Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. All three brands are part of the Louis Vuitton Moët Hennessy (LVMH) group and suffered data breaches [1, 2, 3] after hackers gained access to their cloud-based customer management service. READ MORE...
Microsoft Warns of ClickFix Attack Abusing DNS Lookups
Microsoft has warned users that threat actors are leveraging a new variant of the ClickFix technique to deliver malware. The ClickFix attack method has been increasingly used in the past year by both cybercriminals and state-sponsored threat groups. The attack involves attackers displaying a fake error message on a compromised or malicious site. The message instructs the target to address the issue by pressing specific keys, then performing additional steps (eg, running a command). READ MORE...
Ransomware attacks increase against IT and food sectors
Ransomware attacks on the IT sector were higher in each quarter of 2025 than in the same quarters of 2024, with the sector ranking third behind manufacturing and commercial facilities on hackers' target lists, according to a new report from the Information Technology Information Sharing and Analysis Center. Nearly half of all ransomware attacks that the IT-ISAC tracked occurred in the U.S., far surpassing the totals in other countries. READ MORE...
Nation-State Hackers Put Defense Industrial Base Under Siege
The cyber domain has become increasingly important in national defense, with cyber espionage supporting military operations in regional conflicts and cyberattacks increasingly being used against defense firms and other members of the defense industrial base (DIB), experts say. In a recent analysis of cyberattack trends related to military operations and defense support, Google found that China-linked attackers have continued to aggressively target defense firms and military contractors. READ MORE...
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. The activity has been ongoing since at least May 2025 and is characterized by modularity, which allows the threat actor to quickly resume it in case of partial compromise. The bad actor relies on packages published on the npm and PyPi registries that act as downloaders for a remote access trojan (RAT). READ MORE...
Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data
Security researchers have discovered more than 300 Chrome extensions that leak browser data, spy on their users, or outright steal users' data. Research focused on the analysis of network traffic generated by Chrome extensions has uncovered 287 applications transmitting the user's browsing history or search engine results pages (SERP). Some of them, security researcher Q Continuum explains, would essentially expose the data to unsecured networks. READ MORE...
Critical flaw in BeyondTrust Remote Support sees early signs of exploitation
A critical vulnerability in BeyondTrust Remote Support is facing a surge in reconnaissance activity in preparation for more targeted exploitation, according to security researchers. The flaw, tracked as CVE-2026-1731, is an operating system command injection vulnerability that also impacts some older versions of the company's Privileged Remote Access products. If successfully exploited, an unauthenticated attacker can execute arbitrary commands on a server without credentials. READ MORE...
Bruce Schneier: The Promptware Kill Chain
Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on "prompt injection," a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity. This term suggests a simple, singular vulnerability. This framing obscures a more complex and dangerous reality. READ MORE...
Attackers finally get around to exploiting critical Microsoft bug from 2024
Ignore patches at your own risk. According to Uncle Sam, a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack. The US Cybersecurity and Infrastructure Security Agency added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the patch. READ MORE...
- ...in 1937, Dupont chemist Wallace Carothers receives a US patent for his recently invented polymer: Nylon.
- ...in 1957, actor and "Reading Rainbow" host LeVar Burton ("Star Trek: The Next Generation", "Roots") is born in West Germany.
- ...in 1968, the first 9-1-1 emergency telephone system goes into service in Haleyville, AL.
- ...in 1989, actress Elizabeth Olsen ("WandaVision", "Martha Marcy May Marlene") is born in Los Angeles, CA.
