Latest news as of 5/9/2025, 12:51:40 PM
The Register
No MFA? No problem – as long as you show you’ve learned your lesson The UK's data protection overlord is not going to pursue any further investigation into the British Library's 2023 ransomware attack.…
The Hacker News
Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance," the company
Have I Been Pwned
In March 2025, . The data was subsequently published to a popular hacking forum and included email addresses, names and usernames. almost 55k records were breached from the Hungarian education office website TehetségKapu
The Hacker News
SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-44221 (CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to
Dark Reading
The China-linked cyber-operations group, better known as Lotus Panda, uses its own custom malware to focus on government agencies and private companies in Hong Kong, the Philippines, Taiwan, and Vietnam.
Bleeping Computer
A China-aligned APT threat actor named "TheWizards" abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. [...]
Graham Cluley
He's not a pop star, but Jeffrey Bowie is alleged to have toured staff areas of a hospital in Oklahoma, hunting for computers he could install spyware on. We dive into the bizarre case of the man accused of hacking medical networks and then sharing how he did it on LinkedIn. Plus! Move over Nigerian princes — the WASPI scams are here. Fraudsters are now targeting UK women born in the 1950s, exploiting pension injustice for phishing gain. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
The Register
For now it's a potential bug-finder and friend to defenders Former NSA cyber-boss Rob Joyce thinks today's artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.… RSAC
Dark Reading
The chat infrastructure and data-leak site of the notorious ransomware-as-a-service group has been inactive since March 31, according to security vendors.
Krebs on Security
A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims.