A data breach against SonicWall's cloud backup service first disclosed last month is far worse than initially thought. On Sept. 17, network security vendor SonicWall disclosed what it described as a "cloud backup file incident." The company detected suspicious activity which, upon further investigation, was revealed to be attackers accessing encrypted credentials as well as backup firewall configuration files stored in the cloud. READ MORE...
UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities. According to disclosure emails seen by The Register sent to union members who work as scientists, engineers, techies, and managers, the attack took place in June, yet members were only notified this week. Members include professionals working at organizations such as BT Group, the Met Office, BAE Systems, Rolls Royce, Siemens, Jacobs, and many more. READ MORE...
Three exploitation campaigns targeting Cisco and Palo Alto Networks firewalls and Fortinet VPNs originate from IPs on the same subnets, GreyNoise has discovered. The threat intelligence firm initially warned of scanning attempts targeting Cisco ASA devices in early September, roughly three weeks before Cisco disclosed two zero-day vulnerabilities impacting Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. READ MORE...
Microsoft has sounded the alarm over a new financially-motivated cybercrime spree that is raiding US university payroll systems. In a blog post, Redmond said a cybercrime crew it tracks as Storm-2657 has been targeting university employees since March 2025, hijacking salaries by breaking into HR software such as Workday. The attack is as audacious as it is simple: compromise HR and email accounts, quietly change payroll settings, and redirect pay packets into attacker-controlled bank accounts. READ MORE...
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. The malware is targeting Russian users through Telegram channels and malicious websites that appear legitimate. It can steal SMS meessages call logs, notifications, take pictures, and even make phone calls. Malware researchers at Zimperium say that they documented more than 600 samples and 50 distinct droppers over the past three months READ MORE...
Google Threat Intelligence Group (GTIG) and Mandiant have continued to analyze the recent Oracle E-Business Suite (EBS) extortion campaign and their researchers have identified some of the pieces of malware deployed in the attacks. The attacks came to light on October 2, when GTIG and Mandiant warned that executives at many organizations using Oracle EBS had received extortion emails. It has since been determined that hackers likely exploited known EBS vulnerabilities patched in July. READ MORE...
Security researchers are warning Android users to delete a fake VPN and streaming app that can let criminals take over their phones and drain their bank accounts. The app, Mobdro Pro IP TV + VPN, was discovered by researchers at Cleafy to be a malicious sideloaded app, not a legitimate VPN. Their analysis found it installs Klopatra, a new Android banking Trojan and remote-access tool with no links to known malware families. READ MORE...
Cybernews discovered how two AI companion apps, Chattee Chat and GiMe Chat, exposed millions of intimate conversations from over 400,000 users. This is not the first time we have to write about AI "girlfriends" exposing their secrets-and it probably won't be the last. This latest incident is a reminder that not every developer takes user privacy seriously. This was not a sophisticated hack that required a skilled approach. All it took was knowing how to look for unprotected services. READ MORE...
Scraping the open web for AI training data can have its drawbacks. On Thursday, researchers from Anthropic, the UK AI Security Institute, and the Alan Turing Institute released a preprint research paper suggesting that large language models can develop backdoor vulnerabilities from as few as 250 corrupted documents inserted into their training data. That means someone tucking certain documents away inside training data could potentially manipulate how the LLM responds to prompts. READ MORE...