Somcert

Google on Tuesday announced security updates for Chrome 126 that address ten vulnerabilities, including eight high-severity bugs reported by external researchers. Despite Google’s efforts to eliminate memory safety bugs in Chrome, most of the externally reported security defects are memory issues that could potentially lead to a sandbox escape and remote code execution. The new […]

More than 310 gigabytes of data from spyware maker mSpy, including 2.4 million unique emails, was leaked online in June, and obtained by data breach notification site Have I Been Pwned. The data, reportedly leaked online by hacktivists, includes 142 Gb of user data such as email addresses, IP addresses, and names, obtained from support tickets filed […]

The New York Times reported on July 4, 2024, that OpenAI suffered an undisclosed breach in early 2023. The NYT notes that the attacker did not access the systems housing and building the AI, but did steal discussions from an employee forum. OpenAI did not publicly disclose the incident nor inform the FBI because, it claims, no […]

Shockwaves from the Russian government’s hack of Microsoft’s corporate infrastructure continue to spread with news that the software giant is notifying surprised customers that their emails were also stolen by the Midnight Blizzard hackers. The mega-breach, which led to a US government investigation and a massive overhaul of Microsoft’s security practices, was previously known to expose Microsoft source code […]

The US subsidiary of Spain-based bank Santander is notifying more than 12,000 employees that their personal information was compromised in a third-party data breach. The incident was identified on May 10, and involved a third-party database used by an affiliate between late April and early May 2024, the bank said in a notification letter to […]

A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary’s exclusive use of a malware called DISGOMOJI that’s written in Golang and is designed to infect Linux systems. “It is a modified […]

Apple on Monday updated visionOS, the operating system powering its Vision Pro virtual reality headset, to version 1.2, which addresses several vulnerabilities, including what may be the first security flaw that is specific to this product. visionOS 1.2 patches nearly two dozen vulnerabilities. However, a vast majority of them are in components that visionOS shares […]

Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. “These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets,” the Microsoft Threat Intelligence team said. […]