Security News

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from...

Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals. The company discovered a data security breach on March 10, 2024, which affected some of its corporate systems but left in-store systems, operations, and guest experience unaffected.

LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. According to researchers at mobile security company Lookout, campaigns using this phishing kit also targeted cryptocurrency platforms Binance, Coinbase, Kraken, and Gemini, using pages that impersonated Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. During its investigations, LastPass discovered that its service was recently added to the CryptoChameleon kit, and a phishing site was hosted at at the "Help-lastpass[.]com" domain.

At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 routers vulnerable to a command injection security issue reported and addressed last year. Yesterday, Fortinet issued another warning saying that it observed a surge in the malicious activity exploiting the vulnerability, noting that it originated from six botnet operations.

CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. CISA says Russian Foreign Intelligence Service operatives now use information stolen from Microsoft's corporate email systems, including the authentication details shared between Microsoft and its customers by email, to gain access to certain customer systems.

The U.S. Cybersecurity and Infrastructure Security Agency is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations. Today, CISA says the incident also affects critical infrastructure sector organizations in the United States, with the agency now working with partners in the private sector to assess its impact.

The U.S. Cybersecurity and Infrastructure Security Agency is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations. Today, CISA says the incident also affects critical infrastructure sector organizations in the United States, with the agency now working with partners in the private sector to assess its impact.

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. The Board finds that this intrusion was preventable and should never have occurred.

In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case...

Electronic Arts has postponed the North American finals of the ongoing Apex Legends Global Series after hackers compromised players mid-match during the tournament. The hack resulted in the player being able to see the positions of all other players on the map, giving him an unfair competitive advantage.