California Cryobank (CCB), one of the world’s largest reproductive tissue banks, has begun informing consumers about a data breach impacting an unspecified number of individuals. The biotechnology company reported detecting unauthorized activity on certain computers on 21 April last year, and subsequently isolated them from its IT network.  Protecting Data Confidentiality  In a statement, the ..read more

A highly advanced zero-day vulnerability has been covertly exploited for years by multiple state-sponsored hacking groups, underscoring its severe security risks. This flaw leverages Windows shortcut (.lnk) files, enabling attackers to stealthily execute malicious commands without detection.   However, Microsoft tagged it as “not meeting the bar servicing” in late September and said it wouldn’t ..read more

The latest report from cybersecurity company KnowBe4 begins with the staggering revelation that ‘Some schools endure over 2,500 attempted cyberattacks a day’ – and the learning doesn’t stop there for the education sector.  The report, entitled ‘From Primary Schools to Universities, the Global Education Sector is Unprepared for Escalating Cyber Attacks,’ follows up its opening ..read more

Ransomware isn’t just getting faster; it’s getting smarter. Attackers now move laterally within 48 minutes, on average—increasing the breakout time by 22%. This is quite a stark difference from the 8 hours and 12 minutes it takes security teams, relying solely on manual processes, to contain them. What’s fueling hackers’ rapid lateral movement? Cybercrime forums ..read more

Western Alliance Bank has announced a data breach affecting 21,899 people, that was caused by an October 2024 cyberattack on a third-party file transfer software. The breach exposed sensitive personal and financial information, including names, Social Security numbers, driver’s license details, and financial account numbers.   The bank said the malicious actors exploited a zero-day vulnerability in the third-party software to ..read more

Two bipartisan Senate bills reintroduced by US Senators last week aim to boost the cybersecurity defenses of small water and wastewater utilities.  Any move to enhance cybersecurity in the water sector is welcome and overdue following calls last year from the Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA) for the ..read more

A new wave of malware is gaining traction in the form of infostealers, potent data-harvesting tools that have quickly become the go-to choice for threat actors due to their ability to quickly and effectively siphon sensitive information to sell on the dark web. Use of infostealers by groups specializing in ransomware surged by 266%, according ..read more

Infostealers pose a persistent threat by facilitating advanced attacks such as ransomware and espionage. According to KELA’s “The State of Cybercrime 2024” report, 3.9 billion credentials have been found in credential lists sourced from infostealer logs.  The report provides a comprehensive look into cybercrime and highlights some of the notable threats from 2024. Using this ..read more

A newly discovered remote code execution (RCE) vulnerability, CVE-2025-24813, is actively being exploited, putting Apache Tomcat servers at risk—malicious actors need but a single PUT API request to gain full control over vulnerable systems.   The exploit was initially published by a Chinese forum user, iSee857, with a proof-of-concept (PoC) code now readily available online.  How ..read more

Security researchers at Guardz have warned of new malicious campaigns that abuse Microsoft 365 for phishing , or target the service’s users to take over their accounts.   As part of one campaign, malicious actors are leveraging legitimate Microsoft domains and tenant misconfigurations in BEC attacks likely aimed at stealing credentials and performing account takeover (ATO).   ..read more