Security News

A novel acoustic attack named 'PIXHELL' can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. [...]

93GB of info feared pilfered in Montana by heartless crooks Planned Parenthood of Montana's chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law...

French police reckon financial system targeted during Summer Games Nearly four weeks after the cyberattack on dozens of French national museums during the Olympic Games, the Brain Cipher...

Microsoft has released a new Windows 10 22H2 beta (KB5041582) with memory leak and crash fixes for Insiders in the Beta and Release Preview channels. [...]

In what's a case of an operational security lapse, the operator behind a new information stealer called Styx Stealer leaked data from their own computer, including details related to the clients, profit information, nicknames, phone numbers, and email addresses. Styx Stealer, a derivative of the Phemedrone Stealer, is capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency wallet information, cybersecurity company Check Point said in an analysis.

US authorities have named Iran as the likely source of a recent attack on the campaign of the US Republican Party's presidential nominee, Donald Trump. One of those efforts, the statement asserts, resulted in compromise of the Trump campaign and subsequent leaking of documents.

Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum. [...]

Unpatched MS Office flaw may leak NTLM hashes to attackersA new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Key metrics for monitoring and improving ZTNA implementationsIn this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access implementation, focusing on balancing security with operational efficiency.

According to USDoD, the stolen data was collected by NPD between 2019 and 2024. After weeks of silence, and countless people starting to get alerts from privacy and anti-fraud services that their personal info has been leaked, NPD has, in cagey language, confirmed it was compromised and that its data was stolen and shared.

A new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Once attackers get a victim's NTLM hash, they can relay it another service and authenticate as the victim.