Legal Aid Agency Warns Lawyers, Defendants on Data Breach
Today, the UK's Legal Aid Agency announced that on April 23 it became aware of a cyberattack on its digital services. The agency is based in London and provides civil and criminal legal aid within England and Wales to assist individuals with their legal issues. It is sponsored by the Ministry of Justice, which is responsible for courts, prisons, probation services, and attendance centers, working closely with other government departments and agencies. READ MORE...
'Whatever we did was not enough': How Salt Typhoon slipped through the government's blind spots
The first time some of the largest telecom companies in the world heard of Salt Typhoon was in a Wall Street Journal article. The story, which was published last September, blindsided company executives and industry insiders. As news of the attack on the country's broadband networks broke, the scope and severity of the breach became clear. The top Democrat on the Senate Intelligence Committee dubbed it "the worst telecom hack in our nation's history." READ MORE...
'Hazy Hawk' Cybercrime Gang Swoops In for Cloud Resources
Attackers have long exploited sloppy DNS configurations to hijack domain names and redirect users to shady sites for scams, malware distribution, and other malicious activities. Now, a threat actor tracked by Infoblox as "Hazy Hawk" is leveraging a different version of the attack vector to seize control of abandoned cloud resources, like S3 buckets and Azure endpoints, linked to prominent organizations. READ MORE...
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
Broadcom-owned VMware on Tuesday rolled out urgent patches for two sets of flaws that expose its flagship infrastructure software to data leakage, command execution and denial-of-service attacks, with no temporary workarounds available. The virtualization technology giant pushed out two separate bulletins documenting at least 7 vulnerabilities in the VMware Cloud Foundation, VMware ESXi, vCenter Server, Workstation, and Fusion product lines. READ MORE...
Trojanized KeePass opens doors for ransomware attackers
A suspected initial access broker has been leveraging trojanized versions of the open-source KeePass password manager to set the stage for ransomware attacks, WithSecure researchers have discovered. In February 2025, WithSecure's inicident responders were hired by an European IT service provider to help with response and remediation after a ransomware gang encrypted their VMware ESXi servers' datastores. READ MORE...
AI voice hijacking: How well can you trust your ears?
How sure are you that you can recognize an AI-cloned voice? If you think you're completely certain, you might be wrong. With only three seconds of audio, criminals can now clone a person's voice, which can easily be obtained from videos shared online or on social media. An American mother almost fell victim to a virtual kidnapping scam, where a cloned voice convincingly mimicked her daughter's cries for help. READ MORE...
SEC Twitter hack: Man imprisoned for role in attack that caused Bitcoin's price to soar
A 25-year-old man from Alabama has been sentenced to 14 months in a federal prison for his part in a hack that resulted in the Bitcoin cryptocurrency to briefly soar in value. Eric Council Jr., of Athens, Alabama, pleaded guilty to charges related to the January 2024 hack of the US Securities and Exchange Commission's (SEC) Twitter account, which saw a fake announcement about the Bitcoin cryptocurrency posted to its 660,000+ followers. READ MORE...
Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities
Hackers have successfully breached a limited number of Ivanti Endpoint Mobile Manager users by chaining together medium and high-severity vulnerabilities in the suite of mobile device management software. The vulnerabilities, tracked as CVE-2025-4427 and CVE-2025-4428, can allow an unauthenticated attacker to achieve remote code execution. Ivanti is urging customers to immediately upgrade to a fixed version of the software. READ MORE...
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
Researchers from CISA and NIST have proposed a new cybersecurity metric designed to calculate the likelihood that a vulnerability has been exploited in the wild. Peter Mell of NIST and Jonathan Spring of CISA have published a paper describing equations for what they call Likely Exploited Vulnerabilities, or LEV. Thousands of vulnerabilities are discovered every year in software and hardware, but only a small percentage are ever exploited in the wild. READ MORE...
- ...in 1873, Levi Strauss and Jacob Davis receive a patent for rugged work pants with riveted seams, better known today as Levi's 501 blue jeans.
- ...in 1899, Jacob German, operator of a taxicab for the Electric Vehicle Company, becomes the first driver to be arrested for speeding. He is driving 12 mph.
- ...in 1911, comics and sci-fi writer Gardner Fox, the creator of The Flash and the Justice League of America, is born in Brooklyn, NY.
- ...in 1927, Charles Lindbergh takes off in his custom-built plane, The Spirit of St. Louis, for the first-ever solo transatlantic flight
