Latest Warnings
Many Public Salesforce Sites are Leaking Private Data
A shocking number of organizations -- including banks and healthcare providers -- are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem ...
3CX Breach Was a Double Supply Chain Compromise
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North ...
Why is ‘Juice Jacking’ Suddenly Back in the News?
KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about "juice jacking," a term first coined ...
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published ...
Microsoft Patch Tuesday, February 2023 Edition
Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year's ...
New T-Mobile Breach Affects 37 Million Accounts
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation ...
Microsoft Patch Tuesday, January 2023 Edition
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, ...
Microsoft Patch Tuesday, December 2022 Edition
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches ...
ConnectWise Quietly Patches Flaw That Helps Phishers
ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over ...
U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company ...