Education giant Pearson hit by cyberattack exposing customer data
Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. READ MORE...
160,000 Impacted by Valsoft Data Breach
Canada-based vertical market software (VMS) firm Valsoft Corporation (dba AllTrust) is notifying over 160,000 people that their personal information was compromised in a data breach. The incident, discovered on February 14, involved unauthorized access to a non-production network of AllTrust subsidiary Aspire USA. The attackers, the company says, had access to Aspire's network between February 12 and February 15, and stole certain files during that time. READ MORE...
Hackers hit deportation airline GlobalX, leak flight manifests.
GlobalX Airlines, a charter airline being used by the US government for deportation flights, has been attacked by hacktivists who have made off with what they claim are detailed flight records and passenger manifests. The attackers, who claim to be operating under the umbrella of Anonymous, did not just quietly exfiltrate data from the airline assisting with the controversial deportations - they also defaced the company's website and replaced it with a message. READ MORE...
The many variants of the ClickFix social engineering tactic
As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it's interesting to see how the various attackers are trying to refine the two main elements: the lure and the "instruction" page. In the latest email campaigns documented by the Google Threat Intelligence Group, the suspected Russian threat actor tried to trick the targets into downloading malware by urging them to "solve" a fake CAPTCHA page. READ MORE...
SonicWall Issues Patch for Exploit Chain in SMA Devices
SonicWall has fixed three high-severity vulnerabilities affecting its unified secure access gateway devices, one of which has already been exploited in the wild. Like Ivanti, Fortinet, and other edge device manufacturers before it, SonicWall has been enduring a tough stretch of repeated security incidents. The vendor has copped to new actively exploited vulnerabilities in January, February, and April of this year. READ MORE...
May 2025 Patch Tuesday forecast: Panic, change, and hope
April was an event-filled month for cybersecurity. Patch Tuesday came to us quickly on April 8 - the earliest first Tuesday possible in a given month. We again saw large numbers of CVEs addressed with 84 in Windows 11 and 87 in Windows 10 and all their related servers. There was only one known-exploited exploited vulnerability, CVE-2025-29824, which allowed elevation of privilege but it was present in all operating systems. Overall, a pretty typical monthly event. READ MORE...
Cisco fixes max severity IOS XE flaw letting attackers hijack devices
Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. This token is meant to authenticate requests to a feature called 'Out-of-Band AP Image Download.' Since it's hard-coded, anyone can impersonate an authorized user without credentials. The vulnerability is tracked as CVE-2025-20188 and has a maximum 10.0 CVSS score. READ MORE...
LockBit Ransomware Gang Breached, Secrets Exposed
It's hard to feel too much sympathy when a group of cybercriminals who have themselves extorted millions of dollars from innocent victims have found themselves dealing with their own cybersecurity problem. And that's just what has happened to the notorious LockBit ransomware gang. The infamous ransomware-as-a-service (RaaS) operation, which has been behind some of the highest-profile ransomware attacks in history, has itself been breached and had its secrets spilt for anybody to see. READ MORE...
DOGE software engineer's computer infected by info-stealing malware
Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years. Kyle Schutt is a 30-something-year-old software engineer who gained access in February to a "core financial management system" belonging to the Federal Emergency Management Agency. READ MORE...
Life Without CVEs? It's Time to Act
The cybersecurity community is quite familiar with "Oh, my God!" moments. However, what transpired recently regarding MITRE's support of the Common Vulnerabilities and Exposures database was earth-moving on a different level. In a single day, we witnessed a foundational structure for communication between cyber defenders go from "It's going dark tomorrow!" to "Oh, whew, we have an 11-month extension." READ MORE...
Popular Scraping Tool's NPM Package Compromised in Supply Chain Attack
A threat actor published three malicious versions of the popular NPM package 'rand-user-agent' to deploy and activate a remote access trojan (RAT) on users' systems. A Node.js package that has been deprecated, rand-user-agent generates randomized user-agent strings based on occurrence. It was originally built as a functionality tool for Romanian software development firm WebScrapingAPI, but can be integrated into any node.js project for web scraping. READ MORE...
- ...in 1945, top-ranking Nazi official Herrman Goering is captured by the U.S. Seventh Army.
- ...in 1949, singer-songwriter and pianist Billy Joel is born in the Bronx, NYC.
- ...in 1958, Alfred Hitchcock's "Vertigo" has its world premiere in San Francisco.
- ...in 1974, the US House Judiciary Committee opens formal impeachment hearings against President Richard M. Nixon in the wake of the Watergate scandal.
