PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid. […]
Author Archives: [email protected]
A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. […]
07
May
May
For more than a decade, Google Research has been using AI to precisely map the connections between every cell in the brain in an endeavor called connectomics. Now, in co…
Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. […]
CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world cybersecurity breaches. The report presents each incident as both a detailed narrative and as a threat model with the relevant cloud security risks and mitigations. Today we’re taking a closer look at the first incident covered in the Deep Dive: Snowflake […]
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. […]
A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app. […]
Passwords alone aren’t cutting it—31% of breaches involve stolen credentials. Learn from Specops Software about how Universal 2nd Factor (U2F) and strong password policies can work together to keep your organization secure. […]
Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms. “The suspects are believed to be […]
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. “This is due to the create_wp_connection() function missing a capability check […]