Connect with us

Hi, what are you looking for?



In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach 

Noteworthy stories that might have slipped under the radar: LastPass vault hacking, Russia targets energy facility in Ukraine, NXP data breach.

Cybersecurity news roundup

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:  

SentinelOne ends Wiz collaboration following acquisition rumors

SentinelOne has ended its collaboration with cloud security firm Wiz following reports of a potential merger valued at $5-6 billion. SentinelOne shut down the rumors that it’s being acquired by Wiz a few days later, when it announced its decision to unilaterally terminate its six-month-old partnership with Wiz “as a result of their continued lack of execution against their commitments”.

Hackers may be breaking into LastPass vaults compromised in data breach 

Advertisement. Scroll to continue reading.

Some experts believe that threat actors may be breaking into the LastPass vaults compromised in a data breach last year, security blogger Brian Krebs reported. An investigation showed that many security-conscious individuals who had a total of $35 million worth of cryptocurrency stolen from them had used LastPass to store their private key.

Semiconductor company NXP discloses data breach

Dutch semiconductor designer and manufacturer NPX has disclosed a data breach affecting the email addresses of users who had registered an account on, but had not used it for at least 18 months. No other information was exposed, NPX said. 

Data breach at golf equipment maker Callaway impacts one million people

Callaway, a company that makes clubs, balls and other golf equipment, has disclosed a data breach affecting more than one million people. The firm said it discovered unauthorized access to information such as name, email address, phone number, order history, password, and security question answer. 

New report details how China is weaponizing software vulnerabilities

A new report from the Atlantic Council details how China is weaponizing software vulnerabilities, often leveraging the fact that entities are required by law to report flaws to the Ministry of Industry and Information Technology (MIIT) within 48 hours of their discovery. 

Vulnerability in application security platform

WithSecure has found and disclosed a vulnerability in a platform designed to help software developers identify and address vulnerabilities in code libraries. An attacker could have accessed the data of other users in the same SaaS environment by needing only a valid email address associated with the victim. 

Flipper Zero used for targeting Apple devices via Bluetooth 

A researcher has demonstrated how the Flipper Zero hacking device can be used to spam Apple phones and tablets via Bluetooth advertising packets. An attacker can use the method for pranks (get notifications to pop up on nearby devices), but the researcher has also promised to show how it can be leveraged for more malicious purposes. 

MinIO vulnerabilities exploited for new cloud attack vector

Two vulnerabilities patched in March in the MinIO object storage suite have been exploited in what researchers described as a new vector for cloud attacks. In observed attacks, threat actors exploited CVE-2023-28434 and CVE-2023-28432 to replace the original MinIO executable with an evil version containing a backdoor. 

Russian APT targets energy facility in Ukraine

Ukraine’s government computer emergency response team CERT-UA said it spotted an attack launched by Russian state-sponsored threat group APT28 against an energy facility in the country. CERT-UA’s report describes the initial stages of the attack and it’s unclear if the attackers may have been trying to target ICS and cause a power outage, as they did in the past. 

Interesting dynamically seeded DGAs

Akamai researchers have analyzed the dynamically seeded domain generation algorithm (DGA) used by the Pushdo and Necurs botnets and observed interesting behaviors that suggest cybercriminals are trying to extend the lifespan of C&C channels and avoid detection. 

W3LL phishing kit used to target corporate Microsoft 365 accounts 

A custom phishing kit called W3LL Panel has been acquired by at least 500 threat actors and used to target over 56,000 corporate Microsoft 365 accounts, according to Group-IB. The cybersecurity firm estimates that the W3LL tool’s developers may have made $500,000 in the last 10 months. 

TXOne Networks announces new Edge v2 engine

Industrial cybersecurity firm TXOne Networks has announced the second generation of its Edge engine. The Edge v2 engine enables network segmentation via automated rule generation and learning. 

Related: In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs

Related: In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.