The stolen data may include a wide range of personal information such as Social Security numbers, financial account details, medical information, and usernames and passwords.

The Phobos ransomware strain, distributed through ransomware-as-a-service, has targeted a wide range of organizations, including governments, healthcare, education, and critical infrastructure sectors.

The latest variant of BIFROSE masquerades as VMware by reaching out to a deceptive domain. There has been a spike in BIFROSE activity since October 2023, and a new Arm version of the malware has been discovered.

The critical vulnerability in Facebook’s password reset process involved a rate-limiting issue in a specific endpoint, which could be exploited to brute-force a nonce and gain access to a user’s account.

An exposed database belonging to YX International leaked sensitive data including one-time security codes for major tech and online companies like Facebook, Google, and TikTok.

The breached data included names, Social Security numbers, financial account information, and medical information. An unauthorized third party accessed the firm’s network, leading to a data breach.

The Department of Foreign Affairs in Ireland has found no evidence to support the claim of a cyber extortion group called Mogilevich that it stole data from their IT systems.

This ransomware steals and encrypts files, demanding ransom for decryption and not releasing stolen data. It is based on the HelloKitty ransomware source code and has been observed in various regions.

The company attributed the infection to software adjustments made by developers to reduce boot times, which inadvertently affected network settings and omitted digital signatures.

The technique works with identity providers like Microsoft Entra ID and can enable attackers to access applications by forging SAML responses with compromised private keys.