Update Delays To NIST Vulnerability DB Alarms Researchers

Pentagon Received Over 50k Vulnerability Reports Since 2016

Haiti: Machete-Wielding Militias Battle Gangs In Port-au-Prince

Why Does The US Want To ban TikTok, And When Could It Happen?

Cop Shop Rapped For Completely Avoidable Web Form Blunder

US Congress Goes Bang, Bang, On Tik-Tok Sale Or Ban Plan

French Government Sites Disrupted By Tres Grande DDoS

White House Summons UnitedHealth CEO Over Hack

CISA Breached By Hackers Exploiting Ivanti Bugs

Welcoming the Liechtenstein Government to Have I Been Pwned

Over the last 6 years, we've been very happy to welcome dozens of national governments to have unhindered access to their domains in Have I Been Pwned, free from cost and manual verification barriers. Today, we're happy to welcome Liechtenstein's National Cyber Security Unit who now have full access to their government domains.

We provide this support to governments to help those tasked with protecting their national interests understand more about the threats posed by data breaches, and we look forward to welcoming many more national infosec teams in the future.

US Says UFO Sightings Likely Secret Military Tests

Microsoft Under Constant Attack By Russian Hackers, Filing Says

Kimsuky Gang Joins Rush To Exploit New ScreenConnect Bugs

Welcoming the German Government to Have I Been Pwned

Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department. This access now provides them with complete access to the exposure of their government domains in data breaches.

With the unabated flood of data breaches, we're happy to provide this support to governments in the hope it better enables them to protect their national interests and we look forward to welcoming many more national CERTs in the future.

Volt Typhoon And The Disruption Of The U.S. Cyber Strategy

Uncle Sam Intervenes As Change Healthcare Ransomware Fiasco Creates Mayhem

An Air Force Employee Shared Highly Classified Data Via Dating App

Discord Leaker Jack Teixeira Pleads Guilty, Seeks Light 11-Year Sentence

German Authorities Take Down Crimemarket Cybercrime Website

CISA Warns Of Windows Streaming Service Vulnerability Exploitation

Court Orders Makers Of Pegasus Spyware To Hand Over Code To WhatsApp

Ivanti Attacks Linked To Espionage Group Targeting Defense Contractors

Windows Zero Day Exploited By North Korean Hackers In Rootkit Attack

Australian Spy Chief Fears Sabotage Of Critical Infrastructure

Iranian Hackers Target Aviation And Defense Sectors In Middle East

Top 3 NIST Cybersecurity Framework 2.0 Takeaways

US Bans Trading With Canadian Network Intelligence Firm Sandvine

Russian Cyberespionage Group APT29 Targeting Cloud Vulnerabilities

NIST Cybersecurity Framework 2.0 Officially Released

Hackers For Sale: What We Learned From China's Massive Cyber Leak

US Leading Global Alliance To Counter Foreign Government Disinformation

The U.S. Military Is Monitoring Another High Altitude Balloon

Oh Geez The Coast Guard Is Just Now Going To Think About Infosec?

An Online Dump Of Chinese Hacking Documents Offers A Rare Window Into Pervasive State Surveillance

Vietnam To Collect Biometrics - Even DNA - For New ID Cards

Law Enforcement Hacks LockBit Ransomware, Delivers Major Blow To Operation

FBI Most Wanted Cybergang Boss Pleads Guilty

Feds Post $15 Million Bounty For Info On ALPHV/BlackCat Ransomware Crew

Russia Exploits Roundcube Flaws Against European Governments

Feds Dismantle Russian GRU Botnet Built On 1,000+ Home, Small Biz Routers

Ex-Employee's Admin Credentials Used In US Gov Agency hack

USPS Scam Smishing Campaigns Could Move To Cloud

Feds Want To Ban The World's Cutest Hacking Device. Experts Say It's A Scapegoat

Backdoors That Let Cops Decrypt Messages Violate Human Rights, EU Courts Says

Microsoft, OpenAI Reveal ChatGPT Use By State-Sponsored Hackers

Prudential Financial Discloses Data Breach

Deepfake Proofing The President: What Is Cryptographic Verification?

What Is Volt Typhoon And Why Is It The Defining Threat Of Our Generation?

Uncle Sam Sweetens The Pot With $15M Bounty On Hive Ransomware Gang Members

US Says China's Volt Typhoon Hackers Pre-Positioning For Cyberattacks Against Critical Infrastructure

Rhysida Ransomware Cracked, Free Decryption Tool Released

Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). "Through a comprehensive analysis of Rhysida Ransomware, we identified an

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been&

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246 (CVSS score: 7.8), the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have

Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback

NSO Group, creator of the infamous Pegasus spyware, is spending millions on lobbying in Washington while taking advantage of the crisis in Gaza to paint itself as essential for global security.

What is Nudge Security and How Does it Work?

In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world’s first and only solution to address

Bitcoin ETF Hopefuls Still Expect SEC Approval Despite Social Media Hack

Ukraine: Russia Hacked Webcams To Aid Missile, Drone Strikes On Kyiv

SpectralBlur macOS Backdoor Linked To North Korea

Court Hearings Become Ransomware Concern After Breach

5 Ways to Reduce SaaS Security Risks

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised