SecOps News
Get this as an RSS feed
- Disruption with some GitHub services (12 minutes ago)
- Disruption with some GitHub services (25 minutes ago)
- Scholars sneaking phrases into papers to fool AI reviewers (44 minutes ago)
- CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands (2 hours ago)
- Employee gets $920 for credentials used in $140 million bank heist (3 hours ago)
- Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild (4 hours ago)
- Atomic macOS infostealer adds backdoor for persistent attacks (4 hours ago)
- SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools (5 hours ago)
- Qantas is being extorted in recent data-theft cyberattack (5 hours ago)
- ‘Batavia’ Windows spyware campaign targets dozens of Russian orgs (5 hours ago)
- Employee arrested after Brazil’s central bank service provider hacked for US $140 million (7 hours ago)
- Hackers abuse leaked Shellter red team tool to deploy infostealers (7 hours ago)
- The 5 CISA Domains Explained (8 hours ago)
- Move over bit barns, here come Japan’s floating bit barges (8 hours ago)
- Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks (8 hours ago)
- Game, set, botch: AI umpiring at Wimbledon goes long (9 hours ago)
- Ingram Micro Scrambling to Restore Systems After Ransomware Attack (9 hours ago)
- Phishing platforms, infostealers blamed as identity attacks soar (10 hours ago)
- ⚡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More (11 hours ago)
- Manufacturing Security: Why Default Passwords Must Go (11 hours ago)
- AI scores a huge own goal if you play up and play the game (14 hours ago)
- Yes, I wrote a very expensive bug. In my defense I was only seven years old at the time (15 hours ago)
- VMware’s rivals ramp up their efforts to create alternative stacks (17 hours ago)
- TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors (17 hours ago)
- Atlassian migrated 4 million Postgres databases to shrink AWS bill (21 hours ago)
- OpenAI says GPT-5 will unify breakthroughs from different models (22 hours ago)
- Hands on with Windows 11 Notepad’s new markdown support (22 hours ago)
- ChatGPT is testing disruptive Study Together feature (23 hours ago)
- Stalkerware firm gets scooped by SQL-slinging security snoop (1 days ago)
- Ingram Micro confirms ransomware behind multi-day outage (1 days ago)
- Ingram Micro outage caused by SafePay ransomware attack (2 days ago)
- Massive spike in use of .es domains for phishing abuse (2 days ago)
- Police in Brazil Arrest a Suspect Over $100M Banking Hack (2 days ago)
- Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties (2 days ago)
- Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS (2 days ago)
- ChatGPT Deep Research tests new connectors for more context (3 days ago)
- Ousted US copyright chief argues Trump did not have power to remove her (3 days ago)
- Microsoft finally bids farewell to PowerShell 2.0 (3 days ago)
- Technical difficulties or cyber attack? Ingram Micro’s website goes down just in time for the holiday weekend (3 days ago)
- Catwatchful stalkerware app spills secrets of 62,000 users – including its own admin (3 days ago)
- Amazon built a massive AI supercluster for Anthropic called Project Rainier – here’s what we know so far (3 days ago)
- Ingram Micro suffers global outage as internal systems inaccessible (3 days ago)
- Hacker leaks Telefónica data allegedly stolen in a new breach (3 days ago)
- NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors (3 days ago)
- We’re number 1! Windows 11 finally overtakes Windows 10 (3 days ago)
- In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed (3 days ago)
- Hunters International ransomware group shuts down – but will it regroup under a new guise? (3 days ago)
- How ISO 42001 supports EU AI Act compliance (3 days ago)
- Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It (3 days ago)
- Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros (3 days ago)
- Former and current Microsofties react to the latest round of layoffs (3 days ago)
- Global Data Breaches and Cyber Attacks in June 2025: Over 16 billion records exposed (3 days ago)
- Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission (3 days ago)
- EU businesses want a pause on AI regulations so they can cope with unregulated Big Tech players (3 days ago)
- Microsoft leaves Pakistan but promises customers won’t notice the change (3 days ago)
- Catwatchful - 61,641 breached accounts (3 days ago)
- AI models just don’t understand what they’re talking about (4 days ago)
- Big Tech’s Mixed Response to U.S. Treasury Sanctions (4 days ago)
- Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams (4 days ago)
- Microsoft Windows Firewall complains about Microsoft code (4 days ago)
- Microsoft Windows Firewall complains about Microsoft code (4 days ago)
