Mur d'images - Cyberveille

curated by Decio

LockBit ransomware gang hacked, victim negotiations exposed

Police takes down six DDoS-for-hire services, arrests admins

Linux wiper malware hidden in malicious Go modules on GitHub

Hitachi Vantara takes servers offline after Akira ransomware attack

SAP fixes suspected Netweaver zero-day exploited in attacks

Cisco Webex bug lets hackers gain code execution via meeting links

Phishers abuse Google OAuth to spoof Google in DKIM replay attack

Widespread Microsoft Entra lockouts tied to new security feature rollout

MITRE warns that funding for critical CVE program expires today

Police detains Smokeloader malware customers, seizes servers

EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher

Carding tool abusing WooCommerce API downloaded 34K times on PyPI

Oracle privately confirms Cloud breach to customers

Oracle Health breach compromises patient data at US hospitals

Oracle denies breach after hacker claims theft of 6 million data records

VSCode extensions found downloading early-stage ransomware

Google paid $12 million in bug bounties last year to security researchers

Swiss critical sector faces new 24-hour cyberattack reporting rule

Undocumented "backdoor" found in Bluetooth chip used by a billion devices

Data breach at Japanese telecom giant NTT hits 18,000 companies

Cisco warns of Webex for BroadWorks flaw exposing credentials

Beware: PayPal "New Address" feature abused to send phishing emails

CISA and FBI: Ghost ransomware breached orgs in 70 countries

Microsoft spots XCSSET macOS malware variant used for crypto theft

PirateFi game on Steam caught installing password-stealing malware

Cyberattack disrupts Lee newspapers' operations across the US

Fortinet discloses second firewall auth bypass patched in January

Sky ECC encrypted service distributors arrested in Spain, Netherlands

Spain arrests suspected hacker of US and Spanish military agencies

British engineering firm IMI discloses breach, shares no details

Kimsuky hackers use new custom RDP Wrapper for remote access

Critical Cisco ISE bug can let attackers run commands as root

Apple fixes this year’s first actively exploited zero-day bug

Hundreds of fake Reddit sites push Lumma Stealer malware

Google launches customizable Web Store for Enterprise extensions

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

Microsoft: macOS bug lets hackers install malicious kernel drivers

Telegram hands over data on thousands of users to US law enforcement

Green Bay Packers' online store hacked to steal credit cards

SonicWall urges admins to patch exploitable SSLVPN bug immediately

Russian ISP confirms Ukrainian hackers "destroyed" its network

Thousands of credit cards stolen in Green Bay Packers store breach

PowerSchool hack exposes student, teacher data from K-12 districts

Chinese hackers also breached Charter and Windstream networks

New DoubleClickjacking attack exploits double-clicks to hijack accounts

New details reveal how hackers hijacked 35 Google Chrome extensions

Clop ransomware is now extorting 66 Cleo data-theft victims

European Space Agency's official store hacked to steal payment cards

Malicious ads push Lumma infostealer via fake CAPTCHA pages

Ascension: Health data of 5.6 million stolen in ransomware attack

Ultralytics AI model hijacked to infect thousands with cryptominer

Veeam warns of critical RCE bug in Service Provider Console

Cloudflare’s developer domains increasingly abused by threat actors

Police seize Matrix encrypted chat service after spying on criminals

UK hospital network postpones procedures after cyberattack

Zello asks users to reset passwords after security incident

Apple fixes two zero-days used in attacks on Intel-based Macs

Microsoft 365 Admin portal abused to send sextortion emails

T-Mobile confirms it was hacked in recent wave of telecom breaches

D-Link won’t fix critical flaw affecting 60,000 older NAS devices

Meet Interlock — The new ransomware targeting FreeBSD servers

DocuSign's Envelopes API abused to send realistic fake invoices

Nokia says hackers leaked third-party app source code

Schneider Electric confirms dev platform breach after hacker steals data

DDoS site Dstat.cc seized and two suspects arrested in Germany

Fog ransomware targets SonicWall VPNs to breach corporate networks

Hackers exploit Roundcube webmail flaw to steal email, credentials

Internet Archive breached again through stolen access tokens

USDoD hacker behind National Public Data breach arrested in Brazil

Jetpack fixes critical information disclosure flaw existing since 2016

Ukrainian pleads guilty to operating Raccoon Stealer malware

Dutch police arrest admin of 'Bohemia/Cannabia' dark web market

Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server

Internet Archive hacked, data breach impacts 31 million users

Ivanti warns of three more CSA zero-days exploited in attacks

Recently patched CUPS flaw can be used to amplify DDoS attacks

Dutch Police: ‘State actor’ likely behind recent data breach

Critical flaw in NVIDIA Container Toolkit allows full host takeover

Critical Ivanti vTM auth bypass bug now exploited in attacks

Microsoft ends development of Windows Server Update Services (WSUS)

