Advertisement

FBI Warns: Russian APTs Target Signal Backup Keys via Phishing
FBI and CISA warn of Russian intelligence targeting Signal users. Attackers phish for backup recovery keys, enabling full account takeover and message history access.

Microsoft Copilot 'SearchLeak' Attack: AI Prompt Injection Data Theft
Analysis of the critical Microsoft Copilot 'SearchLeak' attack. Learn how prompt injection allowed 1-click data theft and crucial defense strategies for AI applications.

ShinyHunters Exploits Oracle ERP Zero-Day to Breach Higher Ed
ShinyHunters is exploiting an unpatched zero-day vulnerability in Oracle ERP software, targeting US higher education institutions for data theft. Learn mitigation
UNC3753 Targets US Law Firms with Vishing & Physical Intrusions
UNC3753 (Luna Moth) leverages vishing and physical office intrusions to steal sensitive data from US law firms and professional services, leading to swift extortion.

China's Dual-Method Cyberattack Targets Czech, Taiwan Orgs with Azureveil
Nation-state actors linked to China employ dual-method spear-phishing with Azureveil malware to target Czech and Taiwan organizations for data theft. Understand the TTPs
Radiology Associates of Richmond Breach Affects 266,000 Patients
A data breach at Radiology Associates of Richmond has exposed the sensitive health and personal information of over 266,000 individuals.
MacSync Stealer Distributed via Malicious Homebrew Ad Campaign
Malicious ads for Homebrew distribute MacSync Stealer, targeting macOS users. Threat actors leverage trusted software to deploy data-stealing malware.

OpenEMR Flaws: Database Compromise, RCE, and Patient Data Theft Risks
Analysis of 38 security flaws in OpenEMR, an EHR platform used by over 100,000 healthcare providers, enabling database compromise, RCE, and data theft.
Compromised Checkmarx KICS: Supply Chain Attack on Developer Environments
A supply chain attack compromised Checkmarx KICS Docker images and extensions, exposing developer environments to sensitive data theft. Learn mitigation.

Sapphire Sleet's ClickFix: North Korea Targets macOS Users
North Korea-backed Sapphire Sleet is deploying ClickFix malware via fake job offers and phony Zoom updates to steal macOS user credentials and data. Learn how to detect

UAC-0247 Targets Ukrainian Healthcare via Data-Theft Malware
UAC-0247 is targeting Ukrainian clinics and government entities using malware designed to steal data from WhatsApp and Chromium-based browsers.
Mercor Hit by LiteLLM Supply Chain Attack – Lapsus$ Claims 4TB Data Theft
AI recruiting firm Mercor is investigating a LiteLLM supply chain attack, with Lapsus$ claiming to have stolen 4TB of sensitive data.