Recent discoveries reveal critical vulnerabilities in Eken and Tuck's doorbell cameras, leading to unauthorized access and resulting in some retailers offering refunds and discontinuing sales. Additionally, cybersecurity specialists have identified unconventional breach methods used by Red Teams and criminals, such as USB drops, mailed compromised devices, attacks on port authorities, drone-based strategies, insider schemes, and exploiting weak drivers for initial access. The 6th Edition of the Hacker Powered Security Report also sheds light on modern penetration testing, comparing traditional Penetration Testing as a Service (PTaaS) with automated approaches, focusing on their efficiency, quality, and overall worth.

Phishing campaigns target FCC and crypto firm employees with CryptoChameleon, leading to over 100 breaches. An Indian content farm mimics news outlets to push gambling and crypto scams. Hikvision and Ivanti Pulse Secure address critical vulnerabilities. U.S. cybersecurity agencies alert on Phobos ransomware. NSO Group is compelled to share Pegasus source code with Meta. ConnectWise ScreenConnect and SolarWinds fix severe exploits. McAfee Labs highlights malware in PDFs, and Shodan scans for internet-connected devices.

In the news, the UnitedHealth Group and Change Healthcare reported cyberattacks by the ALPHV/Blackcat ransomware gang, affecting healthcare services. CutOut.Pro refutes a data breach claim despite evidence. Anurag Sen exposed a leak from YX International, risking two-factor codes. Fulton County and Houser LLP are addressing separate security incidents. The U.S. Commerce Department investigates auto cyber risks, while Golden Corral faces a breach lawsuit. CryptoChameleon targets crypto platforms, with increased security advised.

And in the news, GitHub has introduced default push protection to enhance security against data leaks in public repositories. The ASIO director of Australia highlighted increasing cyber threats to infrastructure, notably from nation-state espionage. Infoblox exposed the Savvy Seahorse phishing campaign, leveraging social media for fraud. Cutout.Pro addressed a data breach impacting 20 million users. Citrix and Sophos encountered leap year bugs, disrupting services. Pepco Group lost $17 million due to a sophisticated phishing attack, prompting a security overhaul. Ivanti faced attacks by UNC5325, linked to China, necessitating patches. The Silver SAML attack threatens identity systems, countered by Entra ID certificates. SPIKEDWINE targets European officials with malware. Legal actions challenge Meta over GDPR issues. Airbnb scam alerts and new Linux malware, GTPDOOR, highlight ongoing digital threats. The OSINT SMART FRAMEWORK offers resources for open-source intelligence, while aviation safety remains a critical concern as reported by The Aviation Herald.

In the news, Microsoft warns of an exploited Windows Kernel issue (CVE-2024-21338). The BlackCat/ALPHV ransomware group attacked Change Healthcare, stealing data. SpikedWine targeted EU diplomats with "WineLoader" malware. Epic Games denies server breach by Mogilevich group. Palo Alto Networks faces a lawsuit over forecasts. North Korea's Lazarus hackers exploited a patched Windows AppLocker flaw. The US restricts Sandvine and Chengdu Beizhan Electronics for surveillance and nuclear roles. Cencora reports a data breach. The Iranian UNC1549 group targets aerospace for espionage. Japan's CSIRT warns of 'Comebacker' malware in PyPI packages. Russian hackers attack Ubiquiti EdgeRouters. Cisco Talos finds TimbreStealer malware in Mexico. President Biden plans an executive order on data protection. Concerns over GlobalBlock's free speech impact. Google's filetype search issue, Abyss Locker ransomware targets, and Xeno RAT malware spread noted.

In the news, businesses are adopting automated AI fraud detection and real-time monitoring. Importance is given to phone number analysis and IRBIS People Search for security intelligence. ESPY Ltd emphasizes fraud prevention through telecom data and two-factor authentication. PCI DSS 4.0 standards will mandate web application firewalls by March 2025. Recent threats include Google OAuth2 exploits, UAC-0099 cyber attacks, and WinRAR vulnerabilities. Reports highlight increasing malware and phishing, with recommendations for fundamental security practices and memory-safe programming for reducing vulnerabilities.

In cryptocurrency news there is upheaval with a gambling platform rug pull, significant financial losses from various attacks, and the revelation of an Australian's disappearance post-bank error. In cybersecurity, the BitForex platform is under scrutiny for a possible exit scam, while the Aleo blockchain and Tornado Cash encountered data and code breaches respectively. Additionally, the South African parliament suffered a data leak, and new malware, "Angel Drainer," targets cryptocurrency users. Security research highlights browser vulnerabilities, and Microsoft exposes a critical Windows flaw. In lighter news, FunnyPlaying's FPGBC Kit brings nostalgia with a modern twist on the Game Boy Color.

In the news, research by Lab52 unveils efforts by the Turla group with a modified Kazuar trojan. PayPal targets stolen super-cookies threats. Axie Infinity's Jeff Zirlin and wallets face crypto-theft, highlighted by PeckShield. The LockBit group threatens with new FBI material leaks. A critical SQL Injection flaw in WordPress's Ultimate Member plugin demands updates. The RCMP combats a cyberattack aftermath, while ConnectWise ScreenConnect users must upgrade due to severe exploits.

A Russian national is on trial for a cyberattack on a power grid that led to a blackout in 38 villages. North Korean hackers infiltrated the Russian Ministry of Foreign Affairs using KONNI malware. Sony's Insomniac Games alerts employees to a data breach by Rhysida ransomware group. The FTC sues H&R Block for deceptive free online filing ads. LAX airport's database was compromised by IntelBroker, exposing 2.5 million records. The LockBit ransomware group has extorted over a billion dollars, with authorities disrupting their operations. Microsoft releases PyRIT for AI systems security testing. Australian telecom Tangerine discloses a breach affecting 230,000 users. New Jersey rehab centers by Maryville fell victim to a cyberattack, and Mr. Cooper exposes two million customer records. Google Pay is set to end peer-to-peer payments in the US, while U-Haul confirms a breach affecting 67,000 customers. Apple fixes a vulnerability in its Shortcuts app. Avast settles for $16.5 million with the FTC for data privacy violations. The U.S. military assesses a high-altitude balloon over Utah. Google hits pause on Gemini AI's person generation over errors. The blockchain space is riddled with security breaches and unethical practices, and GitHub hosts OSINT-Practitioners, a resource hub for open-source intelligence enthusiasts.

In the news, US companies face fines for not adhering to SEC's cybersecurity disclosure rules, urging improved incident responses. Research indicates GPT-4 could autonomously execute website exploits, highlighting AI security risks. Avast is fined $16.5 million by the FTC for unsanctioned data sales, necessitating a new privacy framework. Law enforcement disrupts the LockBit ransomware group, seizing $110 million. A compromised Python package led to a supply chain attack, while Malawi's government and ConnectWise ScreenConnect combat separate cybersecurity incidents. U-Haul's data breach impacts 67,000 customers, and Optum confronts a cyberattack suspected from nation-state actors.