Mur d'images - Cyberveille

curated by Decio

Ivanti warns of critical flaws in its Avalanche MDM solution

Targus discloses cyberattack after hackers detected on file servers

Over 92,000 exposed D-Link NAS devices have a backdoor account

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

Google fixes two Pixel zero-day flaws exploited by forensics firms

AT&T confirms data for 73 million customers leaked on hacker forum

Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords

Finland confirms APT31 hackers behind 2021 parliament breach

Google: Spyware vendors behind 50% of zero-days exploited in 2023

New ZenHammer memory attack impacts AMD Zen CPUs

Darknet marketplace Nemesis Market seized by German police

Exploit released for Fortinet RCE bug used in attacks, patch now

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

Ivanti fixes critical Standalone Sentry bug reported by NATO

Misconfigured Firebase instances leaked 19 million plaintext passwords

Google Chrome gets real-time phishing protection later this month

LockBit ransomware affiliate gets four years in jail, to pay $860k

Switzerland: Play ransomware leaked 65,000 government documents

Flipper Zero WiFi phishing attack can unlock and steal Tesla cars

Duvel says it has "more than enough" beer after ransomware attack

BlackCat ransomware shuts down in exit scam, blames the "feds"

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

CISA cautions against using hacked Ivanti VPN gateways even after factory resets

LockBit ransomware returns, restores servers after police disruption

Police arrests LockBit ransomware members, release decryptor in global crackdown

Cactus ransomware claim to steal 1.5TB of Schneider Electric data

LockBit ransomware disrupted by global police operation

Denmark orders schools to stop sending student data to Google

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

New RustDoor macOS malware impersonates Visual Studio update

Hyundai Motor Europe hit by Black Basta ransomware attack

Ivanti: Patch new Connect Secure auth bypass bug immediately

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Chinese hackers infect Dutch armed forces network with malware

Leaky Vessels flaws allow hackers to escape Docker, runc containers

AnyDesk says hackers breached its production servers, resets passwords

Energy giant Schneider Electric hit by Cactus ransomware attack

Trello API abused to link email addresses to 15 million accounts

23andMe data breach: Hackers stole raw genotype data, health reports

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

MacOS info-stealers quickly evolve to evade XProtect detection

ShinyHunters member gets 3 years in prison for breaching 60 firms

Netgear, Hyundai latest X accounts hacked to push crypto drainers

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Hackers hijack govt and business accounts on X for crypto scams

Hacker hijacks Orange Spain RIPE account to cause BGP havoc

The biggest cybersecurity and cyberattack stories of 2023

New Black Basta decryptor exploits ransomware flaw to recover files

Russian military hackers target Ukraine with new MASEPIE malware

‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

Lockbit ransomware disrupts emergency care at German hospitals

Steam game mod breached to push password-stealing malware

Microsoft disables MSIX protocol handler abused in malware attacks

GTA 5 source code reportedly leaked online a year after RockStar hack

Ubisoft says it's investigating reports of a new security breach

Crypto drainer steals $59 million from 63k people in Twitter ad push

Healthcare software provider data breach impacts 2.7 million

Terrapin attacks can downgrade security of OpenSSH connections

MongoDB says customer data was exposed in a cyberattack

QNAP VioStor NVR vulnerability actively exploited by malware botnet

3CX warns customers to disable SQL database integrations

Hackers are exploiting critical Apache Struts flaw using public PoC

Sophos backports RCE fix after attacks on unsupported firewalls

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

New BLUFFS attack lets attackers hijack Bluetooth connections

Welltok data breach exposes data of 8.5 million US patients

DP World confirms data stolen in cyberattack, no ransomware used

Meet the Unique New "Hacking" Group: AlphaLock

Lumma Stealer malware now uses trigonometry to evade detection

Toyota confirms breach after Medusa ransomware threatens to leak data

Cloudflare website downed by DDoS attack claimed by Anonymous Sudan

Critical Atlassian Confluence bug exploited in Cerber ransomware attacks

Discord will switch to temporary file links to block malware delivery

Apple 'Find My' network can be abused to steal keylogged passwords

New Microsoft Exchange zero-days allow RCE, data theft attacks

Massive cybercrime URL shortening service uncovered via DNS data

Atlassian warns of critical Confluence flaw leading to data loss

HackerOne paid ethical hackers over $300 million in bug bounties

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Cisco discloses new IOS XE zero-day exploited to deploy malware implant

D-Link confirms data breach after employee phishing attack

Ukrainian activists hack Trigona ransomware gang, wipe servers

Ragnar Locker ransomware’s dark web extortion sites seized by police

Hackers exploit critical flaw in WordPress Royal Elementor plugin

Genetics firm 23andMe says user data stolen in credential stuffing attack

Sony confirms data breach impacting thousands in the U.S.

