Kirsten Doyle

Troy Hunt, a security consultant who runs the popular data-breach search service Have I Been Pwned?, has disclosed that he has become a victim of a phishing attack that exposed the email addresses of 16,000 subscribers to his blog troyhunt.com. “Every active subscriber on my list will shortly receive an email notification by virtue of this blog post going out,” he said. The export also included people who have unsubscribed, and Hunt questioned why Mailchimp would keep these in the first place. “I’ll need to work out how to handle those ones separately. I’ve been in touch with Mailchimp but don’t have a reply…

By 2027, AI agents are expected to reduce the time required to exploit account exposures by 50%. This was revealed in Gartner’s new report, titled: “Predicts 2025: Navigating Imminent AI Turbulence for Cybersecurity.”  Jeremy D’Hoinne, VP Analyst at Gartner, says account takeover (ATO) is a persistent attack vector as weak authentication credentials, including passwords, are gathered in a slew of ways, including data breaches, phishing, social engineering, and malware. “Attackers then leverage bots to automate a barrage of login attempts across a variety of services in the hope that the credentials have been reused on multiple platforms.” According to the…

Google Chrome has confirmed in a statement on 20 March that a security researcher has discovered a critical vulnerability affecting all users across every platform—except, unsurprisingly, iOS. Full technical details have not been published to give users time to protect their systems, the severity of the issue is undeniable. CVE-2025-2476 is a critical-rated use-after-free memory issue in the Lens component of the Chrome browser. This, says the Vulners vulnerability database, could enable “remote attackers to exploit heap corruption via crafted HTML.” Simply said, a malicious web page could leave businesses open to attack. According to the MITRE Common Weakness Enumeration…

Cybersecurity firm CloudSEK has identified a major data breach involving Oracle Cloud. A threat actor, known as “rose87168,” claims to be selling around 6 million records stolen from Oracle Cloud’s Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) servers. The compromised data includes Java KeyStore (JKS) files, encrypted SSO passwords, key files, and Enterprise Manager Java Platform Security (JPS) keys. These are now for sale Breach Forums and other dark web marketplaces. According to CloudSEK, the breach, discovered on 21 March, is believed to have originated from an undisclosed vulnerability in the Oracle Cloud login endpoint (login.[region-name].oraclecloud.com), allowing unsanctioned…

Once widespread for facilitating deeper customization and removing OS limitations on mobile devices, rooting and jailbreaking, are becoming primarily the domain of power users, as manufacturers have made giant leaps to limit this practice via two different approaches. Firstly, by adding additional customization options to prevent users from feeling restricted, and secondly, by introducing more stringent security protocols into stock Android and iOS versions. However, despite a drop in the number of rooted and jailbroken devices in general, they still represent a very dire security threat, not to the user alone, but to entities who allow staff members to access…

Elastic Security Labs has observed a financially motivated campaign delivering Medusa ransomware via a HEARTCRYPT-packed loader.   This loader is deployed alongside a driver, signed with a revoked certificate from a Chinese vendor, which Elastic has named ABYSSWORKER. Once installed on the victim’s machine, the driver is used to disable various EDR solutions. This EDR-disrupting driver was previously reported by ConnectWise in a separate campaign, where it utilized a different certificate and IO control codes, and some of its functionalities were analyzed at that time. According to Elastic Security Labs, “Cybercriminals are increasingly bringing their own drivers — either exploiting a…

The danger to cryptography posed by next-generation large-scale, fault-tolerant quantum computers is widely understood. Although current encryption methods, which are used to secure everything from banking to communications, are based on mathematical algorithms that the everyday PC is unable to crack, a new era of incredibly fast quantum computers is just a few years away, poised to revolutionize problem-solving, communication, and computation. Modern cryptography relies on algorithms specifically designed to be as difficult to break as possible. For instance, today’s public key algorithms—such as RSA, Diffie-Hellman, and Elliptic Curve—are used to help communicating parties establish cryptographic keys or to generate…

California Cryobank (CCB), one of the world’s largest reproductive tissue banks, has begun informing consumers about a data breach impacting an unspecified number of individuals. The biotechnology company reported detecting unauthorized activity on certain computers on 21 April last year, and subsequently isolated them from its IT network. Protecting Data Confidentiality In a statement, the company said it is committed to protecting the confidentiality and security of the information it maintains. “CCB recently completed our investigation of an incident that involved unauthorized activity on certain computers in our information technology (“IT”) environment. Upon identifying the activity, it said it isolated…

A highly advanced zero-day vulnerability has been covertly exploited for years by multiple state-sponsored hacking groups, underscoring its severe security risks. This flaw leverages Windows shortcut (.lnk) files, enabling attackers to stealthily execute malicious commands without detection. However, Microsoft tagged it as “not meeting the bar servicing” in late September and said it wouldn’t release security updates to address it. While Microsoft has yet to assign a CVE-ID to this vulnerability, Trend Micro is tracking it internally as ZDI-CAN-25373 and said it enables bad actors to execute arbitrary code on affected Windows systems. Trend Micro’s experts have linked the…

Western Alliance Bank has announced a data breach affecting 21,899 people, that was caused by an October 2024 cyberattack on a third-party file transfer software. The breach exposed sensitive personal and financial information, including names, Social Security numbers, driver’s license details, and financial account numbers. The bank said the malicious actors exploited a zero-day vulnerability in the third-party software to breach a limited number of Western Alliance systems and exfiltrate files stored on the compromised devices. Western Alliance found that customer data was exfiltrated from its network only after discovering that the attackers leaked some files stolen from its systems. The breach happened on 12…