A security lapse in a mobile app operated by India’s Education Ministry exposed the personally identifying information of millions of students and teachers for over a year.

Organizations need to strike the balance of carrying out enough due diligence before patching, and then patching as quickly as possible to defend themselves against emerging threats.

According to the email received by cryptocurrency trading platform Coinigy, Zendesk learned on October 25, 2022, that several employees were targeted in a “sophisticated SMS phishing campaign”.

Uber’s recent data breach, which exposed sensitive employee and customer data to the BreachForums hacking forum, was the latest in a string of security incidents to hit the company in the last few years.

In a blog post dated January 17, Datadog Security Labs senior researcher Nick Frichette said the vulnerability impacts the CloudTrail event logging service, a data source for defenders examining API activities.

The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber operations.

On Tuesday, a group of hackers going by the name “Genesis Day” claimed it attacked Samsung’s offices in South Korea because of the country’s recent opening of a mission to the North Atlantic Treaty Organization (NATO).

Companies affected by the recent Mailchimp data breach have started notifying affected customers. The list includes WooCommerce, FanDuel, Yuga Labs, and the Solana Foundation.

A new Android malware, named Gigabud, was found impersonating government agencies, financial institutions, and other organizations from Thailand, Peru, and the Philippines to harvest user banking credentials. Gigabud leverages a server-side verification process to ensure that the mobile number entered during registration is legitimate. Experts suspect that the malware operator will continue to expand its targets […]