Have I Been Pwned adds 71 million emails from Naz.API stolen account list
Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service.…
Category: Bleeping Computer
Iranian hackers target researchers with new MediaPl malware
Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in…
Bigpanzi botnet infects 170,000 Android TV boxes with malware
A previously unknown cybercrime syndicate named ‘Bigpanzi’ has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015.…
Building robust cybersecurity architecture with open source tools
Cybersecurity architecture refers to the design and structure of an organization’s approach to securing its information systems. It outlines the components, policies, technologies, and processes…
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks
A new vulnerability dubbed ‘LeftoverLocals’ affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. Tracked…
Majorca city Calvià extorted for $11M in ransomware attack
The Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services. Calvià is a historic town…
GitHub rotates keys to mitigate impact of credential-exposing flaw
GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe reflection vulnerability…
MacOS info-stealers quickly evolve to evade XProtect detection
Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.…
Citrix warns of new Netscaler zero-days exploited in attacks
Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. The two zero-days (tracked…
Google fixes first actively exploited Chrome zero-day of 2024
Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. “Google is aware…
Androxgh0st malware botnet steals AWS, Microsoft credentials
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen…
PixieFail flaws impact PXE network boot in enterprise systems
A set of nine vulnerabilities, collectively called ‘PixieFail,’ impact the IPv6 network protocol stack of Tianocore’s EDK II, the open-source reference implementation of the UEFI…