- Over Half a Million Hit by Pennsylvania Schools Union Breachon March 20, 2025 at 9:45 am
The Pennsylvania State Education Association (PSEA) has sent breach notifications to over 500,000 current and former members
- NCSC Sets 2035 Deadline for Post-Quantum Cryptography Migrationon March 20, 2025 at 8:30 am
New NCSC guidance sets out a three-phase migration to post-quantum cryptography, designed to ensure all systems are protected from quantum attacks by 2035
- Windows Shortcut Flaw Exploited by 11 State-Sponsored Groupson March 19, 2025 at 4:30 pm
Newly discovered vulnerability ZDI-CAN-25373 takes advantage of Windows shortcuts has been exploited by 11 state-sponsored groups since 2017
- 752,000 Browser Phishing Attacks Mark 140% Increase YoYon March 19, 2025 at 2:00 pm
A surge in browser-based phishing attacks has been recorded over the past year, with a 140% increase compared to 2023 according to Menlo Security
- Brian Cox to Discuss Quantum Computing’s Impact at Infosecurity Europe 2025on March 19, 2025 at 12:00 pm
World-renowned physicist, Professor Brian Cox, will headline day one of Infosecurity Europe, analyzing the science behind quantum computing and the challenges it brings
Hacks – Threatpost The First Stop For Security News
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmsby Nate Nelson on August 29, 2022 at 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- iPhone Users Urged to Update to Patch 2 Zero-Daysby Elizabeth Montalbano on August 19, 2022 at 3:25 pm
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- APT Lazarus Targets Engineers with macOS Malwareby Elizabeth Montalbano on August 17, 2022 at 3:07 pm
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
- Black Hat and DEF CON Roundupby Threatpost on August 15, 2022 at 1:56 pm
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
- New Hacker Forum Takes Pro-Ukraine Stanceby Elizabeth Montalbano on August 11, 2022 at 3:14 pm
A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
Mobile Security – Threatpost The First Stop For Security News
- iPhone Users Urged to Update to Patch 2 Zero-Daysby Elizabeth Montalbano on August 19, 2022 at 3:25 pm
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- Xiaomi Phone Bug Allowed Payment Forgeryby Nate Nelson on August 16, 2022 at 12:26 pm
Mobile transactions could’ve been disabled, created and signed by attackers.
- Google Boots Multiple Malware-laced Android Apps from Marketplaceby Elizabeth Montalbano on July 18, 2022 at 12:32 pm
Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.
- Leaky Access Tokens Exposed Amazon Photos of Usersby Nate Nelson on June 29, 2022 at 8:18 pm
Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.
- Google Warns Spyware Being Deployed Against Android, iOS Usersby Elizabeth Montalbano on June 24, 2022 at 11:02 am
The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
Krebs on Security In-depth security news and investigation
- DOGE to Fired CISA Staff: Email Us Your Personal Databy BrianKrebs on March 20, 2025 at 1:26 am
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment — presumably with the password needed to view the file included in the body of the email.
- ClickFix: How to Infect Your PC in Three Easy Stepsby BrianKrebs on March 14, 2025 at 10:15 pm
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.
- Microsoft: 6 Zero-Days in March 2025 Patch Tuesdayby BrianKrebs on March 11, 2025 at 11:53 pm
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.
- Alleged Co-Founder of Garantex Arrested in Indiaby BrianKrebs on March 11, 2025 at 4:49 pm
Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.
- Feds Link $150M Cyberheist to 2022 LastPass Hacksby BrianKrebs on March 8, 2025 at 1:20 am
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.