Author: Staff Writer

Top Highlights Data Breach Notification: Asheville Eye Associates (AEA) informed about 147,000 individuals whose personal information was stolen in a November 2024 data breach, initially affecting 204,984 people. Nature of the Breach: The breach, detected on November 18, involved unauthorized access to AEA’s network and included the theft of names, addresses, Social Security numbers, treatment details, and health insurance information. Investigation and Support: AEA engaged third-party specialists to investigate and secure their network, concluding the investigation on April 14, 2025, and is offering 12 months of free identity theft protection to impacted individuals. Ransomware Involvement: The DragonForce ransomware gang claimed…

Summary Points Apple’s Zero-Click Flaw: A critical zero-click vulnerability in the iOS Messages app (CVE-2025-43200) has been actively exploited to deliver Paragon spyware targeting journalists, highlighting the need for vigilance against unnoticed threats. TokenBreak Attack: Cybersecurity researchers unveiled a new attack method, TokenBreak, capable of bypassing AI moderation systems with minor text alterations, emphasizing vulnerabilities in large language models that could lead to serious security breaches. VexTrio’s Malicious Scheme: The VexTrio group is orchestrating an expansive cyber scheme using compromised WordPress sites to funnel users into malware and scams, showcasing the evolving nature of cybercrime networks that exploit legitimate platforms.…

Essential Insights Cyberattack Incident: WestJet faced a cyberattack on Friday, disrupting internal systems and limiting access to its app and website, though operations remained unaffected. Investigation and Response: The airline is collaborating with law enforcement and Transport Canada to investigate the incident while working to mitigate its impact, ensuring the safety of operations and protection of sensitive data. Service Restoration: By Sunday, user access to the WestJet app and website was restored, but temporary interruptions were still anticipated as the company continued to enhance its digital security. Lack of Detailed Information: WestJet has not disclosed specifics about the type of…

Essential Insights High-Severity Vulnerabilities Identified: Tenable has patched three high-severity vulnerabilities (CVE-2025-36631, CVE-2025-36632, CVE-2025-36633) in Nessus Agent for Windows, which could allow non-administrative users to escalate privileges and execute malicious actions. Impact and CVSS Scores: The vulnerabilities have CVSS scores of 8.4, 7.8, and 8.8, enabling the potential for actions like file overwriting, arbitrary code execution, and file deletion with System privileges. Affected Versions and Resolution: These vulnerabilities affect Nessus Agent versions 10.8.4 and earlier, with the resolution made available in version 10.8.5 for users to download. No Evidence of Exploits: While no active exploits have been reported, Tenable advises…

In today’s digital landscape, identity threats are more prevalent than ever. Protecting your digital identity is crucial as lateral movement and ransomware attacks rise. The new category of Identity Threat Detection and Response (ITDR) has emerged to address these challenges, but selecting the right tool can be daunting. Join Yiftach Keshet, VP of Product Marketing at Silverfort, for an exclusive webinar where you’ll discover: Unique Challenges Only ITDR Can Solve: Discover why traditional solutions fall short and how ITDR bridges the gap. Critical ITDR Capabilities: Learn about the key features to look for in an ITDR solution to ensure…

We live in a world of passwords. These digital keys unlock everything from social media to banking and business systems. With this power comes responsibility—and vulnerability. According to LastPass, professionals handle up to 200 sets of credentials on average. This offers 200 potential entry points for attackers. Once inside, they can sell the data on the dark web, commit identity theft, or launch further attacks to access confidential data, financial info, or intellectual property with ease. Compromised credentials are silent threats; often, you won’t know you’ve been breached until it’s too late. Join our exclusive webinar, “Compromised Credentials in 2024:…

Fast Facts Wiper Module Addition: Anubis ransomware has integrated a new wiper module that irreversibly destroys targeted files, complicating recovery efforts even if the ransom is paid. Affiliate Program: Launched in February 2024, Anubis offers lucrative revenue shares for affiliates—80% for ransomware, 60% for data extortion, and 50% for initial access brokers—indicating a potential increase in attack frequency. Destructive Tactics: The unique file-wiping feature activates with a specific command and entirely erases file contents while retaining filenames, heightening pressure on victims to comply with ransom demands. Attack Methodology: Anubis attacks typically start with phishing emails, leveraging malicious links or attachments,…

Essential Insights Cyberattack Investigation: WestJet is investigating a cyberattack that has affected access to some internal systems and their application, with ongoing cooperation from law enforcement and Transport Canada. Service Disruptions: Users experienced login issues with the WestJet website and mobile app; however, these services have since been restored. Operational Safety: Despite the cyber incident, WestJet maintains that its operations are running safely, although some software and services remain impacted. Unknown Attack Nature: The specifics of the breach, including whether it involved ransomware or significant system shut-downs, have not been clarified by WestJet. What’s the Problem? WestJet, the second-largest airline…

Are you frustrated with developers disregarding security guidelines and AppSec alerts? Security Champions can transform this dynamic, turning developers into advocates for secure coding and creating a collaborative environment. Join our webinar to discover the secrets of building an effective Security Champion Program that can revolutionize your AppSec efforts. In this webinar, you will learn how to: Overcome developer resistance and build trust Foster effective communication and collaboration Create a culture of security champions within your development teams Drive meaningful improvements in your application security posture Don’t miss this opportunity to unlock the full potential of your developers and…

Adeel Shaikh Muhammad, a leading cybersecurity and AI strategist, speaker, and author, has announced the release of the second edition of his highly regarded book, AI-Driven Transformation of the SOC and SecOps. The new edition provides updated insights into how Artificial Intelligence (AI) is revolutionizing Security Operations Centers (SOCs) and SecOps, helping security professionals reduce alert fatigue, unify security tools, and enhance incident response using machine learning and automation. Building on the success of the first edition, the updated version includes additional case studies, expanded analysis of AI-driven SOC workflows, and a deeper discussion on balancing automation with ethical and regulatory…