The Inc Ransom group has taken credit for the hack, claiming to have stolen several terabytes of data. The post Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack appeared first on SecurityWeek.
Hackers accessed a database containing information about alumni, donors, faculty, students, parents, and other individuals. The post Princeton University Data Breach Impacts Alumni, Students, Employees appeared first on SecurityWeek.
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East. The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore orRead More »Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
A threat actor exploited a vulnerability, exfiltrated data, and attempted to extort Eurofiber. The post Data Stolen in Eurofiber France Hack appeared first on SecurityWeek.
Social media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way. In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer. And a singular candidate was integratingRead More »AI and Voter Engagement
Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management (AM), privileged access management (PAM), and identity threat detection and response (ITDR) are all integrated into a single, cohesive control plane. Building on Gartner’s definition ofRead More »Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities
Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm packages, published by a threat actor named “dino_reborn”Read More »Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages
Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service (DDoS) attack targeting a single endpoint in Australia that measured 5.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps). The tech giant said it was the largest DDoS attack ever observed in theRead More »Microsoft Mitigates Record 5.72 Tbps DDoS Attack Driven by AISURU Botnet
The flaw was reported by Google’s Threat Analysis Group and was likely exploited by a commercial spyware vendor. The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek.
Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploitedRead More »Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
