The Conduent breach, from 10 million to 25 million (and counting)
The Conduent breach has quietly grown into one of the biggest third-party data incidents in US history, and the real story now is how many different programs and employers are swept up in it, even for people who have never heard of Conduent. When we first covered this incident, public filings suggested roughly 10.5 million affected individuals, heavily concentrated in Oregon and a few other states. Fresh state notifications reportedly put the total at more than 25 million people across the US. READ MORE...
Scattered Lapsus$ Hunters auditioning female voices to sharpen social engineering
Prolific cybercrime crew Scattered Lapsus$ Hunters (SLSH) is reportedly recruiting women in the hope of improving its social engineering success. According to Telegram channel posts made on February 22, gathered by Dataminr, the group behind last year's Salesloft Drift attacks promised payments between $500-$1,000 per call, depending on "success and hit rate." Interested applicants are invited to apply by sending a message to the group's "Support" account. READ MORE...
Notorious ransomware gang allegedly blackmailed by fake FSB officer
There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang. Conti, one of the world's most infamous cybercriminal operations, was allegedly the victim of an attempted scam by someone pretending to be an officer of Russia's Federal Security Service (FSB). READ MORE...
Ransomware payment rate drops to record low as attacks surge
The number of ransomware victims paying threat actors has dropped to 28% last year, an all-time low, despite a significant increase in the number of claimed attacks. A downward payment trend has been observed for the past four consecutive years by the blockchain intelligence platform Chainalysis. At the moment, the total of on-chain ransomware payments in 2025 stands at $820 million but the company notes that "the 2025 total is likely to approach or exceed $900 million." READ MORE...
CISA orders agencies to patch Cisco devices now under attack
Federal agencies have until Friday evening to update certain Cisco networking devices that are vulnerable to compromise, the Cybersecurity and Infrastructure Security Agency said on Tuesday. In an emergency directive about Cisco's Software-Defined Wide-Area Networking (SD-WAN) systems, CISA said it was "aware of a cyber threat actor's ongoing exploitation" of two vulnerabilities in Cisco Catalyst SD-WAN Manager and Catalyst SD-WAN Controller devices. READ MORE...
Trend Micro Patches Critical Apex One Vulnerabilities
TrendAI, the new name of Trend Micro's enterprise business, on Wednesday announced patches for several critical and high-severity vulnerabilities found in the Windows and macOS versions of the Apex One endpoint security solution. A total of eight vulnerabilities have been addressed, including two with a critical severity rating based on their CVSS scores. The critical flaws both impact the Trend Micro Apex One management console. READ MORE...
Fake Zoom meeting leads to silent install of surveillance software
Malwarebytes researchers have uncovered a fake (but convincing) Zoom meeting page that downloads surveillance software on Windows computers and tricks users into running it. According to Microsoft MVP Steven Lim, the page has claimed nearly 1,500 victims in 12 days. Potential victims likely visit the page after getting a meeting invite/link via email or text. The page is made to look like a Zoom waiting room and three scripted fake participants appear to join the call. READ MORE...
Flaws in Claude Code Put Developers' Machines at Risk
Three critical security vulnerabilities in Anthropic's AI-powered coding tool, Claude Code, exposed developers to full machine takeover and credential theft simply by opening a project repository. Anthropic fixed the issues after Check Point Research discovered the flaws and reported it to the company last year. Anthropic plans to introduce additional security features to harden the coding platform and, in the meantime, wants developers to use the latest version of Claude Code. READ MORE...
Zyxel Patches Critical Vulnerability in Many Device Models
Networking provider Zyxel this week released patches for multiple vulnerabilities across dozens of device models, including a critical flaw leading to remote code execution. The critical-severity bug, tracked as CVE-2025-13942 (CVSS score of 9.8), is described as a command injection issue affecting the UPnP feature of 18 routers, ONTs, and wireless extenders. An attacker could exploit the flaw via crafted UPnP SOAP requests to execute OS commands on a vulnerable device. READ MORE...
- ...in 1919, President Woodrow Wilson signs an act of Congress establishing Grand Canyon National Park.
- ...in 1928, early rock 'n' roll musician Antoine "Fats" Domino ("Ain't That A Shame", "Blueberry Hill") is born in New Orleans, LA.
- ...in 1929, President Calvin Coolidge signs an executive order establishing Grand Teton National Park in Wyoming.
- ...in 1932, singer-songwriter Johnny Cash ("I Walk the Line", "Ring of Fire") is born in Kingsland, AR.
