Columbia University Data Breach: Far-Reaching Impacts for 869,000 Individuals
Posted inCybersecurity News

Columbia University Data Breach: Far-Reaching Impacts for 869,000 Individuals

Columbia University recently experienced a significant data breach affecting an estimated 869,000 individuals, including students, alumni, applicants, and employees. Discovered in June 2025 following a major IT outage, the breach resulted from unauthorized access beginning around May 16, 2025, with attackers extracting approximately 460GB of sensitive data prior to detection.
Satellite Cybersecurity Under the Microscope: Lessons from Black Hat Las Vegas
Posted inCybersecurity News

Satellite Cybersecurity Under the Microscope: Lessons from Black Hat Las Vegas

The rapidly expanding domain of satellite technology has brought about unprecedented opportunities for communication, earth observation, and data relay. Yet, as highlighted in a recent briefing at the Black Hat conference in Las Vegas, the race to deploy satellites has outpaced critical advancements in cybersecurity—posing potentially grave risks to both orbital and ground assets.
Supply Chain Attacks Target RubyGems and PyPI, Prompting Major Security Overhauls
Posted inCybersecurity News

Supply Chain Attacks Target RubyGems and PyPI, Prompting Major Security Overhauls

The open-source software landscape recently faced a serious wave of supply chain attacks, impacting two of its most widely used repositories: RubyGems and the Python Package Index (PyPI). These incidents have resulted in significant theft of credentials and cryptocurrency, raising new concerns and prompting urgent security reforms within these ecosystems.
CISA issues emergency directive to patch critical Microsoft Exchange vulnerability CVE-2025-53786 by Monday.
Posted inCybersecurity News

CISA issues emergency directive to patch critical Microsoft Exchange vulnerability CVE-2025-53786 by Monday.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring all Federal Civilian Executive Branch (FCEB) agencies to address a critical vulnerability in Microsoft Exchange hybrid environments, identified as CVE-2025-53786. This action is a direct response to the severe security threat posed by the flaw, with agencies mandated to complete mitigation steps by 9:00 AM EDT on Monday, August 11, 2025, and submit a comprehensive status report to CISA by 5:00 PM EDT the same day.
Samourai Wallet founders plead guilty to laundering > $200 million for criminal enterprises.
Posted inCybersecurity News

Samourai Wallet founders plead guilty to laundering > $200 million for criminal enterprises.

The founders of Samourai Wallet, a cryptocurrency mixing service, have pleaded guilty to operating an unlicensed money transmitting business and facilitating the laundering of over $200 million for criminals. Keonne Rodriguez, the CEO, and William Lonergan Hill, the CTO, admitted their roles in providing a platform that enabled users to transfer illicit proceeds, effectively “washing” illegal funds and obscuring transaction origins.
SonicWall says spike in recent VPN attacks is tied to now-patched vulnerability, not a zero-day.
Posted inCybersecurity News

SonicWall says spike in recent VPN attacks is tied to now-patched vulnerability, not a zero-day.

SonicWall has addressed concerns regarding a recent increase in attacks targeting Gen 7 and newer firewalls with SSL VPN enabled, clarifying that the surge is not linked to any new, undisclosed vulnerabilities. Following a thorough investigation, the company determined that the activity stems primarily from the exploitation of an older, now-patched vulnerability (CVE-2024-40766) combined with the reuse of passwords, particularly among organizations that migrated user accounts from Gen 6 to Gen 7 devices without enforcing password resets.
WhatsApp discovers (and removes) 6.8 million accounts linked to global scam operations.
Posted inCybersecurity News

WhatsApp discovers (and removes) 6.8 million accounts linked to global scam operations.

In a sweeping enforcement action during the first half of 2025, WhatsApp—owned by Meta—expelled more than 6.8 million accounts linked to global scam operations. This initiative targeted criminal networks behind large-scale fraud schemes, particularly those operating so-called “scam centers” in Southeast Asia, including countries such as Cambodia and Myanmar.
New Command-and-Control (C2) method, Ghost Calls, uses Zoom and Teams TURN servers to tunnel malicious traffic undetected.
Posted inCybersecurity News

New Command-and-Control (C2) method, Ghost Calls, uses Zoom and Teams TURN servers to tunnel malicious traffic undetected.

A novel command-and-control (C2) evasion method, termed "Ghost Calls," has emerged as a significant threat in post-exploitation scenarios. This innovative technique exploits TURN (Traversal Using Relays around NAT) servers operated by leading communication platforms such as Zoom and Microsoft Teams, enabling attackers to tunnel malicious traffic through infrastructure that is inherently trusted by most organizations. The stealth and sophistication of this approach pose unique challenges to traditional security defenses.