Security News

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. "Attackers have been observed...

​Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. [...]

Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. “We’re seeing active...

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously...

Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. [...]

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor. The latest advisory comes...

Fortinet, a leading cybersecurity company, has confirmed a data breach after a threat actor, using the alias "Fortibitch," claimed to have stolen 440GB of data from its Microsoft SharePoint server hosted on Azure. Fortinet provides secure networking products like firewalls, routers, and VPNs, alongside services like SIEM, EDR/XDR, and consulting. The breach was first reported on a hacking forum, where the attacker shared credentials to an S3 bucket allegedly containing the stolen files. While the threat actor attempted to extort Fortinet, the company refused to pay the ransom.Fortinet has acknowledged that a limited amount of customer data was stolen from a third-party cloud-based file drive. However, the company did not disclose the exact number of customers affected or the type of compromised data. Fortinet later updated its website, clarifying that less than 0.3% of its customer base was impacted and that no malicious activity had been directed toward these customers as a result of the breach. Additionally, Fortinet assured that the incident did not involve ransomware, data encryption, or unauthorized access to its corporate network.

Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software. [...]

Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate." [...]

The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The...