BK Technologies, the Florida-based maker of mission-critical radios for US police, fire, and defense customers, has confessed to a cyber intrusion that briefly rattled its IT systems last month. The company identified "potentially suspicious activity" around September 20 and activated the digital fire alarm, isolating affected systems and summoning external incident-response crews. A "limited number of non-critical systems" were disrupted, BK said in an SEC filing. READ MORE...
Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools. A company spokesperson told us that the incident occurred after unauthorized actors accessed a database hosted on an external service, which stored information used in the Europe, Middle East, Africa region. READ MORE...
Sports betting firm DraftKings is notifying users of a recent credential stuffing campaign targeting their online accounts. The attacks, the company says in a notification letter to the impacted users, were discovered on September 2, and relied on credentials harvested from other sources to log into users' accounts. The attackers likely accessed users' names, addresses, email addresses, phone numbers, dates of birth, profile photos, and payment information. READ MORE...
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat. READ MORE...
North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn't over yet. Though this year's record losses are driven largely by the February attack on cryptocurrency exchange Bybit ($1.46 billion stolen), the company has also linked more than thirty additional hacks to North Korea this year. "The actual figure may be even higher," the company says. READ MORE...
Attackers are increasingly abusing Cascading Style Sheets (CSS) to insert hidden text and characters into emails in a tactic designed to bypass filters and slip spam and other malicious messages past enterprise security defenses. The idea basically is to add noise to email content - random characters, nonsense paragraphs and hidden comments - in a manner that is visually undetectable to users but confusing to email filtering tools. READ MORE...
Microsoft Threat Intelligence said a cybercriminal group it tracks as Storm-1175 has exploited a maximum-severity vulnerability in GoAnywhere MFT to initiate multi-stage attacks including ransomware. Researchers observed the malicious activity Sept. 11, Microsoft said in a blog post Monday. Microsoft's research adds another substantive chunk of evidence to a growing collection of intelligence confirming the defect in Fortra's file-transfer service was exploited as a zero-day. READ MORE...
The short answer is: probably not, but theoretically it's possible. Researchers at the University of California found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations. The method uses high-performance optical sensors in optical mice, combined with artificial intelligence, to filter out background noise and "achieve intelligible reconstruction of user speech." READ MORE...
Attackers continue to evolve ways to lure potential job seekers with spear-phishing campaigns, recently impersonating popular brands such as Tesla and Red Bull get people to upload résumé details. The end game, of course, is to steal personal info for future attacks. This time it's social media and marketing professionals who are being targeted, in a threat that dangles opportunities to work for well-respected companies, such as the aforementioned automobile and energy-drink manufacturers. READ MORE...
Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model's behavior, and silently poison its data. ASCII smuggling is an attack where special characters from the Tags Unicode block are used to introduce payloads that are invisible to users but can still be detected and processed by large-language models (LLMs). READ MORE...