The Justice Department on Tuesday said it has seized infrastructure tied to what officials called one of the world's most prolific criminal marketplaces, used to commit cyber scams and other crimes. The seized cloud computing account hosted backend infrastructure used by subsidiaries of the Huione Group, a Cambodia-based corporate conglomerate. At the same time, the Treasury Department announced fresh sanctions and more against Huione and affiliated companies. READ MORE...
Sometimes it takes a while to detect a vuln. A 29-year-old, Heartbleed-style vulnerability in Squid, a popular open-source caching proxy server, silently leaked users' plaintext HTTP requests and potentially revealed sensitive data, including credentials and session tokens, for decades - until AI (and a few humans) saved the day. A security researcher and Mythos Preview found the flaw and reported it to project maintainers, who fixed the code earlier this month. READ MORE...
Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations continued to run normally and were not affected by the incident. "A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems," a Tata Electronics spokesperson told BleepingComputer. Tata Electronics is a division of an Indian multinational conglomerate. READ MORE...
An Algerian national accused of running online marketplaces that sold phishing kits and fraud tools has been extradited from Spain to the United States to face bank fraud conspiracy charges. The investigation began in September 2020 when FBI agents discovered Market0Day, an online marketplace operated by a cybercriminal using the alias "SPOX." Prosecutors later identified the administrator as Abdellah Belmili, who promoted the platform through his Telegram channel, @SpoxCoder. READ MORE...
The latest wave of Salesforce data thefts impacted several technology and cybersecurity companies, and the extortion group behind the attacks indicated more victims are coming. The attacks first came to light June 17 when Salesforce disabled integration with Klue's Battlecards application following a breach at the app vendor. Cybersecurity vendor Huntress was the first company to publicly acknowledge its Salesforce data had been compromised. READ MORE...
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial. READ MORE...
Most people have heard of the dark web, but few understand what it actually looks like or what goes on there. To separate fact from fiction, our research team spent 48 hours exploring it firsthand and documenting what we found. The dark web isn't inherently bad. It also serves legitimate purposes, providing a layer of privacy for journalists, whistleblowers, activists, and others who need to communicate anonymously. READ MORE...
LastPass is the latest cybersecurity firm to have disclosed the impact from the Klue hack, which resulted in unauthorized access to customers' Salesforce instances. A threat actor calling itself Icarus used a compromised legacy credential to access Klue's systems and generate OAuth tokens to breach third-party platforms Klue integrates with, such as Salesforce. Icarus then accessed the connected Salesforce instances and exfiltrated data in bulk, using automated scripts. READ MORE...
Threat actors have been targeting three critical-severity vulnerabilities in Ubiquiti devices, the US cybersecurity agency CISA warns. The exploited flaws, tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, with a CVSS score of 10/10, were patched last month. CVE-2026-34908 is described as an improper access control issue that could allow remote attackers to make unauthorized changes to vulnerable UniFi OS devices. READ MORE...
A new class of CI/CD workflow weakness enables attackers to use malicious pull requests to compromise software supply chains. Elad Meged, founding engineer and security researcher at penetration-testing firm Novee, published a blog post today covering a weakness dubbed "Cordyceps" that exists across code repositories at organizations large and small. The issue behind Cordyceps involves pull requests made before a software code change is merged into the main repository. READ MORE...