Clever 'GitHub Scanner' campaign abusing repos to push malware

Europol takes down "Ghost" encrypted messaging platform used for crime

UK arrests teen linked to Transport for London cyber attack

RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

Critical SonicWall SSLVPN bug exploited in ransomware attacks

Sextortion scams now use your "cheating" spouse’s name as a lure

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

D-Link says it is not fixing four RCE flaws in DIR-846W routers

Veeam warns of critical RCE flaw in Backup & Replication software

Cisco warns of backdoor admin account in Smart Licensing Utility

Admins of MFA bypass service plead guilty to fraud

Docker-OSX image used for security research hit by Apple DMCA takedown

Fake Palo Alto GlobalProtect used as lure to backdoor enterprises

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks

Toyota confirms breach after stolen data leaks on hacking forum

Windows driver zero-day exploited by Lazarus hackers to install rootkit

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

Critical SAP flaw allows remote attackers to bypass authentication

Hackers leak 2.7 billion data records with Social Security numbers

New AMD SinkClose flaw helps install nearly undetectable malware

INTERPOL recovers over $40 million stolen in a BEC attack

Ransomware gang targets IT workers with new SharpRhino malware

Google fixes Android kernel zero-day exploited in targeted attacks

Surge in Magniber ransomware attacks impact home users worldwide

Black Basta ransomware switches to more evasive custom malware

Microsoft says massive Azure outage was caused by DDoS attack

Google ads push fake Google Authenticator site installing malware

Meta nukes massive Instagram sextortion network of 63,000 accounts

BreachForums v1 hacking forum data leak exposes members’ info

Telegram zero-day allowed sending malicious Android APKs as videos

Critical Cisco bug lets hackers add root users on SEG devices

Critical Exim bug bypasses security filters on 1.5 million mail servers

Chinese APT40 hackers hijack SOHO routers to launch attacks

Formula 1 governing body discloses data breach after email hacks

Cisco warns of NX-OS zero-day exploited to deploy custom malware

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack

New Medusa malware variants target Android users in seven countries

Polyfill claims it has been 'defamed', returns after domain shut down

LockBit lied: Stolen data is from a bank, not US Federal Reserve

Critical GitLab bug lets attackers run pipelines as any user

Chinese Cyberspies Employ Ransomware in Attacks for Diversion

New attack uses MSC files and Windows XSS flaw to breach networks

Facebook PrestaShop module exploited to steal credit cards

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems

Black Basta ransomware gang linked to Windows zero-day attacks

New York Times warns freelancers of GitHub repo data breach

Malicious VSCode extensions with millions of installs discovered

Major London hospitals disrupted by Synnovis ransomware attack

Ticketmaster confirms massive breach after stolen data for sale online

Hackers phish finance orgs using trojanized Minesweeper clone

macOS version of elusive 'LightSpy' spyware tool discovered

Cybercriminals pose as "helpful" Stack Overflow users to push malware

New ShrinkLocker ransomware uses BitLocker to encrypt your files

Hacker defaces spyware app’s site, dumps database and source code

Russian hackers use new Lunar malware to breach a European govt's agencies

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

Europol confirms web portal breach, says no operational data stolen

Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw

Zscaler takes "test environment" offline after rumors of a breach

UK confirms Ministry of Defence payroll data exposed in data breach

French hospital CHC-SV refuses to pay LockBit extortion demand

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Okta warns of "unprecedented" credential stuffing attacks on customers

Microsoft: APT28 hackers exploit Windows flaw reported by NSA

MITRE says state hackers breached its network via Ivanti zero-days

Ransomware payments drop to record low of 28% in Q1 2024

Ivanti warns of critical flaws in its Avalanche MDM solution

Targus discloses cyberattack after hackers detected on file servers

Over 92,000 exposed D-Link NAS devices have a backdoor account

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

Google fixes two Pixel zero-day flaws exploited by forensics firms

AT&T confirms data for 73 million customers leaked on hacker forum

Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords

Finland confirms APT31 hackers behind 2021 parliament breach

Google: Spyware vendors behind 50% of zero-days exploited in 2023

New ZenHammer memory attack impacts AMD Zen CPUs

Darknet marketplace Nemesis Market seized by German police

Exploit released for Fortinet RCE bug used in attacks, patch now

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

Ivanti fixes critical Standalone Sentry bug reported by NATO

Misconfigured Firebase instances leaked 19 million plaintext passwords

Google Chrome gets real-time phishing protection later this month

LockBit ransomware affiliate gets four years in jail, to pay $860k

Switzerland: Play ransomware leaked 65,000 government documents

Flipper Zero WiFi phishing attack can unlock and steal Tesla cars

Duvel says it has "more than enough" beer after ransomware attack

BlackCat ransomware shuts down in exit scam, blames the "feds"

