Security News

The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. CertiK's gold-verified X account was compromised in a social engineering attack by a threat actor using another hacked account described by the company as "Associated with a well-known media."

Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack...

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.

The FBI revealed this week that they hacked the BlackCat/ALPHV ransomware operation, which raked in $300 million from over 1,000 victims. Retrieving 400 decryption keys and likely more data from the hacked servers has significantly tarnished the ransomware operation's reputation.

The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, military intelligence officers breached Russia's federal taxation service central servers and 2,300 regional servers across Russia and occupied Ukrainian territories.

The Japan Aerospace Exploration Agency was hacked in a cyberattack over the summer, which may have put sensitive space-related technology and data at risk. The security breach was discovered this autumn when law enforcement authorities alerted Japan's space agency that its systems were compromised, as first reported by The Yomiuri Shimbun.

Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for overseeing the civil aviation industry in Russia, keeping records of flight or emergency incidents.

Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but thousands of systems continue to be compromised, internet scans show.

Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance systems, and NAS devices from Canon, Synology, Sonos, TP-Link, QNAP, Wyze, Lexmark, and HP. Interrupt Labs security researchers were the first to demo a Samsung Galaxy S23 zero-day in an improper input validation attack, while the ToChim team exploited a permissive list of allowed inputs to hack Samsun's flagship.