Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices. READ MORE...
A blood center has begun sending data breach notifications to its users after suffering a ransomware attack and theft of personal data. The New York Blood Center's (NYBC) suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a subset of files. The security incident was first noticed on January 26, 2025, but this week NYBC has started notifying victims. READ MORE...
Bridgestone Americas is continuing to investigate a cyberattack that disrupted operations at certain facilities and said it expects to return to normal operations within days. The tire company, a subsidiary of Japan-based Bridgestone, said it was impacted by a "limited cyber incident" that forced it to pause operations at certain manufacturing locations. Bridgestone Americas remains confident that it was able to contain the attack early on in the process. READ MORE...
Jaguar Land Rover (JLR) has admitted that the recent cyberattack, which caused factory shutdowns, also resulted in data being compromised. The incident came to light in early September, when the British carmaker, which is owned by India's Tata Motors, announced severe disruptions to dealership and manufacturing operations. The cyberattack forced the company to disconnect some systems, which led to factories getting shut down and workers being instructed to stay at home. READ MORE...
Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018. Kosovar authorities arrested the 33-year-old defendant (also known online as @blackdb) on December 14, 2024. He was extradited to the United States on May 9, 2025, and detained following his court appearance in Tampa on May 12. Masurica was the lead administrator of the online criminal marketplace BlackDB.cc. READ MORE...
The Department of Justice unsealed an indictment against a Ukrainian national alleged to be central to a ransomware campaign affecting hundreds of companies worldwide. Volodymyr Viktorovych Tymoshchuk, known online as "deadforz," "Boba," "msfv," and "farnetwork," is accused of developing and deploying ransomware variants Nefilim, LockerGoga, and MegaCortex, all of which have been used in attacks on prominent organizations in the United States, Europe, and elsewhere since at least 2018. READ MORE...
Threat actors are exploiting exposed Docker APIs to deploy malware and cryptocurrency miners and potentially create a new botnet, Akamai's security researchers warn. Initially detailed by Trend Micro in June, the attacks start with a request to the exposed API to retrieve a list of containers, followed by the creation of a new container based on the Alpine Docker image. Next, the attackers mount the host root to the fresh container. READ MORE...
The US Department of Defense, up until this week, routinely left its social media accounts wide open to hijackers via stream keys - unique, confidential identifiers generated by streaming platforms for broadcasting content. If exposed, these keys can allow attackers to output anything they want from someone else's channel. This was revealed by The Intercept's most recent investigation, which found that the Pentagon posted stream keys on one of its websites. READ MORE...
As hackers exploit a high-severity vulnerability in SAP's flagship Enterprise Resource Planning software product, the software maker is warning users of more than two dozen newly detected vulnerabilities in its other widely used products, including a security flaw with a maximum-severity rating of 10. SAP on Tuesday said the highest-severity vulnerability was found in NetWeaver, a platform that serves as the technical foundation for many of the company's other enterprise applications. READ MORE...
Two ethical hackers say they have uncovered massive security vulnerabilities in the platforms hosted by Restaurant Brands International (RBI). RBI is one of the world's largest quick service restaurant companies. It was formed in 2014 through a $12.5 billion merger of the American fast food chain Burger King and the Canadian coffee and restaurant chain Tim Hortons. Since then, RBI has expanded its brand portfolio to include Popeyes Louisiana Kitchen, acquired in 2017, and Firehouse Subs. READ MORE...
Deception and media manipulation have always been part of warfare, but AI has taken them to a new level. Entrust reports that deepfakes were created every five minutes in 2024, while the European Parliament estimates that 8 million will circulate across the EU this year. Technologies are capable of destabilizing a country without a single shot being fired. Humans respond faster to bad news and are more likely to spread it. On top of that, they are very bad at detecting fake information. READ MORE...