Security news.
Today's security landscape highlights a surge in data breaches and sophisticated cyberattacks, with major companies like Crunchyroll and Mazda disclosing incidents. There's also a notable increase in wiper malware campaigns, particularly targeting entities in Iran, alongside the re-emergence of phishing-as-a-service platforms.
Crunchyroll Probes Breach After Hacker Claims to Steal 6.8M Users' Data
The popular anime streaming platform Crunchyroll is investigating claims by hackers who allege they stole personal information for approximately 6.8 million users.
Mazda Discloses Security Breach Exposing Employee and Partner Data
Mazda Motor Corporation announced a security incident, detected last December, that exposed information belonging to its employees and business partners.
TeamPCP Deploys Iran-Targeted Wiper in Kubernetes Attacks
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script designed to wipe all machines when it detects systems configured for Iran.
Tycoon2FA Phishing Platform Returns After Recent Police Disruption
The Tycoon2FA phishing-as-a-service (PhaaS) platform, which was disrupted by Europol and partners on March 4, has already returned to its previous activity levels.
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
North Korean threat actors, also known as WaterPlum, are distributing StoatWaffle malware via malicious Microsoft Visual Studio Code (VS Code) projects, exploiting "tasks.json" for deployment.
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
Hackers published a malicious release of Aqua's Trivy vulnerability scanner and replaced tags to point to information-stealer malware, impacting developer environments.
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has issued a warning about new phishing campaigns leveraging the upcoming U.S. tax season to harvest credentials and deliver Remote Monitoring and Management (RMM) malware, affecting 29,000 users.
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities, including several Apple product flaws and a Craft CMS code injection vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation.