Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment, writes Sergiu...

Reddit has confirmed hackers accessed internal documents and source code following a “highly-targeted” phishing attack, writes Carly Page. Here is the link: https://techcrunch.com/2023/02/10/reddit-says-hackers-accessed-internal-data-following-employee-phishing-attack/ 

Russian hackers have attacked the website of the European Union’s Parliament and managed to take it offline for several hours, writes Sead Fadilpašić. Here is the link: https://www.techradar.com/news/hackers-take-down-eu-parliament-site-in-apparent-ddos-attack

This new hole only affects OpenSSL versions 3.0.0 through 3.0.6. So, older operating systems and devices are likely to avoid these problems, writes Steven Vaughan-Nichols. Here's the link: https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/

Apple has released security updates to address vulnerabilities in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Big Sur 11.7.1, macOS Monterey 12.6.1, macOS Ventura 13, tvOS 16.1, watchOS 9.1. Find the Apple update links here.

Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic, raising cybersecurity concerns, writes Lawrence Abrams. Here is the link: https://www.bleepingcomputer.com/news/security/intel-confirms-leaked-alder-lake-bios-source-code-is-authentic/

Meta is warning Facebook users about hundreds of apps on Apple and Google’s app stores that were specifically designed to steal login credentials to the social network app, writes Mitchell Clark. Here...

Optus has repeatedly opposed a proposed change to privacy laws that would give customers the right to request their data be destroyed, writes Josh Taylor. Here is the link: https://www.theguardian.com/australia-news/2022/sep/24/optus-cyber-attack-company-opposed-changes-to-privacy-laws-to-give-customers-more-rights-over-their-data

Uber said that a hacker associated with the Lapsus$ hacking group was to blame for a breach of its internal systems last week, writes Andrew J. Hawkins. Here is the link: https://www.theverge.com/2022/9/19/23361511/uber-hack-blame-lapsus-gta-vi-rockstar

The food delivery and ride sharing disruptor has admitted that something is up, saying it is investigating the matter with the Feds, writes Simon Sharwood. Here is the link: https://www.theregister.com/2022/09/16/uber_security_incident/

T-Mobile has admitted no guilt but has agreed to pay a $500 million settlement (pending a judge’s approval), out of which $350 million will go to the settlement fund, writes Ashley...

The House committee investigating the Capitol attack is examining whether Secret Service text messages from 5 and 6 January 2021 that were erased around the time of an internal review can be reconstructed, writes Hugo Lowell. 

A hacker (or group of hackers) claims to have stolen data on a billion Chinese citizens from a Shanghai police database, writes K. Holt. Here is the link: https://www.engadget.com/china-hack-data-billion-citizens-police-173052297.html

Google's Threat Analysis Group and Project Zero vulnerability analysis team published findings about the iOS version of a spyware product attributed to the Italian developer RCS Labs, writes Lily Hay Newman. Here is...

The agents are middleware that bridge customer VMs and the provider's other managed services, writes Brandon Vigliarolo. Here is the link: https://www.theregister.com/2022/06/11/in-brief-security/

San Francisco, Calif.-based SaaS security comapny AppOmni has raised $70 million in a Series C funding round.

India's SpiceJet airline said its systems faced an "attempted ransomware attack" on Tuesday, delaying flights and leaving many stranded at airports, according to the report. Here is the link: https://www.bbc.com/news/world-asia-india-61575773

A shady private surveillance company sold access to nearly half a dozen powerful security flaws in Chrome and Android last year to government-affiliated hackers, Google revealed Monday, writes Lucas Ropek. Here is...

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, writes Simon Sharwood. Here is the link: https://www.theregister.com/2022/05/19/vmware_cisa_security_risks/ Find the advisories from VMware here:...

Nokia announced the launch of its Advanced Security Testing and Research (ASTaR) lab, located in Dallas, Texas.

A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate, writes Ravie...

Yaroslav Vasinskyi, 22, was arrested last month at the request of the U.S. government while trying to enter Poland from Ukraine, writes Pete Williams. Here is the link: https://www.nbcnews.com/news/us-news/ukranian-man-charged-ransomware-attack-affected-1500-us-businesses-rcna4835

The trading platform said in a statement that the November 3 attack allowed the unauthorized party to obtain a list of email addresses for about 5 million people, writes Matt Egan. Here...

“Sideloading is a cyber criminal’s best friend and requiring that on iPhone would be a gold rush for the malware industry,” according to Apple senior vice president Craig Federighi, writes Chaim...

A massively popular JavaScript library (npm package) was hacked, and modified with malicious code that downloaded and installed a password stealer and cryptocurrency miner, writes Catalin Cimpanu. Here is the link: https://therecord.media/malware-found-in-npm-package-with-millions-of-weekly-downloads/  

Twitch on Wednesday confirmed what appears to be a large data breach, pointing to an "error in a Twitch server configuration change" that exposed some data to the internet, writes Carrie Mihalcik. Here...

Google this month said Chrome browser extensions written under its Manifest V2 specification will stop working in January 2023, writes Thomas Claburn. Here is the link: https://www.theregister.com/2021/09/27/google_chrome_manifest_v2_extensions/

Developer security company Snyk has raised $530 million in a Series F investment round.

Private equity buyouts in cybersecurity are hitting new records as a fast-growing industry responds to a surge in remote working and increasingly sophisticated cyberattacks, writes Ryan Prete. Here is the link: https://pitchbook.com/news/articles/hackers-remote-workers-private-equity-cybersecurity

Juniper’s breach remains important — and the subject of continued questions from Congress — because it highlights the perils of governments inserting backdoors in technology products, writes Jordan Robertson. Here is the...

A flaw in Microsoft’s Azure Cosmos DB database product left more than 3,300 Azure customers open to complete unrestricted access by attackers, writes Thomas Ricker. Here is the link: https://www.theverge.com/2021/8/27/22644161/microsoft-azure-database-vulnerabilty-chaosdb You can find...

French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, writes Kim Willsher. 

Technical incident management platform company Rootly has closed $3.2 million in seed funding.

Joe Biden said on Saturday he had directed US intelligence agencies to investigate a sophisticated ransomware attack, according to the report. Here is the link: https://www.theguardian.com/technology/2021/jul/03/kaseya-ransomware-attack-us-sweden

Sunnyvale, Calif.-based email security company Armorblox has raised $30 million in a Series B funding round. The investment was led by Next47, with participation from Polaris Partners and Unusual Ventures, as well...

The US National Security Agency has issued a security advisory this month urging system administrators in federal agencies and beyond to stop using old and obsolete TLS protocols, writes Catalin...

The US Department of Justice has unsealed charges against six GRU officers believed to be members of Sandworm, writes Catalin Timpanu. Here is the link: https://www.zdnet.com/article/us-charges-russian-hackers-behind-notpetya-killdisk-olympicdestroyer-attacks/