February 20, 2025
Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes
Said bugs 'can have significant implications' – glad to hear that from Redmond Microsoft is so concerned about security in its Copilot products for folks that it’s lifted bug bounty payments for moderate-severity vulnerabilities from nothing to a maximum of $5,000, and expanded the range of vulnerabilities it…
US minerals company says crooks broke into email and helped themselves to $500K
A painful loss for young company that's yet to generate revenue A NASDAQ-listed US minerals company says cybercriminals broke into its systems on Valentine's Day and paid themselves around $500,000 – money earmarked for a vendor.…
Critical flaws in Mongoose library expose MongoDB to data thieves, code execution
Bugs fixed, updating to the latest version is advisable Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially steal data and run code.…
Two arrested after pensioner scammed out of six-figure crypto nest egg
The latest in a long line of fraud stings worth billions each year Two men are in police custody after being arrested in connection with a July cryptocurrency fraud involving a man in his seventies.…
Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
FBI and CISA issue reminder - deep sigh - about the importance of patching and backups The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a…
Medusa ransomware gang demands $2M from UK private health services provider
2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident' Exclusive HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be…