A new study from Armorblox researchers warns of a malicious email campaign aimed at stealing login credentials by tricking users into believing attacker-sent emails are from DocuSign. The initial detection of the attack, which targeted more than 10,000…

Two Florida medical professionals have recently been found guilty of various offenses by a federal jury after defrauding the government Medicare scheme out of tens of millions of dollars.  Chiropractor Dean Zusmer, 54, of Miami, was convicted of "…

A popular chain of convenience stores and gas stations exposed employee and customer information to the public. Circle K owner Couche-Tard runs about 14,000 stores globally, and has sold 12 billion liters of gas during the previous quarter. In the US,…

A leading Taiwanese hardware manufacturer is urging its customers to patch a critical vulnerability in devices running the QTS or QuTS hero firmware.  Network-attached storage (NAS) device maker QNAP stated that CVE-2022-27596 impacts QTS 5.0.1 and…

Google Fi has confirmed a data breach, possibly related to the recent security breach at T-Mobile that allowed hackers to steal the information of millions of customers. Google stated in an email to consumers that the primary network provider for Google…

Killnet, a pro-Russia group, has launched a series of Distributed Denial-of-Service (DDoS) attacks against healthcare organizations and hospitals in the US. The group revealed the attacks on its Telegram channel and demanded action against the US…

According to Microsoft, unknown attackers have used malicious third-party OAuth apps with a "Publisher identity verified" badge to target companies in the UK and Ireland. The attacks were identified by Proofpoint researchers around the beginning of…

A bug-bounty hunter discovered a vulnerability in Meta's Instagram Application Programming Interface (API) endpoints that could enable an adversary to conduct brute-force attacks and circumvent two-factor authentication (2FA) on Facebook. Gtm Manôz is…

After gaining access to some of GitHub's development and release planning repositories, unidentified attackers stole encrypted code-signing certificates for its Desktop and Atom programs. GitHub has not yet found evidence that the password-protected…

The Russia-affiliated Sandworm used yet another wiper malware strain named NikoWiper as part of an attack in October 2022 targeting an energy sector company in Ukraine. ESET disclosed that the NikoWiper is built on SDelete, a command line utility from…

A New York woman has recently been jailed after pleading guilty to offenses related to a fraud scheme that stole millions in COVID relief funds.  Sherry Joseph, 34, pleaded guilty to conspiracy to commit wire fraud back on November 10, 2022, and was…

According to the Identity Theft Resource Center (ITRC), data breach disclosures that included specific details for consumers dropped dramatically in 2022.  Of the 1,802 breaches the group tracked in 2022, 66% did not include victim and attack…