Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud

Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service PBaaS economy. At least since 2016, Chinese-speaking criminal groups have erected industrial-scale scam cente...

Improper Certificate Validation

github.com/in-toto/go-witness is vulnerable to Improper Certificate Validation. The vulnerability is due to the AWS attestor accepting EC2 instance identity documents without properly validating signatures and relying on outdated public certificates, which allows an attacker to supply or intercep...

SUSE CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

GO-2025-4028 go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness

go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness...

CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

CVE-2025-62375

The CVE describes an improper verification in the AWS attestor used by go-witness and witness. In affected versions, the attestor can accept forged AWS EC2 instance identity documents when a signature is absent/empty or RSA verification fails, and it relies on a legacy global AWS certificate inst...

CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

Scam hunter scammed by tax office impersonators

The next time you shake your head at another online scam and vow that you'd never fall for it, remember that even the most tech-savvy people can sometimes slip up. A case in point: Julie-Anne Kearns. This self-made scam-hunter told her story to the Guardian last week, revealing how she had been...

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS...

Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack

Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was...

Recycle Your Phone, Sure, But Maybe Not Your Number

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can ...

Binance KYC Data Leak — Crypto Exchange Sets $290,000 Bounty On Blackmailer

Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have hacked the KYC Know Your Customer data of thousands of its customers. The unknown attacker threatened the world's largest cryptocurrency exchange by volume to release KYC...

Cyber Criminal Underground: The Comics Edition

The criminal underworld is an insular community shrouded in secrecy. That’s helped lend an air of mystique to cyber crime. See also: Bruce Willis in “Die Hard 4: Live Free or Die Hard.”. But it turns out that, like so much else, real life cyber crime is… well… pretty dull. How dull? Comic artist...