Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017, Bloomberg reported. However, while Oracle told clients this is old legacy data that is not sensitive, the threat actor behind the attack has shared data with BleepingComputer from the end of 2024 and posted newer records from 2025 on a hacking forum. READ MORE...
The State Bar of Texas this week started sending notification letters to thousands of individuals to notify them of a data breach resulting from a February ransomware attack. On February 12, the state bar association wrote in the notification letters, suspicious activity on its network prompted it to initiate response procedures and launch an investigation. The association determined that a threat actor had access to its network between January 28 and February 9. READ MORE...
Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company's VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, CVE-2025-22457, since mid-March. The threat group, which Google Threat Intelligence Group tracks as UNC5221, has a knack for exploiting Ivanti products and has successfully - and repeatedly - attacked the vendor's customers since 2023. READ MORE...
Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the introduction of new agents in Microsoft Security Copilot. They are introducing agents for phishing triage, alert triage for data loss prevention and insider risk management, conditional access optimization, vulnerability remediation, and threat intelligence briefing. The goal of these agents is to continuously pull in information and provide both manual and automated recommendations. READ MORE...
Recently we've been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercriminals might want to use QR codes: The QR code is likely to be scanned with a phone, which are often less well protected against malicious websites or even completely unprotected. READ MORE...
Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. In at least one case, the owner is on a US blacklist. That's according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple's App Store as documented by mobile intelligence company AppMagic. READ MORE...
As climate change continues to show irreversible effects on the planet, the push for more sustainable energy options continues to gain popularity. Solar power systems, in particular, are increasingly becoming more widely used. But these eco-friendly options come with downsides, too, specifically when it comes to cybersecurity. Researchers at Forescout this week detailed close to 50 vulnerabilities impacting the security of at least three leading solar power vendors. READ MORE...
CISA earlier this week added CVE-2024-20439, a critical flaw in the Cisco Smart Licensing Utility, to its known exploited vulnerabilities (KEV) catalog. The addition confirms reported exploitation attempts on the vulnerability last month from the SANS Internet Storm Center. CVE-2024-20439, a static credential vulnerability in the Smart Licensing Utility, was initially disclosed and patched in September along with another vulnerability, CVE-2024-20440. READ MORE...