security

A new security fund opens up to help protect the fediverse

The fediverse, also known as the open social web that includes Mastodon, Meta’s Threads, Pixelfed, and other apps, is ramping up its security. On Wednesday, a nonprofit focused on bringing governance to open source projects, the Nivenly Foundation, announced the launch of a new security fund that will pay those who responsibly disclose security vulnerabilities […]

A new security fund opens up to help protect the fediverse Read More »

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Hackers are ramping up their attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances, security researchers warned this week. Threat intelligence startup GreyNoise said in a blog post on Tuesday that it had observed a “notable resurgence of in-the-wild activity” targeting the three ServiceNow vulnerabilities, tracked as CVE-2024-4879, CVE-2024-5178,

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems Read More »

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

The Pennsylvania State Education Association (PSEA), a labor union representing educators across the state, says hackers stole the sensitive personal information of more than half a million of its members.  PSEA is the largest organization for educators in Pennsylvania, representing current and former teachers, counselors, health care workers, and school social workers. In a filing

US teachers’ union says hackers stole sensitive personal data on over 500,000 members Read More »

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

The U.S. government’s cybersecurity agency is scrambling to contact more than 130 former employees after a federal court ruled that the Trump administration must reinstate workers it “unlawfully” fired. U.S. District Judge James Bredar last week ordered the Trump administration to reinstate employees laid off across a number of U.S. government agencies, including the Department

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’ Read More »

Hackers are exploiting Fortinet firewall bugs to plant ransomware

Security researchers have observed hackers linked to the notorious LockBit gang exploiting a pair of Fortinet firewall vulnerabilities to deploy ransomware on several company networks.  In a report published last week, security researchers at Forescout Research said a group it’s tracking dubbed “Mora_001” is exploiting the Fortinet firewalls, which sit on the edge of a

Hackers are exploiting Fortinet firewall bugs to plant ransomware Read More »

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

Elon Musk’s Department of Government Efficiency (DOGE) has fired more than a hundred employees working for the U.S. government’s cybersecurity agency CISA, including “red team” staffers, two people affected by the layoffs told TechCrunch.  The people, who asked not to be named, said affected employees were axed immediately when their network access was revoked with

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts Read More »

What PowerSchool won’t say about its data breach affecting millions of students

We’re only a few months into 2025, but the recent hack of U.S. edtech giant PowerSchool is on track to be one of the biggest education data breaches in recent years.  PowerSchool, which provides K-12 software to more than 18,000 schools to support some 60 million students across North America, first disclosed the data breach

What PowerSchool won’t say about its data breach affecting millions of students Read More »

Hacker accessed PowerSchool’s network months before massive December breach

A hacker compromised the U.S. edtech giant PowerSchool months before its ‘massive’ data breach in December, according to a now-published forensic report into the incident conducted by U.S. cybersecurity firm CrowdStrike. In a letter sent to affected customers last week, seen by TechCrunch, PowerSchool confirmed that an investigation into the incident has revealed that its

Hacker accessed PowerSchool’s network months before massive December breach Read More »

Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations

Japanese telecom giant NTT Communications (NTT Com) has confirmed that hackers accessed the data of almost 18,000 corporate customers during a February cyberattack, affecting an as-yet-unknown number of individuals. The Tokyo-based NTT Com, which provides phone and network tech to enterprises, said it discovered the data breach on February 5 after determining that the hackers

Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations Read More »