Zapier says someone broke into its code repositories and may have accessed customer data
Zapier is notifying customers about a “security incident,” which involved an unauthorized user gaining access to the company’s code repositories and “certain custom information.”
Le plus grave incident de sécurité jamais connu par la Sûreté de l'État: "Des pirates informatiques chinois ont pu rentrer dans ce logiciel"
La Sûreté de l'État est touchée par un grave incident de sécurité. Des pirates chinois ont détourné des courriels pendant deux ans, compromettant potentiellement des données sensibles du personnel.
La série noire continue pour Ruag et l’armée suisse, à la suite d’une cyberattaque massive - Le Temps
A travers la caisse de compensation de Swissmem, la faîtière de l’industrie des machines et des technologies, les données des employés de 180 firmes travaillant pour la Confédération et l’armée ont été mises en ligne. Une faille de sécurité majeure pour la Suisse
Le PFPDT guide les responsables du traitement quant à leur devoir d’informer des violations de la sécurité des données
La sécurité des données est un équilibre délicat, où chaque faille peut laisser entrer des risques menaçant l’intégrité, la disponibilité et la confidentialité des informations. Lorsqu’une violation de la sécurité se produit, le droit impose à certaines conditions une direction : celle de l’alerte et de la transparence. Pour orienter les responsables du traitement, le Préposé fédéral à la protection des données (PFPDT) offre un guide visant à éclairer le devoir d’annonce des violations de la sécurité des données.
Fremdzugriff auf ein E-Mail-Konto der kantonalen Verwaltung Appenzell I.Rh. — Appenzell Innerrhoden
Unbekannte sind in das Mailkonto von Säckelmeister Ruedi Eberle eingedrungen. Dank des Sicherheitssystems konnte eine Weiterverbreitung rasch unterbunden werden. Nach aktuellem Stand sind weder Daten verloren gegangen noch weitere Konten der kantonalen Verwaltung betroffen.
Exclusive: Hegseth orders Cyber Command to stand down on Russia planning
The secretary of Defense has ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, sources tell Recorded Future News.
Ransomware : sur la piste trouble de l’un des leaders de Black Basta
Les échanges internes au groupe Black Basta divulgués la semaine dernière offrent une nouvelle opportunité d’enquêter sur l’un de ses leaders : tramp. Il pourrait avoir été arrêté en Arménie en juin 2024, avant d’être relâché.
Key Takeaways The intrusion began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, ultimately leading to the deployment of LockBit ransomware across the environment.…
(EncryptHub) is a threat actor that has come to the forefront with highly sophisticated spear-phishing attacks since 26 June 2024. In the attacks it has carried out, it exhibits a different operational strategy by carrying out all the processes necessary to obtain initial access through personalized SMS (smishing) or by calling the person directly (vishing) and tricking the victim into installing remote monitoring and management (RMM) software. When investigating the attacks carried out by the threat actor, it is evident that their social engineering techniques and persuasion skills are highly effective. In the first phase, the actor usually creates a phishing site that targets the organization to obtain the victim's VPN credentials. The victim is then called and asked to enter the victim's details into the phishing site for technical issues, posing as an IT team or helpdesk. If the attack targeting the victim is not a call but a direct SMS text message, a fake Microsoft Teams link is used to convince the victim. After gaining access from the victim, the team runs various stealers on the compromised machine using the PowerShell
Orange Group confirms breach after hacker leaks company documents
A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the systems of Orange Group, a leading French telecommunications operator and digital service provider. #Breach #Computer #Data #Email #Extortion #InfoSec #Jira #Leak #Orange #Ransom #S.A. #Security
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.
Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure
The Lumma Stealer malware campaign is exploiting compromised educational institutions to distribute malicious LNK files disguised as PDFs, targeting industries like finance, healthcare, technology, and media. Once executed, these files initiate a stealthy multi-stage infection process, allowing cybercriminals to steal passwords, browser data, and cryptocurrency wallets. With sophisticated evasion techniques, including using Steam profiles for command-and-control operations, this malware-as-a-service (MaaS) threat highlights the urgent need for robust cybersecurity defenses. Stay vigilant against deceptive phishing tactics to protect sensitive information from cyber exploitation.
An Update on Fake Updates: Two New Actors, and New Mac Malware
Key findings Proofpoint identified and named two new cybercriminal threat actors operating components of web inject campaigns, TA2726 and TA2727. Proofpoint identified a new Proofpoint identified and named two new cybercriminal threat actors operating components of web inject campaigns, TA2726 and TA2727. Proofpoint identified a new MacOS malware delivered via web inject campaigns that our researchers called FrigidStealer. * The web inject campaign landscape is increasing, with a variety of copycat threat actors conducting similar campaigns, which can make it difficult for analysts to track.
On February 21, 2025, at approximately 12:30 PM UTC , Bybit detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a routine transfer process. The transfer was part of a scheduled move of ETH from our ETH Multisig Cold Wallet to our Hot Wallet. Unfortunately, the transaction was manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet. As a result, over 400,000 ETH and stETH worth more than $1.5 billion were transferred to an unidentified address.
Beware: PayPal "New Address" feature abused to send phishing emails
An ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers
Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.
Objet: Secteur du cloud - État de la menace informatique
Le Cloud computing, devenu incontournable pour les secteurs public et privé, favorise la transformation numérique mais offre également de nouvelles opportunités d’attaques et problématiques de sécurité pour les organisations qui l’utilisent. L'ANSSI observe une augmentation des attaques contre les environnements cloud. Ces campagnes d'attaques, menées à des fins lucratives, d'espionnage et de déstabilisation, affectent les fournisseurs de services cloud (Cloud Service Provider, CSP), en partie ciblés pour les accès qu’ils peuvent offrir vers leurs clients. Elles ciblent également les environnements de clients de services cloud, dont l'hybridation des systèmes d'information générée par l'usage du cloud, augmente la surface d'attaque.
Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors
An unknown threat cluster has been targeting at least between June and October 2024 European organizations, notably in the healthcare sector. Tracked as Green Nailao by Orange Cyberdefense CERT, the campaign relied on DLL search-order hijacking to deploy ShadowPad and PlugX – two implants often associated with China-nexus targeted intrusions. The ShadowPad variant our reverse-engineering team analyzed is highly obfuscated and uses Windows services and registry keys to persist on the system in the event of a reboot. In several Incident Response engagements, we observed the consecutive deployment of a previously undocumented ransomware payload. The campaign was enabled by the exploitation of CVE-2024-24919 (link for our World Watch and Vulnerability Intelligence customers) on vulnerable Check Point Security Gateways. IoCs and Yara rules can be found on our dedicated GitHub page here.
German election targeted by Russian disinformation, security services warn | The Record from Recorded Future News
Germany’s security services warned on Friday that fake videos circulating online purporting to reveal ballot manipulation in the country’s upcoming federal elections were part of a Russian information operation.
Black Basta is latest ransomware group to be hit by leak of chat logs
Cybersecurity researchers are analyzing about 200,000 messages from inside the high-profile Black Basta ransomware operation that were leaked recently.
Apple yanks encrypted storage in U.K. instead of allowing backdoor access
Company will no longer provide its highest security offering in Britain in the wake of a government order to let security officials see protected data.
