Scammers Launch Mass-Mailing Campaigns with Efimer Trojan to Steal Cryptocurrency
Posted inCybersecurity News

Scammers Launch Mass-Mailing Campaigns with Efimer Trojan to Steal Cryptocurrency

In recent months, cybersecurity experts have observed a surge in mass-mailing campaigns designed to spread the Efimer Trojanβ€”a sophisticated and increasingly dangerous type of malware engineered to steal cryptocurrency. This new wave of attacks highlights both the technical skill and global scope of scammers targeting digital assets, underscoring the urgent need for enhanced vigilance among individuals and organizations.
Columbia University Data Breach: Far-Reaching Impacts for 869,000 Individuals
Posted inCybersecurity News

Columbia University Data Breach: Far-Reaching Impacts for 869,000 Individuals

Columbia University recently experienced a significant data breach affecting an estimated 869,000 individuals, including students, alumni, applicants, and employees. Discovered in June 2025 following a major IT outage, the breach resulted from unauthorized access beginning around May 16, 2025, with attackers extracting approximately 460GB of sensitive data prior to detection.
Satellite Cybersecurity Under the Microscope: Lessons from Black Hat Las Vegas
Posted inCybersecurity News

Satellite Cybersecurity Under the Microscope: Lessons from Black Hat Las Vegas

The rapidly expanding domain of satellite technology has brought about unprecedented opportunities for communication, earth observation, and data relay. Yet, as highlighted in a recent briefing at the Black Hat conference in Las Vegas, the race to deploy satellites has outpaced critical advancements in cybersecurityβ€”posing potentially grave risks to both orbital and ground assets.
Supply Chain Attacks Target RubyGems and PyPI, Prompting Major Security Overhauls
Posted inCybersecurity News

Supply Chain Attacks Target RubyGems and PyPI, Prompting Major Security Overhauls

The open-source software landscape recently faced a serious wave of supply chain attacks, impacting two of its most widely used repositories: RubyGems and the Python Package Index (PyPI). These incidents have resulted in significant theft of credentials and cryptocurrency, raising new concerns and prompting urgent security reforms within these ecosystems.
CISA issues emergency directive to patch critical Microsoft Exchange vulnerability CVE-2025-53786 by Monday.
Posted inCybersecurity News

CISA issues emergency directive to patch critical Microsoft Exchange vulnerability CVE-2025-53786 by Monday.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring all Federal Civilian Executive Branch (FCEB) agencies to address a critical vulnerability in Microsoft Exchange hybrid environments, identified as CVE-2025-53786. This action is a direct response to the severe security threat posed by the flaw, with agencies mandated to complete mitigation steps by 9:00 AM EDT on Monday, August 11, 2025, and submit a comprehensive status report to CISA by 5:00 PM EDT the same day.
Samourai Wallet founders plead guilty to laundering > $200 million for criminal enterprises.
Posted inCybersecurity News

Samourai Wallet founders plead guilty to laundering > $200 million for criminal enterprises.

The founders of Samourai Wallet, a cryptocurrency mixing service, have pleaded guilty to operating an unlicensed money transmitting business and facilitating the laundering of over $200 million for criminals. Keonne Rodriguez, the CEO, and William Lonergan Hill, the CTO, admitted their roles in providing a platform that enabled users to transfer illicit proceeds, effectively β€œwashing” illegal funds and obscuring transaction origins.
SonicWall says spike in recent VPN attacks is tied to now-patched vulnerability, not a zero-day.
Posted inCybersecurity News

SonicWall says spike in recent VPN attacks is tied to now-patched vulnerability, not a zero-day.

SonicWall has addressed concerns regarding a recent increase in attacks targeting Gen 7 and newer firewalls with SSL VPN enabled, clarifying that the surge is not linked to any new, undisclosed vulnerabilities. Following a thorough investigation, the company determined that the activity stems primarily from the exploitation of an older, now-patched vulnerability (CVE-2024-40766) combined with the reuse of passwords, particularly among organizations that migrated user accounts from Gen 6 to Gen 7 devices without enforcing password resets.