Colin Wood reports: Indiana state agencies on Tuesday are warning residents to delete phony emails sent using official state government email addresses. Phishing emails emanating from numerous departments — from the Department of Child Services to the Indiana Horse Racing Commission — fraudulently inform recipients of unpaid toll fees and warn of financial penalties or…
Year: 2025
Turkish Group Hacks Zero-Day Flaw to Spy on Kurdish Forces
Chris Riotta reports: Turkish-linked cyber spies used a zero-day exploit housed in a popular chat software to target Kurdish military operations in Iraq, Microsoft Threat Intelligence reported Monday. Microsoft’s cybersecurity research arm said the threat actor tracked as “Marbled Dust” exploited unpatched user accounts in the Output Messenger Server Manager application, allowing the group to collect user…
Cyberattacks on Long Island Schools Highlight Growing Threat
I’d called it an “ongoing threat,” but …. Maggie MacAlpine reports: In a concerning development, over 20 school districts across Long Island have fallen victim to cyberattacks, compromising the personal data of more than 10,000 students. According to state education records, 28 incidents were reported in 2024 alone, affecting districts such as Great Neck, Smithtown,…
Dior faces scrutiny, fine in Korea for insufficient data breach reporting; data of wealthy clients in China, South Korea stolen
Korea Joong Ang Daily reports: Luxury brand Dior is facing criticism in Korea for its inadequate response to a recent data breach that exposed the personal information of customers in Korea. While the company notified the Personal Information Protection Commission (PIPC), it failed to report the hacking incident to the Korea Internet & Security Agency…
Administrator Of Online Criminal Marketplace Extradited From Kosovo To The United States
Tampa, Florida – United States Attorney Gregory W. Kehoe announces the extradition of Liridon Masurica (33, Gjilan, Kosovo), also known as “@blackdb.” Masurica is charged with one count of conspiracy to commit access device fraud and five substantive counts of fraudulent use of 15 or more unauthorized access devices. If convicted on all counts, Masurica faces…
Twilio denies breach following leak of alleged Steam 2FA codes
Bill Toulas reports: Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes. The threat actor, using the alias Machine1337 (also known as EnergyWeaponsUser), advertised a trove of data allegedly pulled from Steam, offering to sell it…