Security

Scammers really like to impersonate Microsoft

If you get a phishing email impersonating a known brand, it will most likely masquerade as Microsoft.
Read more about Scammers really like to impersonate Microsoft

Network security firm SonicWall warns about critical vulnerability affecting its gateways

SonicWall, a network security solutions provider, alerts users about a critical 9.8 out of 10 vulnerability affecting its widely used unified, secure access gateways from the SMA 1000 series. Hackers are already exploiting the flaw.
Read more about Network security firm SonicWall warns about critical vulnerability affecting its gateways

Entire Georgian country population exposed in a massive data leak

A ghost database containing millions of records on Georgian citizens appeared in the cloud and then mysteriously vanished. The concerning leak potentially leaves sensitive personal data vulnerable to malicious actors.
Read more about Entire Georgian country population exposed in a massive data leak

Stealthy Chinese hackers target VPN users via infected installer

China-aligned attackers known for cyber espionage have launched a supply-chain attack targeting IPany VPN.
Read more about Stealthy Chinese hackers target VPN users via infected installer

Where are the Fortinet admins? Nearly 50K devices left unpatched and widely exploited

Nearly 50,000 vulnerable Fortinet devices are still accessible online despite the rushed patch addressing a widely exploited zero-day and security authorities. The critical flaw is an open door, allowing hackers to gain super-admin privileges.
Read more about Where are the Fortinet admins? Nearly 50K devices left unpatched and widely exploited

Companies who pay off ransomware attackers rarely get their data back, survey shows

Less than one fifth of companies who pay a ransom demand to their attackers have successfully been able to retrieve all of their data after the transaction.
Read more about Companies who pay off ransomware attackers rarely get their data back, survey shows

Largest DDoS attacks now torture servers with up to 5.6 Tbps

Cloudflare saw the number of distributed Denial of Service (DDoS) attacks surge by 53% in 2024. One record-breaking DDoS attack peaked at 5.6 Terabits per second (Tbps).
Read more about Largest DDoS attacks now torture servers with up to 5.6 Tbps

Restaurant booking platforms overrun with bots trying to steal data, researchers warn

A new analysis of restaurant booking websites shows that 100% of online reservation platforms lack robust security measures, leaving them and your data at risk to savvy attackers.
Read more about Restaurant booking platforms overrun with bots trying to steal data, researchers warn

New Russian campaign abuses Microsoft Teams to exfil data

Threat researchers have uncovered two new active campaigns abusing the Microsoft Office 365 platform to steal companies’ data and deploy ransomware. The threat actors are connected to Russian cybercriminals.
Read more about New Russian campaign abuses Microsoft Teams to exfil data

New Chinese AI model bites OpenAI, just don’t ask it about Tiananmen and Winnie-the-Pooh

DeepSeek has released a new open-source large language model (LLM) and claims it’s on par with the best from OpenAI. Yet, it won’t answer questions about Tiananmen Square, Tank Man, Winnie-the-Pooh, Taiwan, or even Chinese cyber threat actors.
Read more about New Chinese AI model bites OpenAI, just don’t ask it about Tiananmen and Winnie-the-Pooh

Dangerous new Nnice ransomware laughs at victims by replacing file extensions with ‘.xdddd’

A new ransomware variant has appeared on various underground forums. The CYFIRMA Research and Advisory team has reported on Nnice Ransomware, which employs advanced encryption techniques and sophisticated methods for evasion and persistence.
Read more about Dangerous new Nnice ransomware laughs at victims by replacing file extensions with ‘.xdddd’

FBI and CISA alert software vendors: stop hardcoding secrets, use secure cryptography

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are urging vendors to prioritize security to reduce customer risk. The updated guidance for critical software vendors adds three bad practices and other recommendations.
Read more about FBI and CISA alert software vendors: stop hardcoding secrets, use secure cryptography

US Treasury sanctions Chinese cybersecurity firm and hacker behind US network breaches

A cybersecurity company from Sichuan and a hacker from Shanghai recently hacked multiple major US telecoms and internet service providers and compromised the network infrastructure.
Read more about US Treasury sanctions Chinese cybersecurity firm and hacker behind US network breaches

How to disable Apple Intelligence features and why you should do it

Users aren’t satisfied with the Apple Intelligence features, so here’s how to turn them off.
Read more about How to disable Apple Intelligence features and why you should do it

Hacker withdraws from Anonymous: it was overwhelming

One of the primary reasons I had to withdraw from Anonymous was the overwhelming number of CSAM links and screenshots.
Read more about Hacker withdraws from Anonymous: it was overwhelming

Supreme Court upholds law to ban TikTok this Sunday

The US Supreme Court on Friday handed down its decision to uphold a bipartisan law requiring ByteDance, the Chinese-owned parent company of TikTok, to divest from the app or cease operations in the US on Sunday, January 19th.
Read more about Supreme Court upholds law to ban TikTok this Sunday

Europol-led operation is going after criminals’ wallets

Project A.S.S.E.T. – Asset Search and Seize Enforcement Taskforce – ended on January 17th, 2025, and identified dozens of properties, over 220 bank accounts, and millions in assets.
Read more about Europol-led operation is going after criminals’ wallets

Cyber pros skeptical of Biden’s last-minute cybersecurity executive order

President Joe Biden signed a broad executive order on cybersecurity aimed at containing malicious cyber-enabled threats, such as attacks against critical infrastructure, ransomware, other intrusions, and sanction evasion. The document expands the criteria to designate individuals and entities for sanctions.
Read more about Cyber pros skeptical of Biden’s last-minute cybersecurity executive order