate, and research programs across multiple disciplines. It serves a student body of 47,000 and employs over 4,500 permanent and seasonal staff, operating with an annual budget of approximately $600 million. READ MORE...
The Medusa ransomware-as-a-service (RaaS) claims to have compromised the computer systems of NASCAR, the United States' National Association for Stock Car Auto Racing, and made off with more than 1TB of data. In a posting on its dark web leak site, Medusa has demanded a US $4 million ransom be paid for the deletion of NASCAR's data. At the top of the page, Medusa has placed a countdown timer - whereafter it threatens to make the data stolen from NASCAR available to anybody on the internet. READ MORE...
Fortinet detailed new exploitation activity against known critical vulnerabilities in FortiGate devices, including CVE-2022-42475, CVE-2023-27997 and CVE-2024-21762, in a Thursday blog post. Fortinet said that although these vulnerabilities have been patched, a threat actor was observed using a new technique to maintain read-only access to vulnerable FortiGate devices after they were updated. READ MORE...
Threat actors have been publishing malicious NPM packages to steal the information and funds of PayPal and cryptocurrency wallet users. Fortinet discovered that PayPal users have been targeted with multiple information-stealing packages that were likely created in early March by a threat actor known as tommyboy_h1 and tommyboy_h2. The packages used PayPal-related themes such as oauth2-paypal and buttonfactoryserv-paypal to trick developers into installing them. READ MORE...
A threat actor known as Paper Werewolf is using new malware to target Russian entities and steal sensitive files from flash drives. The actor, also known as Goffee, was observed deploying the malware by researchers at Kaspersky Lab. The malware includes components that are designed to target removable media. Kaspersky said the previously undocumented implant, which it calls "PowerModul," is a PowerShell script downloader that can covertly download other components from command and control servers. READ MORE...
Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. Tycoon2FA was discovered in October 2023 by Sekoia researchers, who later reported significant updates on the phishing kit that increased its sophistication and effectiveness. READ MORE...
As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use large language models. CISOs cannot treat this as a secondary concern. To reduce risk, security leaders should focus on policy, visibility, and culture. Set clear rules about what data can and cannot be entered into AI systems. Monitor usage to identify shadow AI before it becomes a problem. READ MORE...
Package hallucinations represent a common issue within code-generating Large Language Models (LLMs) that opens the door for a new type of supply chain attack, researchers from three US universities warn. Referred to as 'slopsquatting', package hallucination occurs when the code generated by a LLM recommends or references a fictitious package. Researchers warn that threat actors can exploit this by publishing malicious packages with the hallucinated names. READ MORE...
Remote access tools were the initial entry point in eight of every 10 ransomware attacks in 2024, according to a report released Thursday by At-Bay. VPNs accounted for about two-thirds of ransomware attack entry points. Indirect ransomware claims continue to rise, showing a 43% increase in 2024, according to At-Bay. Indirect ransomware is when an attack begins on a third-party vendor or business partner, often leading to a data breach or business interruption of a downstream client or partner. READ MORE...