Hackers stole email addresses and other personal information from 1.4 million accounts after breaching the systems of automated investment platform Betterment in January. Betterment provides a mix of automated investment tools and financial advisory services and is considered a pioneer in the U.S. "robo-advisory" sector. In total, the fintech firm manages $65 billion in assets for more than one million customers. READ MORE...
Newsletter platform Substack is notifying users of a data breach after attackers stole their email addresses and phone numbers in October 2025. Although the incident occurred four months ago, CEO Chris Best told affected users that Substack only discovered the breach this week. However, while the attackers stole some users' data, Best added that they didn't access credentials or financial information. READ MORE...
Italy's foreign minister says the country has already started swatting away cyberattacks from Russia targeting the Milano Cortina Winter Olympics. Antonio Tajani told reporters on Wednesday that a series of cyberattacks targeted some of the government's foreign offices, including the one in the US capital. He said they were "of Russian origin," but did not specify whether this appeared to be state-backed activity, nor provide details about the nature of the attacks, AP reported. READ MORE...
Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software's EnCase digital forensics tool, Huntress researchers warn. This particular driver is legitimate but its certificate expired and was revoked more than ten years ago. Even so, Windows still allows it to load. A custom encoding scheme hides the encoded driver from security solutions. READ MORE...
In a novel approach to spear phishing, threat actors are using Windows screensaver files (.scr) to get past defender lines and compromise organizations. ReliaQuest Threat Research published research today detailing how attackers lured multiple users into running a Windows screensaver file, which installs a remote monitoring and management (RMM) tool, giving the attacker interactive remote control over the target's operating system. READ MORE...
The SystemBC malware loader has survived a law enforcement takedown attempt and has ensnared over 10,000 machines in a botnet, cybersecurity firm Silent Push warns. Also known as Coroxy and DroxiDat, SystemBC has been around since at least 2019 and is known for acting as a backdoor and for abusing infected machines for traffic proxying. Historically, the malware has also been involved in the distribution of ransomware and other malicious payloads. READ MORE...
Police officers from Poland's Central Bureau for Combating Cybercrime (CBZC) have arrested a 20-year-old man suspected of carrying out global DDoS attacks targeting high-profile and strategically important websites. The suspect faces six criminal charges, including disrupting IT systems and obtaining specialized software designed to conduct cyberattacks. If convicted, he could be sentenced to up to five years in prison. READ MORE...
Mountain View, California, pulled the plug on its entire license plate reader camera network this week. It discovered that Flock Safety, which ran the system, had been sharing city data with hundreds of law enforcement agencies, including federal ones, without permission. Flock Safety runs an automated license plate recognition (ALPR) system that uses AI to identify vehicles' number plates on the road. READ MORE...
Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more than half a dozen countries, researchers said Wednesday. The threat group, tracked under names including APT28, Fancy Bear, Sednit, Forest Blizzard, and Sofacy, pounced on the vulnerability, less than 48 hours after Microsoft released an urgent, unscheduled security update late last month. READ MORE...
Two months after a critical vulnerability was disclosed in React Server Components, researchers warn of a significant change in threat activity targeting the flaw. The original vulnerability, tracked as CVE-2025-55182, allows an unauthenticated attacker to achieve remote code execution due to unsafe deserialization of payloads. The initial wave of attacks in December led to hundreds of systems being compromised as state-linked threat groups and other actors engaged in widespread exploitation. READ MORE...