Latest news as of 9/20/2025, 11:28:04 AM
The Register
Including messages sent to users, a potential problem for the privacy-conscious Encrypted messaging app Signal is rolling out a free storage system for its users, with extra space if folks are willing to pay for it.…
The Hacker News
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841. "The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming that the 2024 Salt Typhoon attacks were not the first activity carried out by this group," Silent Push
Bleeping Computer
Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. [...]
The Register
Meta shrugs off allegations of improper dismissal, ignoring privacy and security WhatsApp's former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him for reporting security failings that violated legal commitments.…
Krebs on Security
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.
Bleeping Computer
Large network scans have been targeting Cisco ASA devices, prompting warnings from cybersecurity researchers that it could indicate an upcoming flaw in the products. [...]
The Register
Auditors find federal cybersecurity workforce data messy, incomplete, and unreliable The US federal government employs tens of thousands of cybersecurity professionals at a cost of billions per year – or at least it thinks it does, as auditors have found the figures are incomplete and unreliable. …
Dark Reading
A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems.
Dark Reading
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens.
The Register
Meanwhile the victim count grows The Salesloft Drift breach that compromised "hundreds" of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft GitHub account in March.…