Microsoft Uncovers Chinese Botnet Targeting Organizations with Evasive Password Spray Attacks Microsoft has reported the activity of a Chinese threat actor known as Storm-0940, which is employing a sophisticated botnet identified as Quad7. This botnet has been linked to a series of highly evasive password spray attacks aimed at stealing…
In a concerning development for cybersecurity, a series of spear-phishing attacks have emerged, utilizing weaponized Microsoft Word documents themed around Windows 11 Alpha. Researchers from the cybersecurity firm Anomali reported the campaigns involved Visual Basic macros designed to deploy malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service…
Ribbon Communications, a prominent American telecommunications company responsible for facilitating major phone and data networks globally, has disclosed a significant security breach. The firm has confirmed that nation-state hackers, believed to have affiliations with an unnamed foreign government, infiltrated its systems and remained undetected for nearly a year. Headquartered in…
Medibank Suffers Major Data Breach Following Ransomware Attack In a significant cybersecurity incident, Australian health insurance provider Medibank has reported unauthorized access to the personal information of all its customers, following a recent ransomware attack. This breach highlights vulnerabilities within the organization and raises alarms regarding data security in the…
Governance & Risk Management, Healthcare, Industry Specific Agency Warns Vertikal Systems Vulnerabilities Could Help Hackers Access Data Marianne Kolbasuk McGee (HealthInfoSec) • October 29, 2025 CISA has issued warnings regarding vulnerabilities in Vertikal Systems’ hospital management software that may expose sensitive data to hackers. (Image: Vertikal) U.S. federal authorities have…
Businesses concerned about cybersecurity may already be familiar with Have I Been Pwned, a site dedicated to notifying users about data breaches. Recently, Proton, the company behind ProtonMail, launched its own data breach alert service named the Data Breach Observatory. This platform aims to provide near real-time notifications to individuals…
Recent cybersecurity research has identified a significant campaign, known as EMERALDWHALE, which exploits exposed Git configurations to extract credentials, clone private repositories, and even obtain cloud service credentials embedded in source code. This operation has reportedly compromised over 10,000 private repositories, with the stolen data stored in an Amazon S3…
Microsoft has recently issued a warning regarding an actively exploited zero-day vulnerability affecting Internet Explorer. This flaw is being utilized to compromise Windows systems by means of malicious Microsoft Office documents. Identified as CVE-2021-40444 with a CVSS score of 8.8, the vulnerability resides in MSHTML, a proprietary browser engine that…
Former Executive Pleads Guilty to Selling Trade Secrets to Russian Buyer In a significant case involving cybersecurity breaches, a former executive from a firm specializing in zero-day vulnerabilities and exploits was sentenced in federal court in Washington, DC, for trafficking in trade secrets valued at a minimum of $1.3 million.…
