Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Rockstar confirms cyberattack, leak of confidential data including GTA 6 footage + more information
- UK Police arrests teen believed to be behind Uber, Rockstar hacks
- 2K Games says hacked help desk targeted players with malware
- American Airlines discloses data breach after employee email compromise
- Botched crypto mugging lands three U.K. men in jail
- The $8.6 billion startup that helps governments trace crypto
- IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun
- US military bought mass monitoring tool that includes Internet browsing, email data
- $35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned
For the more technical
- AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
- Tarfile: Exploiting the world with a 15-year-old vulnerability
- Sophos warns of new firewall RCE bug exploited in attacks
- Does 2FA stop hackers?
- On the limits of textual screen peeking via eyeglass reflections in video conferencing (PDF)
- Chrome & Edge enhanced spellcheck features expose PII, even your passwords
- Malicious npm package mimics Material Tailwind CSS tool
- Threat actors continue to abuse Google Tag Manager for payment card e-skimming
- MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
- New phishing campaign targets GitHub users
- Malicious OAuth applications used to compromise email servers and spread spam
- New malware campaign targets Zoom users
- Record 25.3 billion request multiplexing attack mitigated by Imperva
- The bad actor had internal access to LastPass for four days
- Console hacker reveals PS4/PS5 exploit that is “essentially unpatchable”
- The evolution of the Chromeloader malware
- Bitdefender, Europol, Swiss police publish decryptor for LockerGoga ransomware
- LockBit ransomware builder leaked online by “angry developer”
- AdvIntel’s state of Emotet aka “SpmTools” displays over million compromised machines through 2022
- BlackMatter: New data exfiltration tool used in attacks
- PrivateLoader: the loader of the prevalent ruzki PPI service
- Domain shadowing: A stealthy use of DNS compromise for cybercrime
- A multimillion dollar global online credit card scam uncovered
- Russia-Nexus UAC-0113 emulating telecommunication providers in Ukraine
- The mystery of Metador: An unattributed threat hiding in telcos, ISPs, and universities
- Back to school: BEC group targets teachers with payroll diversion attacks
- Iranian state actors conduct cyber operations against the government of Albania
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.