The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently unveiled details about a sophisticated advanced persistent threat (APT) that has been exploiting the Supernova backdoor to infiltrate SolarWinds Orion installations. The breach was traced back to access gained through a connection to a compromised Pulse Secure VPN device. CISA reported…
Recent research has uncovered a security glitch in Zoom’s screen sharing feature that could inadvertently expose sensitive information to participants during video calls. This vulnerability, designated as CVE-2021-28133, is notable as it remains unpatched, enabling the possibility of revealing contents from applications not actively being shared, albeit for only brief…
Data Breach Notification, Data Security, Fraud Management & Cybercrime Cybercrime Gang Kazu Demands $200K Ransom, Leaking 1.2 Million Patient Records Marianne Kolbasuk McGee (HealthInfoSec) • November 14, 2025 Texas-based Doctor Alliance investigates claims by the Kazu cybercrime gang, which alleges it stole 1.2 million records. (Image: Doctor Alliance) The Kazu…
New Delhi Introduces Comprehensive Data Protection Framework New Delhi has unveiled a set of stringent Data Personal Data Protection (DPDP) rules aimed at enhancing security and privacy standards for personal data processing in the digital landscape. These regulations establish clear mandates for companies, requiring them to promptly inform both users…
Security Alert: Supply Chain Attack Targets Passwordstate Users Click Studios, an Australian software provider, has issued an urgent notice for clients of its password management solution, Passwordstate, to reset their passwords following a detected breach attributed to a supply chain attack. The Adelaide-based firm reported that the attack exploited sophisticated…
Scam networks across Southeast Asia have reportedly siphoned billions in stolen funds from victims worldwide, prompting United States law enforcement to act decisively against these operations. Authorities have issued warrants to seize Starlink satellite internet terminals, believed to be providing critical connectivity to cybercriminals. Two warrants and their respective affidavits,…
Data Leak Exposes Personal Information of 533 Million Facebook Users In a major data breach that underscores ongoing cybersecurity vulnerabilities, personal information for approximately 533 million Facebook users has been leaked on a prominent cybercrime forum. The data, which originates from a vulnerability exploited in 2019, has been made available…
Identity & Access Management, Litigation, Security Operations More Than 1M Victims Affected Globally Pooja Tikekar (@PoojaTikekar) • November 14, 2025 Image: Shutterstock In a significant legal maneuver, Google has filed a lawsuit against operators of a phishing-as-a-service platform known as Lighthouse, alleging that this enterprise is responsible for orchestrating a…
On November 13, 2025, DoorDash Inc. revealed it had suffered a significant data breach resulting from a social engineering attack that occurred the previous month. The breach exposed crucial customer data, including names, email addresses, phone numbers, and delivery addresses, raising concerns about the persistent vulnerabilities inherent to even the…
