Retailer Hudson’s Bay Co on Sunday disclosed that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America.

One cyber security firm said that it has evidence that millions of cards may have been compromised, which would make the breach one of the largest involving payment cards over the past year, but added that it was too soon to confirm whether that was the case. Toronto-based Hudson’s Bay said in a statement that it had “taken steps to contain” the breach but did not say it had succeeded in confirming that its network was secure. 

As discerning dark web drug dealers and pseudonymous hackers have figured that Bitcoin is not magically private money, many have turned to Monero, a digital coin that promises a far higher degree of anonymity and untraceability baked into its design.

But one group of researchers has found that Monero's privacy protections, while better than Bitcoin's, still aren’t the cloak of invisibility they might seem. Monero is designed to mix up any given Monero "coin" with other payments, so that anyone scouring Monero's blockchain can't link it to any particular identity or previous transaction from the same source. 

A Boeing production plant in Charleston, South Carolina was hit by the WannaCry ransomwear cyberattack on Wednesday. Mike VanderWel, the chief engineer at Boeing Commercial Airplane production engineering, sent out a company-wide memo calling for “all hands on deck.”

“It is metastasizing rapidly out of North Charleston and I just heard 777 may have gone down,” reads VanderWel’s memo. The company worries the virus may hit equipment used in functional airplane tests, which could lead to it spreading to airplane software. WannaCry, which the Trump administration blames on the cyberterrorism unit of North Korea as of December 2017, attacked mainly via a critical Windows vulnerability.

A newly-discovered keylogger malware has been found infecting computers in the wild. Though the malware is far from advanced, it's efficient at stealing passwords.

Researchers at Cybereason, a Boston, Mass.-based security firm, call the malware "Fauxpersky," as it impersonates the Russian antivirus software Kaspersky. The keylogger is built off a popular app, AutoHotKey, which lets users write small scripts for automating tasks, and compile the script into an executable file. In this case, the app was abused to build a keylogger, which spreads through USB drives and infects Windows PCs -- and replicates on the computer's listed drives.

Github announced the discovery of more than 4 million vulnerabilities located in 500,000 plus repositories.

In 2017, the code sharing site started vulnerability scanning for known Common Vulnerabilities and Exposures in its Ruby and JavaScript libraries, according to a March 21 blog post. The libraries are operated through the company's Dependency Graph which matches the code against the vulnerabilities. Shortly after the program was launched, Github said 450,000 of the identified flaws had been resolved by Dec. 1, 2017 and its rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent. 

A Canadian political data firm called AggregateIQ left a large code repository downloadable online, according to a security researcher, exposing the political data and microtargeting tools that various Republican campaigns used to try to influence voters in the United States' 2016 election cycle.

The exposed data reveals AIQ's ties to the embattled data analytics firm Cabridge Analytica -- and, by extension, its ties to the campaigns of conservative Texas politicians Sen. Ted Cruz and Gov. Greg Abbott. They also reveal AggregateIQ (AIQ)'s connection to Ukrainian steel magnate Serhiy Taruta, head Ukraine's newly formed Osnova party. 

Opinion polls published on Sunday in the United States and Germany cast doubt over the level of trust people have in Facebook over privacy, as the firm ran advertisements in British and U.S. newspapers apologizing to users.

Fewer than half of Americans trust Facebook to obey U.S. privacy laws, according to a Reuters/Ipsos poll released on Sunday, while a survey published by Bild am Sonntag, Germany’s largest-selling Sunday paper, found 60 percent of Germans fear that Facebook and other social networks are having a negative impact on democracy. Facebook founder and chief executive Mark Zuckerberg apologized for “a breach of trust”.

Drupal developers are being asked to give themselves extra time next week to fix a “highly critical” flaw in Drupal 7 and 8 core.

In an advisory sent to developers on Wednesday, Drupal notified them that, “there will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 – 19:30 UTC.” The security advisory did not identify the bug, only describing it as a “highly critical security vulnerability.” “The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” according to the post. 

The Trump administration has announced criminal charges and sanctions against nine Iranians accused of participating in a government-sponsored hacking scheme to steal sensitive information from hundreds of universities, private companies and US government agencies.

The nine defendants, accused of working at the behest of the Iranian government-tied Islamic Revolutionary Guard Corps, hacked the computer systems of about 320 universities in the United States and abroad to steal expensive research that was then used or sold for profit, prosecutors said. 

Coinbase, one of the world’s most popular cryptocurrency exchanges, has apparently had a nasty bug lurking in its system that would allow users to collect unlimited ether through a few simple steps. Thanks to a bug report, however, the company avoided disaster.

VI Company, a Dutch firm specializing in FinTech, publicly disclosed the vulnerability on its HackerOne account on Wednesday. According to the report, a string of digital wallets controlled by a smart contract could be manipulated to trick Coinbase into believing a transfer had occurred. The issue was first reported in late December.