- Young Consulting finds even more folks affected in breach mess – now over 1 million (4 days ago)
- Tariffs and trade turmoil driving up cost and build times for datacenters (4 days ago)
- Meta calls €200M EU fine over pay-or-consent ad model ‘unlawful’ (4 days ago)
- Undetectable Android Spyware Backfires, Leaks 62,000 User Logins (4 days ago)
- Cisco Warns of Hardcoded Credentials in Enterprise Software (4 days ago)
- Ransomware crew Hunters International shuts down, hands out keys to victims (4 days ago)
- Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets (4 days ago)
- Canonical adds extra shots to Ubuntu Java (4 days ago)
- The Hidden Weaknesses in AI SOC Tools that No One Talks About (4 days ago)
- North Korean Hackers Use Fake Zoom Updates to Install macOS Malware (4 days ago)
- UK charity bank branded a ‘disaster’ after platform migration goes wrong (4 days ago)
- Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms (4 days ago)
- Wayback gives X11 desktops a fighting chance in a Wayland world (4 days ago)
- How multi-agent systems revolutionize data work flows (4 days ago)
- Let’s Encrypt rolls out free security certs for IP addresses (4 days ago)
- Disruption with some GitHub services (4 days ago)
- ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies (4 days ago)
- Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials (4 days ago)
- Alibaba Cloud reveals DB cluster manager it says can beat rival hyperscalers (4 days ago)
- Welcoming Truyu to Have I Been Pwned’s Partner Program (4 days ago)
- Smashing Security podcast #424: Surveillance, spyware, and self-driving snafus (4 days ago)
- Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform (5 days ago)
- CISA warns the Signal clone used by natsec staffers is being attacked, so patch now (5 days ago)
- Call center staffers explain to researchers how their AI assistants aren’t very helpful (5 days ago)
- Trillion with a T: Surpassing 2 Trillion Events Processed!🚀🚀 (5 days ago)
- 23andMe’s new owner says your DNA is safe this time (5 days ago)
- North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign (5 days ago)
- Disruption with some GitHub services (5 days ago)
- Microsoft kicks off new fiscal year with more layoffs (5 days ago)
- Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix (5 days ago)
- 7 Steps to a Successful ISO 27001 Risk Assessment (Updated for 2025) (5 days ago)
- Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response (5 days ago)
- Impact of Microsoft taking over Enterprise Account renewals starts to ‘bite’ (5 days ago)
- US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’ (5 days ago)
- US imposes sanctions on second Russian bulletproof hosting vehicle this year (5 days ago)
- PureLogs Forensics (5 days ago)
- That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat (5 days ago)
- Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns (5 days ago)
- Disruption with some GitHub services (5 days ago)
- Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks (5 days ago)
- U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware (5 days ago)
- UK eyes new laws as cable sabotage blurs line between war and peace (5 days ago)
- Weekly Update 458 (5 days ago)
- Vercel’s v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale (5 days ago)
- Australian airline Qantas reveals data theft impacting six million customers (5 days ago)
- Microsoft admits to Intune forgetfulness (6 days ago)
- Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits (6 days ago)
- International Criminal Court swats away ‘sophisticated and targeted’ cyberattack (6 days ago)
- TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns (6 days ago)
- The AI Fix #57: AI is the best hacker in the USA, and self-learning AI (6 days ago)
- New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status (6 days ago)
- CapLoader 2.0.1 Released (6 days ago)
- 50 customers of French bank hit after insider helped SIM swap scammers (6 days ago)
- A New Maturity Model for Browser Security: Closing the Last-Mile Risk (6 days ago)
- How to Write a GDPR Data Protection Policy (Updated for 2025) (6 days ago)
- Terrible tales of opsec oversights: How cybercrooks get themselves caught (6 days ago)
- Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update (6 days ago)
- iOS Activation Flaw Enables Pre-User Device Compromise and Identity Exposure (iOS 18.5) (6 days ago)
- Proton bashes Apple and joins antitrust suit that seeks to throw the App Store wide open (6 days ago)
- US shuts down a string of North Korean IT worker scams (7 days ago)
- Disruption with Claude 3.7 Sonnet in Copilot Chat (7 days ago)
- Incident With Actions (7 days ago)
- British IT worker sentenced to seven months after trashing company network (7 days ago)
- Senator Chides FBI for Weak Advice on Mobile Security (7 days ago)
