1+ day, 3+ hour ago  (174+ words) The Duc App data breach centers on the sensitive nature of the unencrypted information exposed. CyPeace cybersecurity researcher Anurag Sen discovered that the database contained over 360,000 files used for mandatory "know your customer" (KYC) protocols, according to TechCrunch." Several folders…...

1+ day, 1+ hour ago  (186+ words) A confirmed Hims & Hers data breach resulted in the exfiltration of customer support ticket data. The recent cyberattack on the telehealth provider exposed significant vulnerabilities within third-party vendor integrations, underscoring the critical telehealth security risks associated with outsourced service platforms....

1+ day, 33+ min ago  (273+ words) A former core infrastructure engineer at a U.S.-based industrial company entered a guilty plea to charges of extortion and intentional damage to a protected computer. Daniel Rhyne, 59, appeared before a U.S. District Judge in Trenton federal court, following a major development…...

3+ day, 4+ min ago  (432+ words) The Axios supply chain attack was formally attributed by Google Threat Intelligence Group (GTIG) to North Korea-linked hackers tracked as UNC1069. This highly sophisticated intrusion targeted the Node Package Manager (npm) ecosystem, compromising one of the most widely utilized JavaScript HTTP…...

1+ day, 22+ hour ago  (234+ words) The infection sequence begins when victims open deceptive shortcut files disguised as legitimate business documents. Recent iterations of these LNK file attacks embed complex decoding functions directly within the file arguments." Once activated, the payload drops a decoy PDF to…...

3+ day, 3+ hour ago  (610+ words) ExpressVPN has unveiled ExpressAI, a new artificial intelligence platform designed with privacy at its core. The company positions it as an alternative to conventional AI tools that often log, store, or reuse user data. The platform is built to ensure…...

3+ day, 2+ hour ago  (236+ words) A Mercor AI cyberattack was confirmed, stemming from a recent supply chain exploit involving the LiteLLM project compromise. The announcement follows the Lapsus$ threat actor's claims of targeting the prominent artificial intelligence (AI) recruiting startup and stealing 4TB of data. The…...

3+ day, 23+ hour ago  (176+ words) The DeepLoad malware campaign utilizes the ClickFix delivery method to deceive users into executing malicious scripts, quickly establishing persistent network access before manual triage can occur. The malware persisted via Windows Management Instrumentation (WMI) event subscriptions that allowed reinfection three…...

4+ day, 4+ hour ago  (227+ words) CareCloud, a prominent provider of medical software and revenue cycle management solutions, recently notified the Securities and Exchange Commission regarding a network intrusion that had occurred approximately two weeks ago. However, no threat actor has yet claimed responsibility for the…...

5+ day, 6+ hour ago  (419+ words) Wendi Sturgis " New RelicWendi Sturgis has joined New Relic's Board of Directors, bringing more than two decades of experience scaling global technology businesses and leading customer engagement strategy. She previously led Cleverbridge as CEO, turning it into a high-growth platform…...