When the news broke that a Chinese hacking group known as Salt Typhoon had penetrated multiple U.S. telecommunications networks, gained access to the phones of a presidential campaign, and collected geolocation data on high-value targets around Washington D.C., one of the first questions on the minds of executives and U.S. officials was how long it would take to kick them out. The spying campaign shocked the government and telecom industry alike. READ MORE...
When Coinbase said last week that it had refused to pay a $20 million ransom tied to an insider leak, the company estimated the data theft touched "less than one percent" of monthly transacting users. A mandatory filing to the Maine Attorney General now pins the number at 69,461 customers nationwide and dates the breach back to last December. In the filing, Coinbase described the incident simply as "insider wrongdoing." READ MORE...
Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025. The incident disrupted voice and SMS services for customers across Wisconsin and Upper Michigan, leaving subscribers unable to make phone calls or send text messages. Cellcom CEO Brighid Riordan has confirmed what was already suspected: that the company suffered a cyberattack. READ MORE...
A Massachusetts student pleaded guilty in court to hacking two US companies and extorting them for ransom. One of the organizations appears to be PowerSchool. The student, Matthew D. Lane, 19, was charged with extorting a $200,000 ransom from a telecommunications company in exchange for not publicly sharing data previously stolen from it. According to the indictment (PDF), the telecoms provider was hacked in October 2022, and confidential customer information was stolen from its systems. READ MORE...
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace. READ MORE...
Russian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers, according to ESET. The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. Gamaredon remained the most prolific actor targeting Ukraine, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. READ MORE...
Attackers have Trojanized a widely used VMware utility to execute a supply chain attack ultimately aimed at delivering the recently revived Bumblebee initial-access malware. Researchers from Arctic Wolf observed the attack - which abuses RVTools, a trusted VMware environment reporting utility - when an employee inadvertently attempted to install a malicious version of the tool in a customer's environment, according to separate blog posts by both Arctic Wolf and ZeroDay Labs. READ MORE...
A Chinese government-backed intelligence operation is actively using fake employment sites and social media to recruit laid-off federal workers, according to a report released Monday by the Foundation for Defense of Democracies. Researchers warn that the operation is using front companies, LinkedIn and other tools as part of a broad online campaign to gather intelligence on the U.S., including sensitive information related to U.S. national security and corporate interests. READ MORE...
Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed. Discovered by Codean Labs' Edoardo Geraci and Thomas Rinsma, the vulnerability essentially undermines the core purpose of using public key cryptography to secure communications. Tracked as CVE-2025-47934 (8.7 - high), the vulnerability stems from the openpgp.verify and openpgp.decrypt functions. READ MORE...