The US telecommunications carrier T-Mobile has confirmed that the Lapsus$ ransomware group breached its internal network through compromised employee accounts. However, the company claims that the hackers did not steal any sensitive customer or…

"Hack DHS," the US Department of Homeland Security's (DHS) first bug bounty with external researchers, resulted in the discovery of 122 vulnerabilities, 27 or nearly 22 percent of which were found to be critical. The bug bounty involved over 450 vetted…

Security researchers at application security firm Sonar have discovered that an unpatched vulnerability affecting the RainLoop webmail client can be exploited to hijack a user’s session and steal their emails.  RainLoop is an open source web-based…

LemonDuck botnet operators are targeting Docker instances in a cryptocurrency mining campaign. According to researchers, LemonDuck is a cryptocurrency mining malware with a botnet structure that exploits older vulnerabilities such as the Microsoft…

The US Department of Health and Human Services' (HHS) Health Sector Cybersecurity Coordination Center (HC3) released an analyst note pertaining to the Hive ransomware group, a cybercrime group that has launched several attacks against the healthcare…

The BlackCat ransomware gang has become one of the major ransomware threats. BlackCat, also known as ALPHV, appears to be a descendant of the BlackMatter ransomware group. The group has been in operation since November and has launched significant…

A security researcher named Michael Heinzl has discovered several vulnerabilities, including ones rated critical- and high-severity, in industrial products made by Elcomplus, a Russian company specializing in professional radio communications and…

The FBI is warning that US food supply chains are at risk of potentially devastating ransomware attacks.  A new Private Industry Notification sent out this week claimed that agricultural cooperatives may be viewed as attractive targets during the…

Android devices running on Qualcomm and MediaTek chipsets have been discovered by security analysts to be vulnerable to Remote Code Execution (RCE) attacks. The vulnerability stems from a flaw in the implementation of Apple Lossless Audio Codec (ALAC),…

In a joint warning from the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency, infrastructure providers are cautioned that threat actors have shown the capability to take…

Microsoft was granted a court order to take down seven domains used by APT28, a cyber espionage group sponsored by Russia’s military intelligence. Their goal was to prevent attacks by APT28 on Ukraine online resources. Microsoft was able to redirect…

Hackers using free sites and apps to send phishing emails and to download host malware. A report from infosecurity firm Inky, warns that a free calendar app called Calendly which runs on Microsoft 365 and Google Workspace invites users to click on a new…