Governance, Risk and ComplianceNew York fines PayPal $2 million for shoddy security practicesShaun NicholsJanuary 23, 2025Settlement stems from 2022 data breach that saw some customer Social Security numbers exposed to threat actors.
AI/MLGhostGPT offers AI coding, phishing assistance for cybercriminalsLaura FrenchJanuary 23, 2025The “uncensored” GenAI tool was advertised on cybercrime forums with a focus on BEC scams.
Vulnerability ManagementSonicWall fixes bug rated 9.8 in mobile management applianceSteve ZurierJanuary 23, 2025Customers should patch immediately as the bug has already been exploited in the wild.
Vulnerability ManagementHigh-severity flaw in file archiver 7-Zip requires manual updateLaura FrenchJanuary 22, 2025The vulnerability could enable attackers to use nested archives to bypass Windows security warnings.
Vulnerability ManagementFake Homebrew site leverages Google ads to target macOS, Linux devicesSteve ZurierJanuary 22, 2025Attackers drop infostealer malware that grabs credentials, web browser data, and crypto wallets.
AI/MLTrump repeals 2023 Biden administration executive order on AILaura FrenchJanuary 21, 2025The reversal removes certain reporting requirements for developers of powerful foundation models.
Data SecurityEx-CIA intelligence analyst charged for stealing, sharing secretsShaun NicholsJanuary 21, 2025Virginia man faces up 10 years in prison for two counts of willful retention and transmission of classified information.
Data SecurityWindows BitLocker bug exposes AES-XTS encryptionSteve ZurierJanuary 21, 2025The bug shows how by manipulating ciphertext blocks, attackers can use sophisticated new ways to target BitLocker full-disk encryption.
Phishing‘Sneaky Log’ phishing kits slip by Microsoft 365 accountsSteve ZurierJanuary 17, 2025Phishing-as-a-Service kits intercept user credentials and 2FA, bypassing many email and secure web gateways.
Data SecurityFeds worry AT&T breach could out informantsShaun NicholsJanuary 17, 2025The FBI is reportedly in a panic over a possible leak of informant data thanks to an AT&T data breach