Critical Windows NTLM Zero-Day Vulnerability Left Unpatched Until April 2024
A severe security flaw affecting all Windows versions allows attackers to capture NTLM credentials through malicious files in Windows Explorer. Microsoft plans to address this zero-day vulnerability in April 2024, leaving systems potentially exposed for months.
Chinese Hackers Breach US Telecom Networks in Massive 'Salt Typhoon' Espionage Operation
US officials reveal a sophisticated Chinese cyber espionage campaign that infiltrated eight telecom providers, accessing private communications of senior political figures. The operation, dubbed 'Salt Typhoon,' compromised law enforcement wiretapping systems and sparked immediate congressional action.
Croatian Port Operator Successfully Blocks 8Base Ransomware Attack
Luka Rijeka, a major Croatian port operator, thwarted a ransomware attack through rapid incident response and system shutdowns. The company's IT team successfully restored operations within days, preventing data loss despite threats from the 8Base ransomware group.
Critical Prompt Injection Flaws Discovered in Leading AI Chatbots
Security researchers uncover dangerous vulnerabilities in DeepSeek and Claude AI chatbots that could enable account hijacking and malicious code execution. The findings highlight significant security risks in AI systems, prompting companies to strengthen defenses against prompt injection attacks.
Massive Socks5Systemz Botnet Fuels Illegal Global Proxy Service Network
BitSight uncovers a sprawling botnet operation that has compromised over 85,000 devices to power an illicit proxy service called PROXY.AM. The network, active since 2013, allows cybercriminals to rent infected machines as proxy servers for monthly fees up to $700.
Critical Buffer Overflow Vulnerability Discovered in Curl Web Tool
A serious security flaw in Curl, the widely-used data transfer tool, could allow attackers to exploit buffer overflow vulnerabilities when processing IP addresses. The issue affects both IPv4 and IPv6 address handling, putting countless websites and applications at risk.
Apple Faces $1.2 Billion Lawsuit Over Abandoned Child Safety Scanning System
Apple is being sued for $1.2 billion by child abuse victims after abandoning plans to scan iCloud for CSAM content. The lawsuit, representing over 2,600 victims, argues that Apple's decision enables continued circulation of abuse materials while the company defends its commitment to fighting exploitation.
Inside the Secret Life of Brian Krebs: The Journalist Who Hunts Cybercriminals
From an undisclosed location, cybersecurity journalist Brian Krebs fearlessly investigates and exposes dangerous cybercriminals, despite constant threats and attacks. His deep technical expertise and vast network of sources have helped uncover major data breaches and cybercrime operations.
Kentucky Healthcare Provider PrimaryPlus Hit by Disruptive Cyberattack
A cyberattack has severely impacted operations at PrimaryPlus, a nonprofit healthcare organization in Kentucky, causing phone and pharmacy disruptions. While maintaining most patient services, the organization is working with forensics experts to investigate the breach and enhance security measures.
Teen Hacker Charged in $4M Scattered Spider Cybercrime Spree
A 19-year-old hacker faces federal charges for orchestrating sophisticated phishing attacks against major companies, causing over $4 million in losses. As the sixth alleged member of Scattered Spider, Remington Ogletree targeted telecom and financial institutions through social engineering schemes.