On December 15, 2022, a ransomware attack on an Australian firefighting and rescue service was carried out by Vice Society, a group notorious for targeting K-12 schools. The Fire Rescue Victoria (FVR) is responsible for 85 fire stations, most of which…

The infamous Russia-backed LockBit ransomware group has been identified as a potential culprit behind the recent cyber incident involving the UK's postal service.  On January 11, 2023, while Royal Mail's international deliveries were severely…

Two insurance companies have revealed that millions of Japanese customers’ details were hacked and put up for sale after a third-party contractor was reportedly breached.  Statements from Aflac and Zurich don’t name the breached supplier.  In…

The governors of North Carolina and Wisconsin are the latest to ban government officials from using TikTok amid growing fears over national security and user data safety on the Chinese-owned social media platform.  Wisconsin Gov. Tony Evers banned…

Magecart is a continually growing network of gangs specializing in installing card skimmers on e-commerce websites in order to steal credit card information. Over the years, groups affiliated with the syndicate have carried out numerous and, at times,…

A recently patched critical vulnerability in Control Web Panel (CWP), formerly known as CentOS Web Panel, is being exploited by hackers. This tool is used to manage servers. The security flaw, tracked as CVE-2022-44877, has a critical severity rating of…

A critical vulnerability in FortiOS SSL-VPN, tracked as CVE-2022-42475, for which Fortinet released updates in November 2022, has been exploited by attackers to compromise government or government-related targets, according to the company. According to…

Remote Access Trojans (RATs) such as StrRAT and Ratty are being delivered as a combination of polyglot and malicious Java archive (JAR) files, further demonstrating how threat actors are constantly discovering new ways to evade detection. Simon Kenin, a…

The Department of Energy (DOE) is seeking cybersecurity-savvy innovators to join the second cohort of its Clean Energy Cybersecurity Accelerator (CECA) program. DOE is searching for ways to inventory all systems connected to the energy grid, including…

The Chromium vulnerability (tracked CVE-2022-3656) discovered by Imperva security researchers in July 2022 and patched in September could still affect 2.5 billion users if they don't update their browsers.  Security researchers at Imperva stated…

Exploitation of a critical vulnerability affecting the widely used SugarCRM customer relationship management system was seen just days after someone made public an exploit.  It is currently unclear how long the vulnerability has been known and…

British news organization The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022.  The company fell victim to the attack just days before Christmas, when it instructed staff to work from home,…