An international financial institution owned by the world’s central banks has published a new framework designed to help members mitigate cyber risks associated with their digital currencies.

Unlike its competitors, Genesis Market did not just sell stolen data and credentials but also provided a platform to criminals that allowed them to weaponize that data using a custom browser extension to impersonate victims.

A recently patched vulnerability in Ubiquiti EdgeRouter and AirCube devices could be exploited to execute arbitrary code, vulnerability reporting firm SSD Secure Disclosure warns.

Honeywell has agreed to acquire SCADAfence for an undisclosed amount and plans on integrating its solutions into the company’s Forge Cybersecurity+ suite. The deal is expected to close in the second half of the year.

Indonesian security researcher Teguh Aprianto revealed on Twitter last week that a hacker had put up for sale Indonesian passport holders’ details including their full names, birth dates, gender, passport numbers, and passport validity dates.

The HHS HIPAA Breach Reporting Tool shows that 336 major health data breaches affected nearly 41.4 million individuals between January 1st and June 30th this year – nearly double the number affected during the same period last year.

ISACA is joining the European Cyber Security Organisation (ECSO). The membership will work to accelerate ECSO and ISACA’s shared commitment to advancing cybersecurity, fostering collaboration and driving digital trust across Europe.

According to researchers at Vade, the attack email includes a harmful HTML attachment with JavaScript code. This code is designed to gather the recipient’s email address and modify the page using data from a callback function’s variable.

These packages imitated legitimate modules, such as jquery, which has millions of weekly downloads. Although the malicious packages were downloaded roughly 1000 times, they were swiftly removed from npm after detection.

The Big Head ransomware displays a fake Windows update to deceive victims, communicates with the threat actor via a Telegram bot, and drops ransom notes with contact information.