Author Info

In a significant breakthrough, U.S. authorities have successfully retrieved $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance, a decentralized finance (DeFi) protocol on Binance's BNB Chain. Understanding the Uranium Finance Exploit Uranium Finance, launched in April 2021, functioned as an automated market maker

Mozilla has updated its Firefox Terms of Use for the second time in a week following backlash over language suggesting broad data rights. The revised terms clarify that Mozilla only requires rights necessary to operate Firefox, without claiming ownership of user content. Changes in Data Licensing Language The initial terms,

Recent discoveries have revealed that ransomware groups are exploiting a vulnerability in the Paragon Partition Manager's BioNTdrv.sys driver. This flaw is being used in zero-day attacks to gain SYSTEM privileges on Windows systems, posing significant security risks. Exploitation Through BYOVD Attacks The identified vulnerabilities are being exploited

A recent cybersecurity investigation has exposed a large-scale phishing operation that employs fake CAPTCHA images embedded in PDF documents. These documents, hosted on Webflow's content delivery network (CDN), are used to deploy the Lumma Stealer malware. Phishing Campaign Details Netskope Threat Labs identified 260 unique domains hosting over

Amnesty International has revealed that a zero-day exploit, sold by the controversial vendor Cellebrite, was utilized to compromise the Android phone of a Serbian student known for criticizing the government. This incident highlights ongoing concerns about the use of spyware for state surveillance. Background on Surveillance Concerns In December, Amnesty

The notorious Medusa ransomware gang has exposed a significant data breach involving UK-based HCRG Care Group, demanding a $2 million ransom. Although HCRG acknowledged the breach, they have not confirmed the extent of data affected, including patient and employee information. Unveiling the Breach On February 23, SuspectFile disclosed exclusive insights

The extensive data set known as "ALIEN TXTBASE" has been added to the Have I Been Pwned (HIBP) platform, a service that notifies users of data breaches. This integration, as noted by HIBP's founder, involves data extracted from devices compromised by infostealer malware. The data set

Signal, a leading end-to-end encrypted messaging app, is contemplating withdrawing from Sweden if a proposed law mandating encryption backdoors is enacted. This move highlights the ongoing conflict between technology firms and governments concerning user privacy. In March 2025, the Swedish government plans to introduce a bill allowing law enforcement to

A significant data breach at DISA Global Solutions, a prominent US firm specializing in background screening and drug testing, has compromised the personal information of 3.3 million individuals. Incident Overview The breach, which occurred between February 9, 2024, and April 22, 2024, was initially disclosed by DISA in January.