Kirsten Doyle

An encrypted messaging app used by President Trump’s former national security advisor, Mike Waltz, during a recent Cabinet meeting has temporarily gone dark after reportedly being hacked. The app in question, TeleMessage, an Israel-based platform that functions as a customized version of Signal—was breached, though attackers didn’t get access to messages from Waltz or his contacts, according to 404 Media, which first broke the story. Still, the incident raises some serious questions. If a secure app designed for message archiving and compliance is being used by high-ranking officials—and it’s still vulnerable—how confident can the rest of us be in its…

Hot on the heels of Marks & Spencer suffering a cyber attack, the Co-operative Group has become the latest high-profile UK retailer targeted in a major cyberattack—one that now appears far more serious than initially disclosed. A ransomware group calling itself DragonForce contacted the BBC with proof of a large-scale data breach, claiming they had exfiltrated sensitive personal data from Co-op’s internal systems. The stolen information reportedly includes names, home addresses, phone numbers, email addresses, and membership card details of up to 20 million current and former members. The bad actor also shared employee usernames and passwords and screenshots of…

A sophisticated cybercrime campaign led by the threat actor group Luna Moth is actively targeting legal and financial institutions in the United States. The campaign uses callback phishing, legitimate IT tools, and data extortion tactics to steal sensitive information and demand multimillion-dollar ransoms. According to new research by EclecticIQ, Luna Moth (also tracked as Silent Ransom Group, UNC3753, and Storm-0252) is behind a wave of high-volume phishing campaigns that rely not on malware but on social engineering, fake helpdesk sites, and commercially available remote monitoring and management (RMM) software to compromise their victims. Callback Phishing: The New Playbook The attacks…

Cybersecurity researcher Jeremiah Fowler has uncovered a publicly accessible database containing over half a million records linked to an online ticket resale service. He reported the discovery to vpnMentor. The database was neither password-protected nor encrypted and contained 520,054 records totalling approximately 200 GB. Based on file and folder names, the data appeared to belong to “Ticket to Cash,” a resale platform for event tickets. Fowler reviewed a small sample of the documents, which included concert and event tickets, ticket transfers, receipts, and user-uploaded screenshots. Some files contained personally identifiable information (PII), such as partial credit card numbers, full names,…

An enhanced version of the StealC infostealer has been found in the wild, featuring a slew of upgrades that improve its stealth, payload control, and data exfiltration capabilities.   Dubbed StealC V2, this latest variant shows how malware authors are rapidly evolving commodity stealers into sophisticated, modular tools that are able to evade modern detection techniques. Researchers from Zscaler ThreatLabz identified and analyzed multiple recent samples of StealC V2, and discoverd that it has adopted RC4 encryption, PowerShell-based execution, and a redesigned command-and-control (C2) protocol. Also, this scourge now features a modular control panel that allows bad actors to customize the…

Twenty-five years ago today, the world was introduced to one of the most infamous computer viruses in history: ILOVEYOU. Disguised as a love letter in a simple email attachment, the worm spread like wildfire across inboxes on 4 May 2000, infecting an estimated 45 million systems within days. It caused billions in damages and forced global businesses, governments, and individuals to rethink how they handled email security. ILOVEYOU marked a turning point in cybersecurity. Unlike earlier viruses that relied on floppy disks or infected executables, ILOVEYOU exploited the human element, such as curiosity, trust, and a desire for connection. It…

World Password Day, observed on the first Thursday of May, is a global reminder of just how critical strong password habits are in today’s digital world. With cyber threats continuing to evolve, this day encourages everyone, from individuals to large organizations, to take a closer look at how they protect their online identities.   To mark the occasion, several cybersecurity experts shared their insights on the current state of password security, the challenges we face, and what steps we can all take to stay safer online. Tony Ball, President, Payment & Identity, at Entrust For decades, passwords have been the weak…

Aqua Security’s Team Nautilus has discovered a critical vulnerability in six popular AWS services that could allow bad actors to gain control over cloud environments. The flaw, rooted in how AWS automatically creates default IAM roles in new regions, could be exploited without user interaction. It could endanger organizations using Glue, SageMaker, EMR, CloudFormation, Redshift, and CodeBuild. The attack vector, termed “Shadow Role”, takes advantage of AWS’s behavior of silently creating IAM roles with predefined trust policies when specific services are used in a new region. These roles are designed to allow specific AWS services to assume them on behalf…

Seventy-five zero-day vulnerabilities were actively exploited in 2024 — down from 98 in 2023, but still higher than the 63 reported in 2022. These vulnerabilities were split between consumer-facing platforms like browsers and mobile devices, and enterprise-level technologies such as security software and networking appliances. This was one of the findings of Google Threat Intelligence Group’s (GTIG’s) annual report on zero-day vulnerabilities exploited in the wild. It revealed an interesting shift in attacker priorities despite a drop in total cases. “While individual year counts have fluctuated, the average trendline indicates that the rate of zero-day exploitation continues to grow at…

A trusted Uyghur-language text editor has been weaponized to target exiled Uyghur activists, says a new investigation by Citizen Lab. In this campaign, threat actors are exploiting culturally significant software to conduct digital surveillance against the Uyghur diaspora, a community already under intense pressure from the Chinese government. This incident is the latest in a series of digital attacks against Uyghur, Tibetan, and other diaspora communities. For years, Chinese state-aligned actors have used malware, phishing, and spyware, often hidden in culturally relevant apps, to monitor, intimidate, and silence critics abroad.  Spearphishing Attack Targets World Uyghur Congress The attack began with…