Recruitment Phishing Scam Imitates Hiring Process
A phishing campaign is using CrowdStrike recruitment branding to deliver malware disguised as a fake application. Learn more.
Telegram hands over data on thousands of users to US law enforcement
Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement.
Microsoft moves to disrupt hacking-as-a-service scheme that’s bypassing AI safety measures
The defendants used stolen API keys to gain access to devices and accounts with Microsoft’s Azure OpenAI service, which they then used to generate “thousands” of images that violated content restrictions.
Green Bay Packers' online store hacked to steal credit cards
The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers' personal and payment information.
UN aviation agency ‘investigating’ security breach after hacker claims theft of personal data
ICAO says the incident was allegedly linked to a hacker 'known for targeting international organizations'
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
We agree - modern security engineering is hard - but none of this is modern. We are discussing vulnerability classes - with no sophisticated trigger mechanisms that fuzzing couldnt find - discovered in the 1990s, that can be trivially discovered via basic fuzzing, SAST (the things product security teams do with real code access). As an industry, should we really be communicating that these vulnerability classes are simply too complex for a multi-billion dollar technology company that builds enterprise-grade, enterprise-priced network security solutions to proactively resolve?
Drones, Exploding Parcels and Sabotage: How Hybrid Tactics Target the West
Russia and other hostile states have become increasingly brazen in adopting “gray zone” attacks against Europe and the United States, leaving defense officials with a dilemma: How to respond?
Panne des systèmes informatiques de la Confédération, en raison d'une attaque DDoS
Vendredi matin 10 janvier, l’administration fédérale a été perturbée pendant environ 45 minutes par une panne des systèmes informatiques, en raison d’une attaque DDoS. La téléphonie, Outlook, différents sites Internet de la Confédération ainsi que des applications spécialisées ont entre autres été affectés. Les contre-mesures ont permis de stabiliser la situation.
FunkSec – Alleged Top Ransomware Group Powered by AI
- The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. FunkSec operators appear to use AI-assisted malware development which can enable even inexperienced actors to quickly produce and refine advanced tools. The group’s activities straddle the line between hacktivism and cybercrime, complicating efforts to understand their true motivations. Many of the group’s leaked datasets are recycled from previous hacktivism campaigns, raising doubts about the authenticity of their disclosures. Current methods of assessing ransomware group threats often rely on the actors’ own claims, highlighting the need for more objective evaluation techniques.
SonicWall urges admins to patch exploitable SSLVPN bug immediately
SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments: CVE-2024-49112: A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system. CVE-2024-49113: A denial-of-service (DoS) vulnerability that can be exploited to crash the LDAP service, leading to service disruptions. In this blog entry, we discuss a fake proof-of-concept (PoC) exploit for CVE-2024-49113 (aka LDAPNightmare) designed to lure security researchers into downloading and executing information-stealing malware.
Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data
Gravy Analytics has been one of the most important companies in the location data industry for years, collating smartphone location data from around the world selling some to the U.S. government. Hackers say they stole a mountain of data.
Russian ISP confirms Ukrainian hackers "destroyed" its network
Russian internet service provider Nodex confirmed on Tuesday that its network was
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
Zero-day exploitation of Ivanti Connect Secure VPN vulnerabilities since as far back as December 2024. On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network.
CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild | Rapid7 Blog
On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is a stack-based buffer overflow that allows local authenticated attackers to escalate privileges on the device.
Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool
Privacy advocate draws attention to the fact that hundreds of police surveillance cameras are streaming directly to the open internet.
Il perd 450 francs à cause d'une faille de sécurité des CFF
Découverte d'une faille de sécurité chez CFF et chez CembraPay «Des escrocs ont acheté à mon nom des billets de train pour 450 francs» Lorsque Reto Pfammatter trouve un rappel de paiement dans sa boîte aux lettres, il se pose des questions. Pourquoi doit-il payer plus de 450 francs pour des billets CFF… qu'il n'a jamais achetés! Le Suisse s'est fait usurper son identité avec une arnaque simple.
Thousands of credit cards stolen in Green Bay Packers store breach
American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach.
"Ils nous ont contactés via une messagerie cryptée pour obtenir une rançon" : cette cyberattaque rend la vie impossible aux éleveurs
Alors que plusieurs sites internet de collectivités sont victimes de piratages en France, le secteur agricole est, lui aussi, touché. Depuis la nuit du 14 au 15 décembre, la plateforme en ligne permettant l'identification...
Casio says hackers stole personal data of 8,500 people during October ransomware attack
The Japanese electronics giant says it did not negotiate with the hackers responsible for the attack.
Many-shot jailbreaking \ Anthropic
Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails. The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails.
PowerSchool hack exposes student, teacher data from K-12 districts
Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform.
Telegram Hands U.S. Authorities Data on Thousands of Users
The number of data requests fulfilled by Telegram skyrocketed, with the company providing data to U.S. authorities on 2,253 users last year.
Hackers reportedly compromise Argentina’s airport security payroll system | The Record from Recorded Future News
The hackers gained access to the airport security police's payroll records and deducted small amounts from employee salaries.
Chinese hackers also breached Charter and Windstream networks
More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon.
How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons
Massive ‘Typhoon’ cyberattacks on U.S. infrastructure and telecoms sought to lay groundwork for potential conflict with Beijing, as intruders gathered data and got in position to impede response and sow chaos
Rhode Island warns of cybercriminals leaking stolen state files as Deloitte works to restore system
Rhode Island officials said they're still analyzing the impact of a ransomware gang's breach of state health and social services systems. Some are still down.
LDAPNightmare: SafeBreach Publishes First PoC Exploit (CVE-2024-49113)
See how SafeBreach researchers developed a zero-click PoC exploit for LDAPNightmare (CVE-2024-49113) that crashes unpatched Windows Servers.
What We Know About CVE-2024-49112 and CVE-2024-49113
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score.