GitHub.com rotates its exposed private SSH key


GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software development and version control service says, the private RSA key was only "briefly" exposed, but that it took action out of "an abundance of caution." [...]


https://www.bleepingcomputer.com/news/se...e-ssh-key/

'Bitter' espionage hackers target Chinese nuclear energy orgs


A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders. [...]


https://www.bleepingcomputer.com/news/se...ergy-orgs/

UK creates fake DDoS-for-hire sites to identify cybercriminals


The U.K.'s National Crime Agency (NCA) revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations. [...]


https://www.bleepingcomputer.com/news/se...criminals/

Procter & Gamble confirms data theft via GoAnywhere zero-day


Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February. [...]


https://www.bleepingcomputer.com/news/se...-zero-day/

OpenAI: ChatGPT payment data leak caused by open-source bug


OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries. [...]


https://www.bleepingcomputer.com/news/se...ource-bug/

Australian police arrest four BEC actors who stole $1.7 million


The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between January 2020 and March 2023.  [...]


https://www.bleepingcomputer.com/news/se...7-million/

Microsoft shares tips on detecting Outlook zero-day exploitation


Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched Outlook zero-day vulnerability. [...]


https://www.bleepingcomputer.com/news/se...loitation/

The Week in Ransomware - March 24th 2023 - Clop overload


This week's news has been dominated by the Clop ransomware gang extorting companies whose GoAnywhere services were breached using a zero-day vulnerability. [...]


https://www.bleepingcomputer.com/news/se...-overload/

FBI confirms access to Breached cybercrime forum database


Today, the FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the U.S. Justice Department also officially announced the arrest of its owner [...]


https://www.bleepingcomputer.com/news/se...-database/

Windows, Ubuntu, and VMWare Workstation hacked on last day of Pwn2Own

On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software. [...]


https://www.bleepingcomputer.com/news/se...f-pwn2own/