SecurityScorecard has discovered a covert cyber-espionage botnet dubbed “LapDogs” linked to China This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese “LapDogs” ORB Network Targets US and Asia
Category: EN
Former JBLM Soldier Admits Attempting to Leak U.S. Military Network Details to China
A former U.S. Army sergeant who served at Joint Base Lewis-McChord (JBLM) in Washington has pleaded guilty to federal charges after admitting he tried to deliver sensitive military secrets to Chinese authorities. Joseph Daniel Schmidt, 31, entered his plea in…
Stealthy backdoor found hiding in SOHO devices running Linux
SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader shift in how China-Nexus threat actors are using Operational Relay Box (ORB) networks to…
184 million passwords leaked across Facebook, Google, more: What to know about this data breach
The file was left entirely unprotected – no encryption, no password, no safeguards – just a plain text document holding millions of sensitive data entries. This article has been indexed from Latest stories for ZDNET in Security Read the original…
SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users’ galleries. This article has been indexed from Securelist Read the original article: SparkKitty, SparkCat’s little brother: A…
A week in security (June 15 – June 21)
Last week on Malwarebytes Labs: Last week on ThreatDown: Stay safe! This article has been indexed from Malwarebytes Read the original article: A week in security (June 15 – June 21)
WormGPT Variants Powered by Grok and Mixtral Have Emerged
Cato CTRL has discovered previously unreported WormGPT variants, but with a twist — they are powered by xAI’s Grok and Mistral AI’s Mixtral. The post WormGPT Variants Powered by Grok and Mixtral Have Emerged appeared first on Security Boulevard. This…
CMS retailer report, Aflac investigates activity, Russian dairy cyberattack
CMC officially points finger at Scattered Spider for Marks & Spencer and Co-op attacks Aflac investigating suspicious activity on its U.S. network Russian dairy producers suffer cyberattack Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero…
Cybersecurity Today: Chinese Hackers Target Canadian Telco, U.S. on Alert for Iranian Cyber Retaliation, and Sitecore XB Critical Vulnerability
In this episode of Cybersecurity Today, hosted by David Shipley, key cybersecurity incidents and threats are discussed. The Canadian Center for Cybersecurity revealed a breach by Chinese state-sponsored hackers of a Canadian telco, with further threats expected to continue targeting…
Was there a recent dental data breach?
Yes, a recent dental data breach was reported earlier this month. More than eight million dental patient records were discovered by cyber researchers. The data… The post Was there a recent dental data breach? appeared first on Panda Security Mediacenter.…
Windows Snipping Tool Now Lets Users Export Captures as GIFs
Microsoft has rolled out a significant update to its popular Snipping Tool, introducing the ability to export screen recordings as animated GIFs—a feature long requested by users and now available to Windows 11 Insiders in the Canary and Dev Channels.…
NCSC Warns of ‘UMBRELLA STAND’ Malware Attacking Fortinet FortiGate Firewalls
The UK’s National Cyber Security Centre (NCSC) has issued a critical warning about a sophisticated malware campaign dubbed “UMBRELLA STAND” that specifically targets internet-facing Fortinet FortiGate 100D series firewalls. This newly identified threat represents a significant escalation in attacks against…
Amazon EKS Vulnerabilities Expose Sensitive AWS Credentials and Escalate Privileges
Critical vulnerabilities in Amazon Elastic Kubernetes Service (EKS) allow overprivileged containers to expose sensitive AWS credentials through packet sniffing and API spoofing attacks. The investigation, published on June 19, 2025, demonstrates how misconfigured containers can facilitate unauthorized access and privilege…
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
A severe cryptographic vulnerability in the popular open-source Meshtastic project allows attackers to decrypt private messages and hijack nodes across LoRa mesh networks. This flaw stems from duplicated encryption keys and insufficient randomness during key generation. The issue affects multiple…
Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation
Recent research has uncovered critical security flaws in Amazon Elastic Kubernetes Service (EKS) that could expose sensitive AWS credentials and enable privilege escalation within cloud environments. The vulnerabilities, rooted in misconfigurations and excessive container privileges, highlight the ongoing challenges of…
How CISOs can justify security investments in financial terms
In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and…
CoinMarketCap Doodle Image Vulnerability Lets Attackers Run Malicious Code via API Call
CoinMarketCap, the globally recognized cryptocurrency data aggregator, experienced a significant security incident when a vulnerability in its homepage doodle image was exploited to inject malicious code, leading to a phishing campaign targeting user wallets. Incident Overview The breach originated from…
Quantum risk is already changing cybersecurity
A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. The report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness…
Review: Redefining Hacking
Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. About the authors Omar Santos is a Distinguished Engineer at Cisco focusing on…
Medical device cyberattacks push hospitals into crisis mode
22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices, according to RunSafe Security. Three-quarters of these incidents disrupted patient care, including 24% that required patient transfers to other facilities. The survey reveals that healthcare cybersecurity has evolved…