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

Cisco urges admins to fix IOS software zero-day exploited in attacks

Apple emergency updates fix 3 new zero-days exploited in attacks

BlackCat ransomware hits Azure Storage with Sphynx encryptor

Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks

Apple discloses 2 new zero-days exploited to attack iPhones, Macs

Rockstar Games reportedly sold games with Razor 1911 cracks on Steam

Qakbot botnet dismantled after infecting over 700,000 computers

Attacks on Citrix NetScaler systems linked to ransomware actor

Sneaky Amazon Google ad leads to Microsoft support scam

Ivanti warns of new actively exploited MobileIron zero-day bug

Threat actors use beta apps to bypass mobile app store security

Discord.io confirms breach after hacker steals data of 760K users

Meet NoEscape: Avaddon ransomware gang's likely successor

Interpol takes down 16shop phishing-as-a-service platform

Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws

AVrecon malware infects 70,000 Linux routers to build botnet

Apple confirms WebKit security updates break browsing on some sites

Apple releases emergency update to fix zero-day exploited in attacks

Siemens Energy confirms data breach after MOVEit data-theft attack

ASUS urges customers to patch critical router vulnerabilities

Suspected LockBit ransomware affiliate arrested, charged in US

Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Terminator antivirus killer is a vulnerable Windows driver in disguise

New hacking forum leaks data of 478,000 RaidForums members

IT employee impersonates ransomware gang to extort employer

Apple fixes three new zero-days exploited to hack iPhones, Macs

MalasLocker ransomware targets Zimbra servers, demands charity donation

Discord discloses data breach after support agent got hacked

Toyota: Car location data of 2 million customers exposed for ten years

Multinational tech firm ABB hit by Black Basta ransomware attack

Google Chrome emergency update fixes first zero-day of 2023

Exploit available for critical bug in VM2 JavaScript sandbox library

Western Digital discloses network breach, My Cloud service down

New Money Message ransomware demands million dollar ransoms

Hackers compromise 3CX desktop app in a supply chain attack

Ransomware gang posts video of data stolen from Minneapolis schools

Medusa ransomware gang picks up steam as it targets companies worldwide

Stanford University discloses data breach affecting PhD applicants

Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day

GoDaddy: Hackers stole source code, installed malware in multi-year breach

Bitwarden password vaults targeted in Google ads phishing attack

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

T-Mobile hacked to steal data of 37 million accounts in API data breach

Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner

Vice Society ransomware leaks University of Duisburg-Essen’s data

NortonLifeLock warns that hackers breached Password Manager accounts

CircleCI warns of security breach — rotate your secrets!

Jenkins discloses dozens of zero-day bugs in multiple plugins

Hacker claims to be selling Twitter data of 400 million users

Okta's source code stolen after GitHub repositories hacked

Microsoft-signed malicious Windows drivers used in ransomware attacks

Cisco discloses high-severity IP phone zero-day with exploit code

Apple rolls out end-to-end encryption for iCloud backups

Samsung, LG, Mediatek certificates compromised to sign Android malware

Lastpass says hackers accessed customer data in new breach

Google pushes emergency Chrome update to fix 8th zero-day in 2022

Exploit released for actively abused ProxyNotShell Exchange bug

New Azov data wiper tries to frame researchers and BleepingComputer

TommyLeaks and SchoolBoys: Two sides of the same ransomware gang

Exploited Windows zero-day lets JavaScript files bypass security warnings

Lazarus hackers abuse Dell driver bug using new FudModule rootkit

Unpatched 15-year old Python bug allows code execution in 350k projects

LockBit ransomware builder leaked online by “angry developer”

Revolut hack exposes data of 50,000 users, fuels new phishing wave

North Korean hackers use signed macOS malware to target IT job seekers

CISA warns of Windows and UnRAR flaws exploited in the wild

Microsoft links Raspberry Robin malware to Evil Corp attacks

Microsoft finds Raspberry Robin worm in hundreds of Windows networks

LockBit 3.0 introduces the first ransomware bug bounty program

Conti ransomware finally shuts down data leak, negotiation sites

7-zip now supports Windows ‘Mark-of-the-Web’ security feature

Canada bans Huawei and ZTE from 5G networks over security concerns

US links Thanos and Jigsaw ransomware to 55-year-old doctor

Costa Rica declares national emergency after Conti ransomware attacks

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

RaidForums hacking forum seized by police, owner arrested

Chinese hackers abuse VLC Media Player to launch malware loader

Hackers breach MailChimp's internal tools to target crypto customers

QNAP warns severe OpenSSL bug affects most of its NAS devices

Samsung confirms hackers stole Galaxy devices source code

Hackers leak 190GB of alleged Samsung data, source code

Malware now using stolen NVIDIA code signing certificates

Phishing attacks target countries aiding Ukrainian refugees

TrickBot malware operation shuts down, devs move to BazarBackdoor

Ukraine links phishing targeting military to Belarusian hackers

New data-wiping malware used in destructive attacks on Ukraine

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code