University of Sydney suffers data breach exposing student and staff info
Hackers gained access to an online coding repository belonging to the University of Sydney and stole files with personal information of staff and students. The institution said the breach was limited to a single system and was detected last week. It promptly shut down the unauthorized access and notified the New South Wales Privacy Commissioner, the Australian Cyber Security Centre, and education regulators. READ MORE...
Clipping Scripted Sparrow's wings: Tracking a global phishing ring
Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms to mislead finance teams into transferring money to fraudsters' accounts. However, unlike conventional BEC actors, Scripted Sparrow uses a structured, consistent, and disciplined approach. READ MORE...
A Good Year for North Korean Cybercriminals
There are cybercriminals, and then there are North Korean state-sponsored threat groups. The cybercriminal groups linked to the rogue nation continue to see tremendous success, starting 2025 with a $1.5 billion theft of Ethereum cryptocurrency from exchange ByBit in February and continuing with efforts to embed tech workers in companies and compromise software supply chains. So far this year, North Korean groups have stolen at least $2.02 billion in cryptocurrency. READ MORE...
'Kimwolf' Android Botnet Ensnares 1.8 Million Devices
A newly identified Android botnet has infected over 1.8 million devices and can launch massive distributed denial-of-service (DDoS) attacks, Chinese cybersecurity firm XLab warns. Dubbed Kimwolf, the botnet has proxy forwarding, reverse shell, and file management capabilities. The threat appears linked to Aisuru, the TurboMirai-class IoT botnet recently blamed for a record-breaking 29.7 Tbps DDoS attack. READ MORE...
The ghosts of WhatsApp: How GhostPairing hijacks accounts
Researchers have found an active campaign aimed at taking over WhatsApp accounts. They've called this attack GhostPairing because it tricks the victim into completing WhatsApp's own device-pairing flow, silently adding the attacker's browser as an invisible linked device on the account. Device pairing lets WhatsApp users add additional devices to their account so they can read and reply to messages from a laptop or through WhatsApp Web. READ MORE...
UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks
Motherboards from several major vendors are affected by a vulnerability that can allow a threat actor to conduct early-boot attacks. According to an advisory published on Wednesday by Carnegie Mellon University's CERT/CC, an attacker can exploit the vulnerability to access data in memory or influence the initial state of the system. The security hole could allow an attacker to obtain sensitive data and conduct pre-boot code injection. READ MORE...
SonicWall Edge Access Devices Hit by Zero-Day Attacks
SonicWall Wednesday disclosed a zero-day vulnerability impacting its SMA1000 access platform that is under active exploitation via chained attacks. CVE-2025-40602 is a medium-severity local privilege escalation vulnerability in SonicWall's SMA1000 appliance management console (AMC). The flaw, which received a 6.6 CVSS score, stems from insufficient authorization in the AMC, according to SonicWall's advisory. READ MORE...
China turns on a vast experimental network it says is an heir to ARPANET
Chinese authorities on Thursday certified the China Environment for Network Innovation (CENI), a vast research network that Beijing hopes will propel the country to the forefront of networking research. As reported in Chinese state media, tests of the network saw it shift 72 terabytes of data in 1.6 hours, across a distance of around 1,000 km between a radio telescope in Guizhou province and a university in Hubei. READ MORE...
- ...in 1776, Thomas Paine publishes the first of a series of pamphlets entitled "The American Crisis", opening with the famous words: "These are the times that try men's souls."
- ...in 1843, Charles Dickens' classic novella "A Christmas Carol" is published. The first edition sells out by Christmas Eve.
- ...in 1918, New Orleans blues singer and pianist Professor Longhair (born Henry Roeland Byrd), is born in Bogalusa, LA.
- ...in 1942, pro wrestling announcer "Mean" Gene Okerlund is born in South Dakota.
- ...in 1998, President Bill Clinton is impeached by the US House of Representatives, becoming the nation's second Chief Executive to be charged with misconduct while in office.
