← Latest brief

Security news.

·Morning Brief

Today's security landscape highlights a surge in data breaches and sophisticated cyberattacks, with major companies like Crunchyroll and Mazda disclosing incidents. There's also a notable increase in wiper malware campaigns, particularly targeting entities in Iran, alongside the re-emergence of phishing-as-a-service platforms.

BLEEPINGBREACH
Mar 23READ

Crunchyroll Probes Breach After Hacker Claims to Steal 6.8M Users' Data

The popular anime streaming platform Crunchyroll is investigating claims by hackers who allege they stole personal information for approximately 6.8 million users.

BLEEPINGBREACH
Mar 23READ

Mazda Discloses Security Breach Exposing Employee and Partner Data

Mazda Motor Corporation announced a security incident, detected last December, that exposed information belonging to its employees and business partners.

BLEEPING
Mar 23READ

TeamPCP Deploys Iran-Targeted Wiper in Kubernetes Attacks

The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script designed to wipe all machines when it detects systems configured for Iran.

BLEEPINGPHISHING
Mar 23READ

Tycoon2FA Phishing Platform Returns After Recent Police Disruption

The Tycoon2FA phishing-as-a-service (PhaaS) platform, which was disrupted by Europol and partners on March 4, has already returned to its previous activity levels.

THNMALWARE
Mar 23READ

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean threat actors, also known as WaterPlum, are distributing StoatWaffle malware via malicious Microsoft Visual Studio Code (VS Code) projects, exploiting "tasks.json" for deployment.

SECURITYWEEKSUPPLY CHAIN
Mar 23READ

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Hackers published a malicious release of Aqua's Trivy vulnerability scanner and replaced tags to point to information-stealer malware, impacting developer environments.

THNPHISHING
Mar 23READ

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has issued a warning about new phishing campaigns leveraging the upcoming U.S. tax season to harvest credentials and deliver Remote Monitoring and Management (RMM) malware, affecting 29,000 users.

CISAKEV
Mar 20READ

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities, including several Apple product flaws and a Craft CMS code injection vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation.

Generated twice daily from public security RSS feeds. Informational only.