Phishing‘Sneaky Log’ phishing kits slip by Microsoft 365 accountsSteve ZurierJanuary 17, 2025Phishing-as-a-Service kits intercept user credentials and 2FA, bypassing many email and secure web gateways.
Data SecurityFeds worry AT&T breach could out informantsShaun NicholsJanuary 17, 2025The FBI is reportedly in a panic over a possible leak of informant data thanks to an AT&T data breach
PrivacyTikTok’s national security risk warrants ban, Supreme Court rulesLaura FrenchJanuary 17, 2025The ruling could have implications for other foreign-owned applications.
Network SecurityWoe Daddy: FTC raps hosting giant GoDaddy for security lapsesShaun NicholsJanuary 16, 2025GoDaddy must adhere to a number of security compliance requirements by the FTC.
RansomwareRansomHub infection facilitated by possible AI-assisted Python backdoorLaura FrenchJanuary 16, 2025The backdoor spread laterally after initial access via a suspected SocGholish malware download.
Network Security4.2 million internet hosts hijacked via bugs in tunneling protocolsSteve ZurierJanuary 16, 2025Attackers gain network access by targeting VPN servers, home, and enterprise routers.
Vulnerability ManagementSevere Rsync vulnerabilities — CVSS 9.8 — risk RCE, data leaksLaura FrenchJanuary 15, 2025The critical and high severity flaws were discovered by Google Cloud researchers.
Government RegulationsFour take guilty pleas in US government IT bribery scamShaun NicholsJanuary 15, 2025Four people have plead guilty to offering and accepting bribes to government officials in exchange for IT service contracts
Security Strategy, Plan, BudgetNorth Korea’s IT worker scam linked to 2016 crowdfunding operationSteve ZurierJanuary 15, 2025Security pros say the link Secureworks made to a decade-old DPRK crowdfunding campaign are credible.
Vulnerability ManagementMicrosoft fixes 159 bugs in first Patch Tuesday of 2025Shaun NicholsJanuary 14, 2025The patch dump is the largest from Microsoft in over half a decade.