Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary “first-day” password so employees can access systems for the first time. The issue is that these passwords don’t always stay temporary. They may be sent […]
The Onboarding Password Mistake That Creates Unnecessary Risk Read More »
The Council of Europe, the continent’s oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. […]
Council of Europe investigates ShinyHunters data breach claims Read More »
The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butchering or romance baiting. […]
FBI: Fraudsters use couriers to steal money in crypto scams Read More »
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. They have been collectively installed 105,000 times. The
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic Read More »
Employees are increasingly building automations, agents, and apps with AI tools outside traditional security oversight. Tines explores how CISOs are handling AI-driven code sprawl, shadow tooling, and governance challenges. […]
Vibe coders are gonna vibe code: How CISOs are tackling code sprawl Read More »
A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. […]
Chinese hackers breach REDCap servers, steal medical research Read More »
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites Read More »
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. “These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs,” Group-IB
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts Read More »
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target’s mailbox, OneDrive, or SharePoint account through a specially crafted URL. […]
New attack turned Microsoft 365 Copilot into 1-click data theft tool Read More »
The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. […]
Infinite Campus data breach affects 137,000 school staff accounts Read More »