The FBI is warning people to be vigilant of an ongoing malicious messaging campaign that uses AI-generated voice audio to impersonate government officials in an attempt to trick recipients into clicking on links that can infect their computers. "Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts," Thursday's advisory said. READ MORE...
Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers' data that can help them mount social engineering attacks, the company confirmed today by filing a report with the US Securities and Exchange Commission (SEC). The attack did not involve the compromise of company systems or networks. Instead, the data was accessed by a group of malicious support agents. READ MORE...
A ransomware attack at a Middle Eastern business partner of payroll company ADP has led to customer data theft at Broadcom, The Register has learned. It's understood Broadcom's HR department has begun the process of informing current and former staff who are affected by the September ransomware attack at Business Systems House (BSH). Broadcom no longer uses ADP or by extension BSH for payroll in the Middle East, the internal email confirmed. READ MORE...
Over the past few years, cybersecurity experts have increasingly said that nation-state operatives and cybercriminals often blur the boundaries between geopolitical and financial motivations. A new report released Wednesday shows how North Korea has flipped that idea on its head. North Korea has silently forged a global cyber operation that experts now liken to a mafia syndicate, with tactics and organization far removed from other nation-state actors. READ MORE...
On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, and Oracle VirtualBox. Red Hat Enterprise Linux for Workstations was the first to fall in the local privilege escalation category after DEVCORE Research Team's Pumpkin exploited an integer overflow vulnerability to earn $20,000. READ MORE...
Andrei Tarasov's criminal life is not as glamorous as you might expect from a leading criminal actor. Tarasov (aka Aels and more recently Lavander) left his native Russia because of 'political persecution', subsequently claiming to have been granted asylum in Ukraine. He was outspoken in his condemnation of modern Russia, saying he removed himself "Because nothing is left from the 'great' country I grew up in except for a bunch of clowns and the battle against America." READ MORE...
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM). READ MORE...
ESET researchers have discovered a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities, including a zero-day XSS flaw in MDaemon webmail software, to steal confidential information from specific email accounts belonging to officials working for various governmental organizations in Ukraine and defense contractors in Europe and on other continents. Operation RoundPress, so nicknamed by ESET, is most probably the work of the Russia-aligned Sednit APT group. READ MORE...