A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication by taking advantage of Google’s “app-specific password” feature. Google’s Threat Intelligence Group reported that from April to early June, an operation pretended to be US State Department officials in emails, …
Read More »
Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC) software, indicating a potential test for a larger operation. This report details SuperCard, a malicious version of NFCGate, made for sharing NFC data between two nearby devices. Cybercriminals have exploited …
Read More »
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal information, social security numbers, and other sensitive data. The publicly exposed database was not password-protected or encrypted. It contained 170,360 records with a total size of 116.24GB. The dataset features …
Read More »
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel’s IKE affecting UDP port 500. The attack centers around CVE-2023-28771, a high-severity remote code execution vulnerability (CVSS 9.8) affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500. Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On …
Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog, highlighting confirmed cases of these flaws being exploited in real-world scenarios. The catalog now features a zero-click iOS vulnerability exploited by mercenary spyware, as well as a command injection …
Read More »
SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have leaked a database supposedly associated with VirtualMacOSX.com. The information reportedly affects 10,000 customers. The data was discovered on a public forum that hosts message boards for database downloads, leaks, and …
Read More »
WestJet, Canada’s second-largest airline, is looking into a cyberattack that has affected some internal systems during its response to the breach. “WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users,” reads a security advisory on WestJet’s site. “We …
Read More »
Resecurity found 7.4 million records of Paraguayan citizens’ personal information leaked on the dark web today. Last week, cybercriminals attempted to sell this data for $7.4 million, or $1 per citizen. A ransomware group is extorting the country, marking a major cybersecurity event, with a deadline set for Friday, June …
Read More »
HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the Access Control List (ACL) policy lookup. Identified as CVE-2025-4922, this vulnerability has a CVSS score of 8.1, indicating significant risk for organizations using affected Nomad versions. “Nomad prefix-based ACL policy …
Read More »
SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked by a contracted outsourcing firm. In response, the company intends to end its contract with the provider and will collaborate with the police to assess future actions. SoftBank announced that …
Read More »
InfoSecBulletin Cybersecurity for mankind