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

CISA cautions against using hacked Ivanti VPN gateways even after factory resets

LockBit ransomware returns, restores servers after police disruption

Police arrests LockBit ransomware members, release decryptor in global crackdown

Cactus ransomware claim to steal 1.5TB of Schneider Electric data

LockBit ransomware disrupted by global police operation

Denmark orders schools to stop sending student data to Google

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

New RustDoor macOS malware impersonates Visual Studio update

Hyundai Motor Europe hit by Black Basta ransomware attack

Ivanti: Patch new Connect Secure auth bypass bug immediately

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Chinese hackers infect Dutch armed forces network with malware

Leaky Vessels flaws allow hackers to escape Docker, runc containers

AnyDesk says hackers breached its production servers, resets passwords

Energy giant Schneider Electric hit by Cactus ransomware attack

Trello API abused to link email addresses to 15 million accounts

23andMe data breach: Hackers stole raw genotype data, health reports

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

MacOS info-stealers quickly evolve to evade XProtect detection

iShutdown scripts can help detect iOS spyware on your iPhone

ShinyHunters member gets 3 years in prison for breaching 60 firms

Netgear, Hyundai latest X accounts hacked to push crypto drainers

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Hackers hijack govt and business accounts on X for crypto scams

Hacker hijacks Orange Spain RIPE account to cause BGP havoc

The biggest cybersecurity and cyberattack stories of 2023

New Black Basta decryptor exploits ransomware flaw to recover files

Russian military hackers target Ukraine with new MASEPIE malware

‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

Lockbit ransomware disrupts emergency care at German hospitals

Steam game mod breached to push password-stealing malware

Microsoft disables MSIX protocol handler abused in malware attacks

GTA 5 source code reportedly leaked online a year after RockStar hack

Ubisoft says it's investigating reports of a new security breach

Crypto drainer steals $59 million from 63k people in Twitter ad push

Healthcare software provider data breach impacts 2.7 million

Terrapin attacks can downgrade security of OpenSSH connections

MongoDB says customer data was exposed in a cyberattack

QNAP VioStor NVR vulnerability actively exploited by malware botnet

3CX warns customers to disable SQL database integrations

Hackers are exploiting critical Apache Struts flaw using public PoC

Sophos backports RCE fix after attacks on unsupported firewalls

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

New BLUFFS attack lets attackers hijack Bluetooth connections

Welltok data breach exposes data of 8.5 million US patients

DP World confirms data stolen in cyberattack, no ransomware used

Meet the Unique New "Hacking" Group: AlphaLock

Lumma Stealer malware now uses trigonometry to evade detection

Toyota confirms breach after Medusa ransomware threatens to leak data

Cloudflare website downed by DDoS attack claimed by Anonymous Sudan

Critical Atlassian Confluence bug exploited in Cerber ransomware attacks

Discord will switch to temporary file links to block malware delivery

Apple 'Find My' network can be abused to steal keylogged passwords

New Microsoft Exchange zero-days allow RCE, data theft attacks

Massive cybercrime URL shortening service uncovered via DNS data

Atlassian warns of critical Confluence flaw leading to data loss

HackerOne paid ethical hackers over $300 million in bug bounties

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Cisco discloses new IOS XE zero-day exploited to deploy malware implant

D-Link confirms data breach after employee phishing attack

Ukrainian activists hack Trigona ransomware gang, wipe servers

Ragnar Locker ransomware’s dark web extortion sites seized by police

Hackers exploit critical flaw in WordPress Royal Elementor plugin

Genetics firm 23andMe says user data stolen in credential stuffing attack

Sony confirms data breach impacting thousands in the U.S.