- Scattered Spider crime spree takes flight as focus turns to aviation sector (7 days ago)
- Building Your Cyber Security Career: The Credentials Needed for Management and Specialist Roles (7 days ago)
- Unlocking Access: How to Respond to a DSAR (Data Subject Access Request) (7 days ago)
- When hackers become hitmen (8 days ago)
- Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024 (9 days ago)
- Battlefords Union Hospitals notifies patients of employee snooping in their records (9 days ago)
- BreachForums broken up? French police arrest five members of notorious cybercrime site (9 days ago)
- Alert: Scattered Spider has added North American airline and transportation organizations to their target list (10 days ago)
- Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected (10 days ago)
- Privacy commissioner reviewing reported Ontario Health atHome data breach (10 days ago)
- CMS warns Medicare providers of fraud scheme (10 days ago)
- SafePay ransomware: What you need to know (10 days ago)
- Disruption with some GitHub services (10 days ago)
- GitHub Enterprise Importer delays (11 days ago)
- Ex-student charged with wave of cyber attacks on Sydney uni (11 days ago)
- Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders (11 days ago)
- Potential Cyberattack Scrambles Columbia University Computer Systems (11 days ago)
- 222,000 customer records allegedly from Manhattan Parking Group leaked (11 days ago)
- Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title - Tag (11 days ago)
- Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs (11 days ago)
- Hackers breach Norwegian dam (12 days ago)
- Robinsons Malls - 195,597 breached accounts (12 days ago)
- Apple Wallet just went full Bono (but with Brad Pitt this time) (12 days ago)
- Cybercrime is surging across Africa (12 days ago)
- Have Fun Teaching - 27,126 breached accounts (12 days ago)
- How to Write a GDPR Data Privacy Notice – Updated Guide and Template for 2025 (13 days ago)
- The AI Fix #56: ChatGPT traps man in a cult of one, and AI is actually stupid (13 days ago)
- Aflac, one of the USA’s largest insurers, is the latest to fall “under siege” to hackers (13 days ago)
- Repository Navigation Bar Missing in GitHub Enterprise Cloud (13 days ago)
- CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement (13 days ago)
- CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload (13 days ago)
- CVE-2025-32976 - Quest KACE SMA 2FA Bypass (13 days ago)
- CVE-2025-32975 - Quest KACE SMA Authentication Bypass (13 days ago)
- RansomLord (NG v1.0) anti-ransomware exploit tool (13 days ago)
- Disclosure Yealink Cloud vulnerabilities (13 days ago)
- Marks & Spencer ransomware attack was good news for other retailers (14 days ago)
- Twitter refuses to explain what it’s doing about hate speech and misinformation, sues New York State for asking (14 days ago)
- Weekly Update 457 (16 days ago)
- Krispy Kreme hack exposed sensitive data of over 160,000 people (17 days ago)
- The Critical Role of a DPO: Why Outsourcing is the Smart Choice (17 days ago)
- Disruption with the GitHub mobile android application (17 days ago)
- The Data (Use and Access) Act and How it Affects the UK GDPR and DPA 2018, and PECR (18 days ago)
- Disruption with some GitHub services (18 days ago)
- Partial Actions Cache degradation (19 days ago)
- Partial Degradation in Issues Experience (19 days ago)
- Timelines for migration to post-quantum cryptography (19 days ago)
- : “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) (19 days ago)
- SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer) (19 days ago)
- SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem (19 days ago)
- Call for Applications: ERCIM STM WG 2025 Award for the Best Ph.D. Thesis on Security and Trust Management (July 31, 2025) (19 days ago)
- Incident with multiple GitHub services (20 days ago)
- V2: Hacking my Tesla Powerwalls to be the ultimate home energy solution! (24 days ago)
- Ualabee - 472,296 breached accounts (24 days ago)
- Inside a Dark Adtech Empire Fed by Fake CAPTCHAs (25 days ago)
- Some Copilot chat models are failing requests (25 days ago)
- Incident with Actions (25 days ago)
- Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider (25 days ago)
- Weekly Update 456 (25 days ago)
- Authentication methods: choosing the right type (26 days ago)
- Disruption with some GitHub services (26 days ago)
- Patch Tuesday, June 2025 Edition (26 days ago)
- Codespaces billing is delayed (27 days ago)
- Incident with Pull Requests (27 days ago)
- WiredBucks - 918,529 breached accounts (27 days ago)
- SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version (27 days ago)
- Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft (27 days ago)
- Detecting PureLogs traffic with CapLoader (28 days ago)
- Weekly Update 455 (28 days ago)