Security News
Victims expect to spend considerable time and money over privacy incident, lawyers argue Specialist class action lawyers have launched proceedings against Oracle in Texas over two alleged data breaches.…
1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly –...
Massive OPSEC fail from the side who brought you 'lock her up' Updated Senior Trump administration officials used the messaging app Signal to discuss detailed plans to attack Houthi rebels in...
Massive OPSEC fail from the side who brought you 'lock her up' Senior Trump administration officials used the messaging app Signal to discuss secret government business – including detailed plans...
At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' T-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine...
The US state of Illinois has reduced penalties for breaches of its tough Biometric Information Privacy Act. The first version of BIPA, which came into force in 2008, prohibited orgs doing business in Illinois from acquiring, using, storing, and sharing people's biometric data - think retina scans, face scans, fingerprints, and voiceprints - by any means without proper disclosure and consent.
Exclusive A Microsoft zero-day exploit that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched by the Windows giant in July's Patch Tuesday - but without any credit given to ZDI. The flaw, tracked as CVE-2024-38112, is in MSHTML - Microsoft's proprietary browser engine for Internet Explorer. This entire series of unfortunate events not only highlights problems with Microsoft's bug reporting program, but also the coordinated vulnerability disclosure process in general, according to Childs.
Snowflake said if any customer data was taken from its servers, it may have been obtained by thieves who got hold of individual customers' account credentials - via targeted phishing, some other leak, or malware, for example - and not by a general compromise of Snowflake's security. On Friday, in its now-deleted write-up, Hudson Rock wrote that data thieves claimed to have signed into a Snowflake employee's ServiceNow work account and used this access to siphon databases belonging to as many as 400 Snowflake corporate clients.
NVD published two advisories this week for critical command injection vulnerabilities purportedly impacting Fortinet's FortiSIEM products, but there's more to what meets the eye. BleepingComputer has confirmed that these CVEs are not "New," but duplicates of a previously known FortiSIEM vulnerability and were issued in error.
The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members.