CD Projekt Red, the Polish gaming firm, announced being hit by a ransomware attack affecting its network. The group responsible for the attack goes by the name of HelloKitty.

The database, which was being sold for $800, included the full names, postal codes, delivery addresses, and shop names, and 1.6 million phone records of customers from 18 countries.

McAfee disclosed the flaw (CVE-2020-25605) to Agora.io on April 20, 2020, following which the company released a new SDK on December 17, 2020, to remediate the threat posed by the vulnerability.

The school says about 200,000 people were affected by the breach. The server contained personal information for some current and former students, faculty, staff, and student applicants.

Dutch police have posted “friendly” messages on two of today’s largest hacking forums warning cyber-criminals that “hosting criminal infrastructure in the Netherlands is a lost cause.”

The first part of the database was posted on February 15 and includes 110,000 CityBee user IDs, usernames, hashed passwords, full names, as well as personal codes (national identification numbers) that belong to mostly Lithuanian CityBee users.

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on NAS devices running the vulnerable software.

The most serious of the vulnerabilities, with a severity rating of moderate, is CVE-2021-23841, a NULL pointer dereference issue that can result in a crash and a DoS condition.

According to Microsoft, web shells are among critical tools used by hackers as it records around 140,000 web shells a month between August 2020 and January 2021.

The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic with cybercriminals raking in a record $304 million in 2020.