HR giant Workday discloses data breach after Salesforce attack
Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. Headquartered in Pleasanton, California, Workday has over 19,300 employees in offices across North America, EMEA, and APJ. Workday's customer list comprises over 11,000 organizations across a diverse range of industries, including more than 60% of the Fortune 500 companies. READ MORE...
Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets
Web hosting entities in Taiwan have been in the crosshairs of a Chinese APT looking to establish long-term access to high-value targets, Cisco Talos reports. Tracked as UAT-7237 and believed to be active since 2022, the threat actor is likely a division of the hacking group that Talos tracks as UAT-5918, which overlaps with Chinese APTs such as Volt Typhoon and Flax Typhoon. UAT-7237 was seen exploiting known vulnerabilities in internet-facing servers. READ MORE...
Mobile Phishers Target Brokerage Accounts in 'Ramp and Dump' Cashout Scheme
Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks. READ MORE...
Cybersecurity ranks among top three risks to manufacturing sector
Manufacturing companies consider cybersecurity their third most significant risk, trailing only inflation and economic growth, according to a report released Wednesday by Rockwell Automation. More than half of manufacturers said securing their operational technology (OT) assets is a primary factor in their technology investments. In addition, almost two-thirds of manufacturers have adopted a security platform for their operational technology. READ MORE...
Someone's poking the bear with infostealers targeting Russian crypto developers
Researchers at software supply chain security outfit Safety think they've found malware that targets Russian cryptocurrency developers, and perhaps therefore Russia's state-linked ransomware crews. Safety's head of research Paul McCarty last week revealed his discovery of npm packages that he wrote "targeted the Solana cryptocurrency ecosystem and pretend to 'scan' for Solana SDK components." READ MORE...
New Crypto24 Ransomware Attacks Bypass EDR
Researchers spotted a new Crypto24 ransomware campaign that they say marks a "dangerous evolution" in the threat landscape. According to Trend Micro researchers, recent attacks by Crypto24 actors display a combination of advanced evasion techniques and custom tools that can disable EDR solutions - including Trend Micro's own Vision One platform. Crypto24 was first spotted in 2024 but hadn't made much of impact until recently. READ MORE...
National Public Data returns after massive Social Security Number leak
Remember that data broker nobody had ever heard of, but managed to leak a database which contained the data of some 2.9 billion people? It's back, and this time with a search function. National Public Data suffered an alleged breach in 2024 against a data base that, it turned out, carried 272 million unique social security numbers (SSNs.) After the fall-out of the aforementioned leak and others, the site shut down in December amid a wave of lawsuits against parent company Jerico Pictures. READ MORE...
Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities
More than 870 internet-exposed N-able N-central instances are running versions affected by two exploited vulnerabilities, data from The Shadowserver Foundation shows. The security defects, tracked as CVE-2025-8875 and CVE-2025-8876, are described as an insecure deserialization issue and a command injection bug, respectively. The flaws were disclosed on August 13, when N-able announced that patches for them were included in version 2025.3 of its remote monitoring and management (RMM) product. READ MORE...
- ...in 1868, French astronomer Pierre Janssen discovers helium while studying the Sun's spectrum during a solar eclipse.
- ...in 1956, Elvis Presley's single "Don't Be Cruel" (with B-side "Hound Dog") reaches #1 on the Pop, Country, and R&B charts.
- ...in 1963, James Meredith becomes the first African-American student to graduate (with a degree in political science) from the previously segregated University of Mississippi.
- ...in 1982, Pete Rose sets a record with his 13,941st plate appearance.
