As AI becomes increasingly integral to daily business workflows, the risk of data exposure continues to rise. Incidents of data leaks are not merely rare exceptions; they’re an inherent consequence of how employees interact with large language models (LLMs). Chief Information Security Officers (CISOs) must prioritize this concern and implement robust strategies to mitigate potential AI data breaches. 1. Carry
In a significant cybersecurity incident that has sent ripples through the financial regulatory sector, the Department of the Treasury’s Office of the Comptroller of the Currency (OCC) suffered a major email hack. Attackers gained unauthorized access to an extensive number of emails containing sensitive government data about financial institutions, an event reported as a “major incident” by the agency. This
Since August 2024, the Russian state-backed advanced persistent threat (APT) group Storm-2372 has employed increasingly sophisticated tactics to bypass multi-factor authentication (MFA) and infiltrate high-value targets. This article delves into the device code phishing technique employed by the group, which allows them to evade typical security measures and maintain persistent access to victims’ accounts. The technique, which exploits the OAuth
With the massive shift towards remote work and virtual meetings, applications like Zoom have become indispensable tools for communication and collaboration. However, this increased reliance on Zoom has also made it a prime target for cyber threats. Recently, critical vulnerabilities were discovered in Zoom’s Workplace applications across various platforms, necessitating immediate updates to ensure data integrity and security for millions
In a significant development within the cybersecurity realm, two notorious cybercriminal outfits, EvilCorp and RansomHub, have officially joined forces. This alarming partnership marks a pronounced escalation of cyber threats for organizations globally. By combining EvilCorp’s sophisticated attack infrastructure with RansomHub’s rapidly expanding affiliate network, the amalgamation of these two entities augments their capabilities and operational scopes, thus presenting a formidable
In recent developments, cybersecurity researchers have identified a new malware variant, called TCESB, actively exploiting vulnerabilities in ESET’s security software to carry out sophisticated cyber-attacks. The threat actor behind this malware, known as ToddyCat, is linked to a Chinese-affiliated group notorious for its extensive cyber-attacks across Asia since December 2020. This article delves into how ToddyCat leverages these security flaws
Ensuring email security is essential in today’s cyber landscape, as businesses and individuals increasingly rely on email for communication.Greatmail LLC has recognized this need by unveiling Mail Records Lookup, a free online tool designed to help businesses, IT professionals, and domain owners verify key email DNS records easily. This innovative tool simplifies the verification process of crucial DNS records, such
Economic strain often serves as a catalyst for increased cybersecurity threats, and President Trump’s recent tariffs illustrate this precarious relationship. By imposing significant tariffs on major trading partners like China, the European Union, India, Switzerland, Taiwan, and Vietnam, Trump’s administration has sparked financial uncertainty, potentially exacerbating global cybersecurity risks. These tariffs have contributed to a notable downturn in the S&P
The recent discovery of a critical vulnerability in the CrushFTP file transfer software identified as CVE-2025-31161 has triggered a significant controversy within the cybersecurity community. This issue revolves around an authentication bypass flaw that threatens the integrity and confidentiality of data managed by numerous enterprises. The ensuing debate over the disclosure process, coupled with active exploitation attempts, underscores the complexities
In the current cybersecurity landscape, dealing with evolving threats is crucial for any organization using Ivanti products. Recently, a critical stack-based buffer overflow vulnerability identified as CVE-2025-22457 was discovered in Ivanti’s portfolio. Initially treated as a low-risk issue, the flaw quickly gained attention after it was exploited in the wild by a suspected Chinese threat group. This incident raises significant
In a stunning revelation, Michigan-based breakfast cereal company WK Kellogg Co. suffered a significant data breach tied to vulnerabilities in Cleo file-transfer software. The breach occurred on December 7, 2024, compromising at least one employee’s sensitive information, including their name and Social Security number. WK Kellogg Co. discovered the hack on February 27, 2025, and later confirmed that Cleo was
The cryptocurrency market experienced a dramatic downturn this year, triggered by significant geopolitical tensions and sweeping economic policies.A pivotal policy announcement from President Trump regarding global tariffs led to immediate and profound market disruptions. Compounded by China’s retaliatory decision to impose blanket duties on U.S. imports, panic spread rapidly across various financial landscapes, including the once highly regarded cryptocurrency market.
