For individuals

In what's being called a 'major cybersecurity incident,' Beijing-backed adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.

Stolen Cyberhaven employee credentials used to steal access tokens and business data from users of Facebook ads.

Nine U.S. telecommunications firms were confirmed by U.S. officials to have been compromised by Chinese state-backed threat group Salt Typhoon as part of its sweeping cyberespionage operation, with the newly-added unnamed entity's networks breached to facilitate geolocating activities for millions of individuals, Reuters reports.

More than 15,000 internet-exposed Four-Faith F3x24 and F3x36 routers could potentially be compromised in ongoing intrusions exploiting the high-severity operating system command injection flaw, tracked as CVE-2024-12856, according to The Hacker News.

Hackread reports that Cisco had another 4.84 GB of its 4.5 TB dataset compromised from an October breach of an unsecured DevHub portal exposed on Christmas Eve by IntelBroker, who previously leaked 2.9 GB of files from the same trove.

Security Affairs reports that numerous Italian websites — including those of the country's Ministry of Foreign Affairs, the Turin Transport Group, and the Linate and Malpensa airports — have been compromised as part of a distributed denial-of-service attack by pro-Russian hacktivist operation NoName057, which noted the intrusions to have been launched in retaliation of "Italian Russophobes."