The Information Highway

The District of Columbia Board of Elections (DCBOE) is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC. 

23andMe has confirmed that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack. 

Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons. 

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. 

Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data. 

Apple released new emergency security updates on Wednesday to patch two new zero-day vulnerabilities known to be exploited in attacks. 

Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. 

Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information. 

Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface that might allow threat actors to more easily spread laterally to other Azure tenants. 

Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. 

Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. 

Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May. 

Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware. 

Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server. 

Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today. 

Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook. 

The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario. 

TikTok is flooded with videos promoting fake nude celebrity photo leaks used to push referral rewards for the Temu online megastore.

U.S. educational nonprofit National Student Clearinghouse has disclosed a data breach affecting 890 schools using its services across the United States.