Windows Privacy Alert: Microsoft Recall Feature Found Storing Sensitive Personal Data
Microsoft's new Windows Recall feature has been discovered capturing and storing screenshots containing sensitive information like credit card and Social Security numbers, despite built-in privacy filters. Security experts recommend immediate disabling of the feature while Microsoft claims improvements are in development.
Krispy Kreme's Digital Operations Hit by Cyberattack, Online Ordering Suspended
Popular doughnut chain Krispy Kreme is battling system disruptions after discovering unauthorized IT activity, impacting digital sales channels while physical stores remain open. The company faces potential financial impact from lost revenue and recovery costs, though daily deliveries continue unaffected.
ZLoader Malware Resurfaces with Advanced DNS Tunneling for Stealthy Attacks
A dangerous new variant of ZLoader malware has emerged with sophisticated DNS tunneling capabilities to mask its command-and-control communications. This 2.9.4.0 version introduces an interactive shell and custom protocols, marking a concerning evolution in malware sophistication.
Critical Windows NTLM Zero-Day Vulnerability Left Unpatched Until April 2024
A severe security flaw affecting all Windows versions allows attackers to capture NTLM credentials through malicious files in Windows Explorer. Microsoft plans to address this zero-day vulnerability in April 2024, leaving systems potentially exposed for months.
Critical Security Breach: Popular Python AI Library Compromised with Crypto Mining Malware
The Ultralytics AI library was discovered distributing malicious cryptocurrency mining code through compromised versions on PyPI. The attack, which exploited GitHub Actions workflows, potentially impacted thousands of AI developers worldwide and highlights growing concerns around supply chain security.
Croatian Port Operator Successfully Blocks 8Base Ransomware Attack
Luka Rijeka, a major Croatian port operator, thwarted a ransomware attack through rapid incident response and system shutdowns. The company's IT team successfully restored operations within days, preventing data loss despite threats from the 8Base ransomware group.
Critical Prompt Injection Flaws Discovered in Leading AI Chatbots
Security researchers uncover dangerous vulnerabilities in DeepSeek and Claude AI chatbots that could enable account hijacking and malicious code execution. The findings highlight significant security risks in AI systems, prompting companies to strengthen defenses against prompt injection attacks.
Massive Socks5Systemz Botnet Fuels Illegal Global Proxy Service Network
BitSight uncovers a sprawling botnet operation that has compromised over 85,000 devices to power an illicit proxy service called PROXY.AM. The network, active since 2013, allows cybercriminals to rent infected machines as proxy servers for monthly fees up to $700.
Critical Buffer Overflow Vulnerability Discovered in Curl Web Tool
A serious security flaw in Curl, the widely-used data transfer tool, could allow attackers to exploit buffer overflow vulnerabilities when processing IP addresses. The issue affects both IPv4 and IPv6 address handling, putting countless websites and applications at risk.
Michigan School District Battles Cyberattack While Managing Budget Crisis
Wayne-Westland Community Schools faces service disruptions and parent concerns following a cyberattack that knocked out internet and phone services. Despite the challenges, officials confirm student data remains secure while working to restore services and rebuild community trust.