On Sunday, Poland Minister for Digitalisation Krzysztof Gawkowski said that Polish cybersecurity services found unauthorized access to the IT infrastructure of the Polish Space Agency (POLSA). “In connection with the incident, the systems under attack were secured … Intensive operational activities are also underway to identify who is behind the …
Read More »
Security researchers found that datasets used by companies to develop large language models included API keys, passwords, and other sensitive credentials. Large language models are dominating the online landscape, with companies promoting AI solutions that claim to solve all problems. For an AI to be effective, it needs extensive training …
Read More »
A China-linked botnet is targeting Microsoft 365 accounts with widespread password spraying attacks, according to a report by SecurityScorecard. A security firm reports that a botnet with over 130,000 compromised devices is targeting Microsoft 365 accounts through non-interactive sign-ins using Basic Authentication. “Non-interactive sign-ins, commonly used for service-to-service authentication, legacy …
Read More »
A breach notification site has added millions of new passwords and email addresses obtained from infostealer malware. Troy Hunt, founder of HaveIBeenPwned (HIBP), added 244 million new passwords and 284 million new email accounts to the database after analyzing 1.5TB of stolen logs posted on Telegram. Hunt identified an account called …
Read More »
Cybersecurity researchers have discovered a campaign exploiting a remote command execution vulnerability, CVE-2023-20118, in Cisco Small Business Routers. This vulnerability affects models RV016, RV042, RV042G, RV082, RV320, and RV325. The flaw in these devices is their web-based management interface, which has poor input validation. This allows unauthorized attackers to run …
Read More »
A new cyber campaign called GitVenom poses a serious risk to developers. Security researchers found over 200 fake GitHub repositories that disguise themselves as legitimate projects to distribute information stealers and remote access trojans (RATs). For almost two years, these repositories have exploited developers’ trust in open-source platforms to access …
Read More »
Days after the biggest crypto hack ever, another platform has experienced a major exploit. Infini Earn, a decentralized stablecoin bank, lost $49.5 million in USDC, making it one of the year’s biggest security breaches in DeFi. Reportedly a compromised private key led to an attack that stole 11.4 million and …
Read More »
On February 19, 2025, the illegal marketplace B1ack’s Stash released over 1 million unique stolen credit and debit card details for free. This approach mirrors the strategy used by BidenCash, where criminals distribute stolen data widely to attract attention to their marketplace. On February 17, a popular deep web forum …
Read More »
Cisco Talos reported that Salt Typhoon, also known as FamousSparrow and GhostEmperor, has been spying on U.S. telecommunication providers using a custom tool called JumbledPath. Active since at least 2019, they have targeted government entities and telecom companies. Salt Typhoon is still targeting telecommunications providers worldwide, and according to a …
Read More »
A free tool is now available to scan public GitHub repositories for exposed AWS credentials. Security engineer Anmol Singh Yadav created AWS-Key-Hunter after discovering over 100 exposed AWS access keys, many with high privileges, in public repositories. He described these findings as “just waiting to be exploited” in his blog about …
Read More »
InfoSecBulletin Cybersecurity for mankind
