Security Leaders Share Thoughts on DaVita Data Breach
On August 5, dialysis firm DaVita confirmed a data breach affecting over 900,000 individuals. The breach potentially exposed Social Security Numbers and personal health information.
In Other News: Nvidia Says No to Backdoors, Satellite Hacking, Energy Sector Assessment
Noteworthy stories that might have slipped under the radar: federal court filing system hack, Chanel data breach, emergency CISA directive. The post In Other News: Nvidia Says No to Backdoors, Satellite Hacking, Energy Sector Assessment appeared first on SecurityWeek.
Google Project Zero Changes Its Disclosure Policy
Google’s vulnerability finding team is again pushing the envelope of responsible disclosure: Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period allowed for patch adoption if the bug isRead More »Google Project Zero Changes Its Disclosure Policy
Leaked Credentials Up 160%: What Attackers Are Doing With Them
When an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password. According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted forRead More »Leaked Credentials Up 160%: What Attackers Are Doing With Them
Black Hat USA 2025 – Summary of Vendor Announcements (Part 4)
Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 4) appeared first on SecurityWeek.
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes
A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users. The activity is assessed to be active since at least March 2023, according to the softwareRead More »RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes
Columbia University Data Breach Impacts 860,000
Columbia University has been targeted in a cyberattack where hackers stole the personal information of students, applicants, and employees. The post Columbia University Data Breach Impacts 860,000 appeared first on SecurityWeek.
Scammers mass-mailing the Efimer Trojan to steal crypto
Introduction In June, we encountered a mass mailing campaign impersonating lawyers from a major company. These emails falsely claimed the recipient’s domain name infringed on the sender’s rights. The messages contained the Efimer malicious script, designed to steal cryptocurrency. This script also includes additional functionality that helps attackers spread itRead More »Scammers mass-mailing the Efimer Trojan to steal crypto
French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers
Bouygues has been targeted in a cyberattack that resulted in the personal information of millions of customers getting compromised. The post French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers appeared first on SecurityWeek.
GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcherRead More »GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions