Telus Digital confirms hack as ShinyHunters claims credit for massive data theft
Hackers breached the Canadian process-outsourcing giant Telus Digital and may have accessed data belonging to the firm's customers, which include major telecommunications, financial services, healthcare and media businesses. "All business operations … remain fully operational and there is no evidence of disruption to customer connectivity or services," Telus Digital said in a statement late last week. READ MORE...
Stryker attack raises concerns about role of device management tool
A suspected wiper attack against medtech giant Stryker has led much of the security community to examine the role of Microsoft Intune. Stryker, a Portage, Mich.-based specialist in surgical equipment, was hacked last week in an attack that affected thousands of mobile devices and other systems. The company, in a regulatory filing, confirmed the attack impacted its Microsoft environment and warned in a customer update that its electronic ordering systems remain unavailable. READ MORE...
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
Attackers have found yet another innovative way to conduct phishing attacks by abusing the customer support platform LiveChat, using real-time social engineering to steal a range of sensitive user data. Researchers from Cofense's Phishing Defense Center (PDC) discovered a campaign that impersonates Amazon and PayPal to engage with victims via online chat, coercing them through what seems like a trusted, personal interaction to share data such as account credentials, credit card details, etc. READ MORE...
Cybercrime has skyrocketed 245% since the start of the Iran war
Cybercrime has skyrocketed since the start of the Iran war, according to Akamai, which reports a 245 percent increase in everything from credential harvesting attempts to automated reconnaissance traffic aimed at banks and other critical businesses. Banking and fintech have been the hardest hit, accounting for 40 percent of the malicious traffic since February 28, , followed by e-commerce (25%), video games (15%), technology firms (10%), and media and streaming services (7%). READ MORE...
GlassWorm Malware Evolves to Hide in Dependencies
The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research. GlassWorm is a family of malware that first emerged last year with the goal of infecting software developers with infostealers, which attackers would use for downstream attacks. A developer would download a component poisoned by GlassWorm, the malware would steal secrets and credentials, and then the attacker would abuse this access to publish poisoned versions of projects. READ MORE...
Hacked sites deliver Vidar infostealer to Windows users
In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on convincing people to run malicious commands themselves. Our researchers have recently detected a campaign that ultimately delivers the Vidar infostealer, using several different infection chains. READ MORE...
Zombie ZIP method can fool antivirus during the first scan
A researcher published "Zombie ZIP," a simple way to change the first part (header) of a ZIP file so it falsely claims its contents are uncompressed while they are actually compressed. Many antivirus products trust that header and never properly decompress or inspect the real payload. In tests conducted about a week after disclosure, around 60 of 63 common antivirus suites failed to detect malware hidden this way-roughly 95% of engines let it pass. READ MORE...
CISA Flags Year-Old Wing FTP Vulnerability as Exploited
The US cybersecurity agency CISA on Monday warned that a year-old Wing FTP vulnerability has been exploited in the wild. A free secure FTP server for Windows, macOS, and Linux, Wing FTP supports multiple file transfer protocols and allows administrators to manage and monitor the server remotely from a web-based interface. Tracked as CVE-2025-47813, the medium-severity flaw could lead to the disclosure of the full local installation path of the application. READ MORE...
It's time to get serious about post-quantum security. Here's where to start.
After decades of development, quantum computing is now becoming increasingly available for advanced scientific and commercial use. The potential marvels range from accelerating drug discovery and materials science, to optimizing complex logistics and financial modeling. But there's a paradox to this trend: Quantum computing also poses a growing threat to data security. The risk is that currently used security methods could eventually be broken by malicious actors using quantum computing. READ MORE...
- ...in 1905, Albert Einstein finishes his scientific paper detailing his quantum theory of light, which was universally rejected until later experiments led to its acceptance.
- ...in 1948, science fiction author William Gibson, whose 1984 novel "Neuromancer" helped popularize the concept of cyberspace, is born in Conway, SC.
- ...in 1959, Tenzin Gyatso, the 14th Dalai Lama, flees Tibet for India, where he lives in exile to this day.
- ...in 1969, Golda Meir becomes the first female Prime Minister of Israel.
