No, the 16 billion credentials leak is not a new data breach
News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.
Godfather Android malware now uses virtualization to hijack banking apps
A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps.
Webinar: Stolen credentials are the new front door to your network
Cybercriminals no longer need zero-days to breach your systems—these days, they just log in. Join BleepingComputer, SC Media, and Specops Software's Darren Siegel on July 9 at 2:00 PM ET for a live webinar on how attackers are using stolen credentials to infiltrate networks and how you can stop them.
DOJ moves to seize $225 million in crypto stolen by scammers
A civil forfeiture complaint was filed in U.S. District Court for the District of Columbia this week, where investigators from the FBI and U.S. Secret Service said they used blockchain analysis to trace the funds back to fraud schemes perpetrated by actors in the Philippines.
ChatGPT's next big upgrade, or the new foundational model "GPT-5," is still being prepared for a release in the summer, but OpenAI won't share the specifics.
Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US
A 33-year-old man arrested in Ukraine will face charges in the U.S. of working for the Ryuk cybercrime operation, known for high-profile targets and large ransom demands.
US recovers $225 million of crypto stolen in investment scams
The U.S. Department of Justice has seized more than $225 million in cryptocurrency linked to investment fraud and money laundering operations, the largest crypto seizure in the history of the U.S. Secret Service.
Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud
Doughnut maker Krispy Kreme has revealed that sensitive financial and personal data of over 160,000 individuals has been impacted following a November 2024 cyber incident
Microsoft unveils new security defaults for Windows 365 Cloud PCs
Microsoft has announced new Windows 365 security defaults starting in the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs.
Special Webinar: Key Insights from Verizon’s 2025 DBIR
GenAI, credential theft, third-party risks—Verizon's 2025 DBIR reveals what's putting your org at risk. Join DBIR author Alex Pinto & LayerX CEO Or Eshed as they break down this year's key insights and defense strategies. Don't miss the webinar—register now.
DuckDuckGo beefs up scam defense to block fake stores, crypto sites
The DuckDuckGo web browser has expanded its built-in Scam Blocker tool to protect against a broader range of online scams, including fake e-commerce, cryptocurrency exchanges, and "scareware" sites.
Telecom giant Viasat breached by China's Salt Typhoon hackers
Satellite communications company Viasat is the latest victim of China's Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide.
Self-Driving Car Video Footage - Schneier on Security
Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and under what rules that video is used and reused will be a continuing source of debate.