Kirsten Doyle

California Cryobank (CCB), one of the world’s largest reproductive tissue banks, has begun informing consumers about a data breach impacting an unspecified number of individuals. The biotechnology company reported detecting unauthorized activity on certain computers on 21 April last year, and subsequently isolated them from its IT network. Protecting Data Confidentiality In a statement, the company said it is committed to protecting the confidentiality and security of the information it maintains. “CCB recently completed our investigation of an incident that involved unauthorized activity on certain computers in our information technology (“IT”) environment. Upon identifying the activity, it said it isolated…

A highly advanced zero-day vulnerability has been covertly exploited for years by multiple state-sponsored hacking groups, underscoring its severe security risks. This flaw leverages Windows shortcut (.lnk) files, enabling attackers to stealthily execute malicious commands without detection. However, Microsoft tagged it as “not meeting the bar servicing” in late September and said it wouldn’t release security updates to address it. While Microsoft has yet to assign a CVE-ID to this vulnerability, Trend Micro is tracking it internally as ZDI-CAN-25373 and said it enables bad actors to execute arbitrary code on affected Windows systems. Trend Micro’s experts have linked the…

Western Alliance Bank has announced a data breach affecting 21,899 people, that was caused by an October 2024 cyberattack on a third-party file transfer software. The breach exposed sensitive personal and financial information, including names, Social Security numbers, driver’s license details, and financial account numbers. The bank said the malicious actors exploited a zero-day vulnerability in the third-party software to breach a limited number of Western Alliance systems and exfiltrate files stored on the compromised devices. Western Alliance found that customer data was exfiltrated from its network only after discovering that the attackers leaked some files stolen from its systems. The breach happened on 12…

A newly discovered remote code execution (RCE) vulnerability, CVE-2025-24813, is actively being exploited, putting Apache Tomcat servers at risk—malicious actors need but a single PUT API request to gain full control over vulnerable systems. The exploit was initially published by a Chinese forum user, iSee857, with a proof-of-concept (PoC) code now readily available online. How a Simple PUT Request Leads to Full RCE The attack takes advantage of Tomcat’s default session persistence mechanism and its support for partial PUT requests. Wallarm says it follows a straightforward two-step process: Step 1: Uploading a Malicious Serialized Session According to Wallarm: “The attacker…

Security researchers at Guardz have warned of new malicious campaigns that abuse Microsoft 365 for phishing , or target the service’s users to take over their accounts. As part of one campaign, malicious actors are leveraging legitimate Microsoft domains and tenant misconfigurations in BEC attacks likely aimed at stealing credentials and performing account takeover (ATO).   According to the researchers, this attack exploits genuine Microsoft services to fashion a trusted delivery mechanism for phishing content, making it tricky for technical controls and security practitioners to detect. Operating Within Microsoft’s Ecosystem Unlike conventional phishing, which depends on fake domains crafted to appear…

A major security flaw has been found in RSA encryption keys used across the internet. Researchers discovered that about one in 172 online certificates are at risk due to a mathematical weakness. The issue mainly affects Internet of Things (IoT) devices but could impact any system using improperly generated RSA keys, arising from poor random number generation during key creation, particularly in devices with limited entropy sources.  If RSA keys lack enough randomness, they could share prime factors with other keys, making them easy to break using a factorization attack. Factorization Attacks This type of attack takes advantage of a…

Over 23,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action, say researchers at StepSecurity. GitHub Actions is a CI/CD service that allows developers to automate software builds and testing. Workflows run in response to specific events, such as committing new code to a repository. With adoption in over 23,000 repositories, tj-actions/changed-files is a GitHub Action designed to retrieve all files and directories. Last Friday, a malicious commit in the Action was uncovered whereby bad actors modified its code and retroactively updated multiple version tags to reference the malicious commit. The supply chain compromise has…

As APIs become more integral to both everyday digital services and complex AI systems, concerns over their security are growing — and not without good reason. APIs are the connective tissue of modern software, but without strong governance, they can also represent serious vulnerabilities. Recent research by Kong, called “API Security Perspectives 2025”, highlights that API security is increasingly seen as a critical concern for IT teams, as AI-enhanced threats push the boundaries of traditional cybersecurity defenses. Kong also forecasts a staggering 548% increase in API attacks by 2030, underscoring that API security risks are expected to accelerate significantly in…

FCC Chairman Brendan Carr has announced the creation of a new Council on National Security within the agency, which he says aims at strengthening US defenses against foreign technology threats — particularly those from China. According to the FCC, the Council will use the full scope of the FCC’s regulatory, investigatory, and enforcement powers to protect US networks, technology, and supply chains. Carr also appointed Adam Chan, his National Security Counsel, as the first Director of the Council. “Today, the country faces a persistent and constant threat from foreign adversaries, particularly the CCP,” said Carr. “These bad actors are always…

The next generation of artificial intelligence (AI), known as “agents,” may open the door to new cyber threats, experts are warning.  AI agents are advanced tools that can carry out tasks on their own, such as browsing the internet, writing emails, or even interacting with websites. While they are designed to help people automate mundane jobs, they can also be used by malicious actors to carry out cyberattacks more easily. A New Tool for Malefactors? Until now, threat actors have used AI to help craft convincing phishing emails or write malicious code, but these tools needed people to operate them…