Author: Kirsten Doyle

Meta’s jaw-dropping announcement that it is ending its third-party fact-checking program is likely to trigger increased activity from fake accounts and troll farms, which specialize in disseminating intentional falsehoods. The social media giant’s decision to end its fact-checking initiatives raises serious concerns about a potential flood of online disinformation and its broader societal implications. Fact-checkers have been instrumental in helping users recognize fake news and other false information by flagging potentially misleading content and offering links to credible sources. Rather than removing content, the system provided users with the context necessary to make informed choices. Meta, not the fact-checkers, made…

Three Russian nationals have been charged for their involvement in operating cryptocurrency mixing services Blender.io and Sinbad.io, according to an indictment unsealed on January 7 by a federal grand jury in the Northern District of Georgia. The charges stem from an extensive investigation into the laundering of criminal proceeds through these platforms, which authorities allege facilitated cybercrime and jeopardized national security. Roman Vitalyevich Ostapenko, 55, and Alexander Evgenievich Oleynik, 44, were arrested on 1 December last year following the dismantling of Sinbad.io’s infrastructure in late 2023. A third defendant, Anton Vyachlavovich Tarasov, 32, remains at large. The Allegations According to…

Medusind, a healthcare revenue cycle management provider, has disclosed a data breach that compromised the personal and health information of 360,934 people. The breach, which happened over a year ago, affirms the ongoing cybersecurity challenges in the healthcare sector. The company, which operates 12 locations across the US and India and supports more than 6,000 healthcare providers, detected suspicious activity on its network on 29 December 2023. It immediately took its systems offline and enlisted a cybersecurity forensic firm to investigate. In a breach notice sent to affected individuals, Medusind confirmed that a “cybercriminal may have obtained a copy of…

Check Point Research (CPR) has uncovered a sophisticated new version of the Banshee macOS Stealer malware, capable of stealing browser credentials, cryptocurrency wallets, and other sensitive data. This latest version, undetected for over two months, raises alarms for macOS users worldwide. macOS has long been seen as a secure platform, but with over 100 million users globally, it is attracting the attention of cyber crooks. Banshee Stealer rearing its ugly head highlights the growing risks to macOS users and the need for better cybersecurity measures to protect these devices. The malware’s obfuscation abilities are next level – it blends seamlessly…

Organizations are urged to act swiftly to address vulnerabilities impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways by sticking to the latest guidance from the vendor. Ivanti has released a critical security update addressing these vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283. The fix is now available via Ivanti’s standard download portal. The company disclosed that a limited number of Ivanti Connect Secure appliances were exploited through CVE-2025-0282 at the time of disclosure. However, it says there is no evidence that the vulnerabilities have been exploited in Ivanti Policy Secure or Neurons for ZTA gateways. Swift Response and Collaboration Threat…

Last year saw increasingly sophisticated cybersecurity threats as malicious actors leveraged all forms of AI to create difficult-to-detect phishing attacks, deepfakes, and ransomware incidents. To counter these, organizations adopted AI-driven security solutions, including threat detection, automated incident response, and intelligent vulnerability management, to protect data and infrastructure. “In 2025, as AI evolves further in sophistication and adoption, alongside the growing burden of data breach costs and regulation – in addition to implementing advanced cybersecurity measures, organizations must prioritize real-world security awareness training,” says Usman Choudhary, Chief Product & Technology Officer, VIPRE Security Group, sharing his cybersecurity predictions for 2025. AI-Powered Phishing His…

Casio has said nearly 8500 people were affected by a ransomware attack that compromised its servers on 5 October last year. The attack led to data leaks, including internal documents and personal information, but no credit card information was included in the leaked information. Based on the investigation’s results, the company is in the process of identifying the affected business partners and customers. It said it would contact them individually once this was clear and take all necessary steps to protect their privacy. The company has apologized for the incident, acknowledging the concerns it has caused to customers, employees, and…

Critical vulnerabilities discovered in Moxa’s industrial networking devices could allow privilege escalation and OS command injection, exposing critical infrastructure to potential cyberattacks. In a security advisory, Moxa said that affected models include EDR and TN series routers widely used in industrial automation, energy, and telecommunications. Successful exploitation could grant attackers control over devices, posing a significant risk to operational systems. The Impact According to Moxa, the identified vulnerability types and potential impacts are as follows: CWE-656: Reliance on Security Through Obscurity (CVE-2024-9138). The exploitation of hard-coded credentials could allow an authenticated user to gain root-level access, leading to system compromise,…

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Beijing-based Integrity Technology Group (Integrity Tech) for its involvement in cyber intrusion campaigns targeting US entities. Integrity Tech has been linked to Flax Typhoon, a Chinese state-sponsored cyber group known for targeting critical infrastructure sectors across the US and beyond. The decision highlights the persistent threat posed by Chinese threat actors, which were named as a significant risk to US national security in the latest Office of the Director of National Intelligence (ODNI) Annual Threat Assessment. In fact, recent attacks even extended to the Treasury’s own…

An engineering team from Wiz has discovered a critical vulnerability in Nuclei, a popular open-source security tool developed by ProjectDiscovery. The vulnerability, assigned as CVE-2024-43405, enables malicious actors to bypass the tool’s signature verification process, potentially enabling arbitrary code execution. This discovery has raised the alarm within the cybersecurity community, particularly among entities that rely on Nuclei for automated vulnerability scanning. Nuclei’s Role in Security Operations The tool is widely used for its YAML-based templates. According to Wiz, these templates “define the logic for detecting vulnerabilities, misconfigurations, and other security issues across various protocols and technologies.” One feature that sets Nuclei…