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

Cisco urges admins to fix IOS software zero-day exploited in attacks

Apple emergency updates fix 3 new zero-days exploited in attacks

BlackCat ransomware hits Azure Storage with Sphynx encryptor

Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks

Apple discloses 2 new zero-days exploited to attack iPhones, Macs

Rockstar Games reportedly sold games with Razor 1911 cracks on Steam

Qakbot botnet dismantled after infecting over 700,000 computers

Attacks on Citrix NetScaler systems linked to ransomware actor

Sneaky Amazon Google ad leads to Microsoft support scam

Ivanti warns of new actively exploited MobileIron zero-day bug

Threat actors use beta apps to bypass mobile app store security

Discord.io confirms breach after hacker steals data of 760K users

Meet NoEscape: Avaddon ransomware gang's likely successor

Interpol takes down 16shop phishing-as-a-service platform

Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws

AVrecon malware infects 70,000 Linux routers to build botnet

Apple confirms WebKit security updates break browsing on some sites

Apple releases emergency update to fix zero-day exploited in attacks

Siemens Energy confirms data breach after MOVEit data-theft attack

ASUS urges customers to patch critical router vulnerabilities

Suspected LockBit ransomware affiliate arrested, charged in US

Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Terminator antivirus killer is a vulnerable Windows driver in disguise

New hacking forum leaks data of 478,000 RaidForums members

IT employee impersonates ransomware gang to extort employer

Apple fixes three new zero-days exploited to hack iPhones, Macs

MalasLocker ransomware targets Zimbra servers, demands charity donation

Discord discloses data breach after support agent got hacked

Toyota: Car location data of 2 million customers exposed for ten years

Multinational tech firm ABB hit by Black Basta ransomware attack

Google Chrome emergency update fixes first zero-day of 2023

Exploit available for critical bug in VM2 JavaScript sandbox library

Western Digital discloses network breach, My Cloud service down

New Money Message ransomware demands million dollar ransoms

Hackers compromise 3CX desktop app in a supply chain attack

Ransomware gang posts video of data stolen from Minneapolis schools

Medusa ransomware gang picks up steam as it targets companies worldwide

Stanford University discloses data breach affecting PhD applicants

Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day

GoDaddy: Hackers stole source code, installed malware in multi-year breach

Bitwarden password vaults targeted in Google ads phishing attack

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

T-Mobile hacked to steal data of 37 million accounts in API data breach

Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner

Vice Society ransomware leaks University of Duisburg-Essen’s data

NortonLifeLock warns that hackers breached Password Manager accounts

CircleCI warns of security breach — rotate your secrets!

Jenkins discloses dozens of zero-day bugs in multiple plugins

Hacker claims to be selling Twitter data of 400 million users

Okta's source code stolen after GitHub repositories hacked

Microsoft-signed malicious Windows drivers used in ransomware attacks

Cisco discloses high-severity IP phone zero-day with exploit code

Apple rolls out end-to-end encryption for iCloud backups

Samsung, LG, Mediatek certificates compromised to sign Android malware

Lastpass says hackers accessed customer data in new breach

Google pushes emergency Chrome update to fix 8th zero-day in 2022

Exploit released for actively abused ProxyNotShell Exchange bug

New Azov data wiper tries to frame researchers and BleepingComputer

TommyLeaks and SchoolBoys: Two sides of the same ransomware gang

Exploited Windows zero-day lets JavaScript files bypass security warnings

Lazarus hackers abuse Dell driver bug using new FudModule rootkit

Unpatched 15-year old Python bug allows code execution in 350k projects

LockBit ransomware builder leaked online by “angry developer”

Revolut hack exposes data of 50,000 users, fuels new phishing wave

North Korean hackers use signed macOS malware to target IT job seekers

CISA warns of Windows and UnRAR flaws exploited in the wild

Microsoft links Raspberry Robin malware to Evil Corp attacks

Microsoft finds Raspberry Robin worm in hundreds of Windows networks

LockBit 3.0 introduces the first ransomware bug bounty program

Conti ransomware finally shuts down data leak, negotiation sites

7-zip now supports Windows ‘Mark-of-the-Web’ security feature

Canada bans Huawei and ZTE from 5G networks over security concerns

US links Thanos and Jigsaw ransomware to 55-year-old doctor

Costa Rica declares national emergency after Conti ransomware attacks

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

RaidForums hacking forum seized by police, owner arrested

Chinese hackers abuse VLC Media Player to launch malware loader

Hackers breach MailChimp's internal tools to target crypto customers

QNAP warns severe OpenSSL bug affects most of its NAS devices

Samsung confirms hackers stole Galaxy devices source code

Hackers leak 190GB of alleged Samsung data, source code

Malware now using stolen NVIDIA code signing certificates

Phishing attacks target countries aiding Ukrainian refugees

TrickBot malware operation shuts down, devs move to BazarBackdoor

Ukraine links phishing targeting military to Belarusian hackers

New data-wiping malware used in destructive attacks on Ukraine

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code