Security News

PLUS: Interpol kills more malware; GoDaddy settles in awful infosec case; Giant stolen creds DB exposed Infosec In Brief Secrets of the Trump administration may have been exposed after a...

Expert tells us: 'It is the most unique breach disclosure I've ever seen' Coinbase says some of its overseas support staff were paid off to steal information on behalf of cybercriminals, and the...

Victims expect to spend considerable time and money over privacy incident, lawyers argue Specialist class action lawyers have launched proceedings against Oracle in Texas over two alleged data breaches.…

1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly –...

Massive OPSEC fail from the side who brought you 'lock her up' Updated Senior Trump administration officials used the messaging app Signal to discuss detailed plans to attack Houthi rebels in...

Massive OPSEC fail from the side who brought you 'lock her up' Senior Trump administration officials used the messaging app Signal to discuss secret government business – including detailed plans...

At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' T-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine...

The US state of Illinois has reduced penalties for breaches of its tough Biometric Information Privacy Act. The first version of BIPA, which came into force in 2008, prohibited orgs doing business in Illinois from acquiring, using, storing, and sharing people's biometric data - think retina scans, face scans, fingerprints, and voiceprints - by any means without proper disclosure and consent.

Exclusive A Microsoft zero-day exploit that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched by the Windows giant in July's Patch Tuesday - but without any credit given to ZDI. The flaw, tracked as CVE-2024-38112, is in MSHTML - Microsoft's proprietary browser engine for Internet Explorer. This entire series of unfortunate events not only highlights problems with Microsoft's bug reporting program, but also the coordinated vulnerability disclosure process in general, according to Childs.

Snowflake said if any customer data was taken from its servers, it may have been obtained by thieves who got hold of individual customers' account credentials - via targeted phishing, some other leak, or malware, for example - and not by a general compromise of Snowflake's security. On Friday, in its now-deleted write-up, Hudson Rock wrote that data thieves claimed to have signed into a Snowflake employee's ServiceNow work account and used this access to siphon databases belonging to as many as 400 Snowflake corporate clients.