Security

Getting hacked through fonts: Facebook warns about major vulnerability

Meta has warned about a dangerous vulnerability in FreeType, a widely used font-rendering library that many applications depend on. Hackers may already have exploited it in the wild. Some Linux distributions include vulnerable versions.
Read more about Getting hacked through fonts: Facebook warns about major vulnerability

System oversight leaks 23 million government records

Nigeria‘s social investment coordination platform accidentally leaked tens of millions of citizens‘ records, exposing everything from home addresses to work backgrounds.
Read more about System oversight leaks 23 million government records

Over 300 critical organizations affected by Medusa ransomware, FBI warns

Medusa ransomware has already affected over 300 victims across critical infrastructure sectors since its first detection in June 2021, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warn.
Read more about Over 300 critical organizations affected by Medusa ransomware, FBI warns

CISA denies mass DOGE-led firings, says employment status unaffected

A significant dispute has emerged regarding the fate of the US Cybersecurity and Infrastructure Security Agency's (CISA) elite “Red Teams.” The CISA is vigorously denying reports of a mass termination by Elon Musk's Department of Government Efficiency (DOGE).
Read more about CISA denies mass DOGE-led firings, says employment status unaffected

Lawsuit targets PlayerAuctions over hacked GTA accounts and currency sales

Rockstar Games has filed a lawsuit against PlayerAuctions for selling hacked accounts and in-game currency for GTA Online.
Read more about Lawsuit targets PlayerAuctions over hacked GTA accounts and currency sales

FTC: “Top scams in 2024 led to $12.5B in losses”

Americans lost an unprecedented $12.5 billion to fraud last year.
Read more about FTC: “Top scams in 2024 led to $12.5B in losses”

23 million secrets spilled on GitHub, developers naively assume no one will know

A single hardcoded password is like leaving a digital landmine. Still, developers remain trapped in a false sense of security.
Read more about 23 million secrets spilled on GitHub, developers naively assume no one will know

Chinese spies plant custom backdoors and secretly lurk in Juniper routers

Juniper routers, widely used by telecoms, large companies, and data centers, are being targeted by a Chinese cyberespionage group. Google Mandiant researchers have discovered custom backdoors tailored for end-of-life hardware.
Read more about Chinese spies plant custom backdoors and secretly lurk in Juniper routers

Massive research into iOS apps uncovers widespread secret leaks, abysmal coding practices

1
Most apps on Apple’s App Store seem to leak at least one hard-coded secret. Many high-sensitivity secrets were found, including keys to cloud storage, various APIs, and even payment processors. Some endpoints are left completely unprotected, putting users at risk.
Read more about Massive research into iOS apps uncovers widespread secret leaks, abysmal coding practices

How Apple App Store apps can expose your data: hard-coded secrets explained

Your data can be exposed to bad actors because of poor programming practices.
Read more about How Apple App Store apps can expose your data: hard-coded secrets explained

How do malicious apps end up on official app stores?

While you may think that downloading apps from official app stores is entirely secure, you can still catch malware that will steal your private data.
Read more about How do malicious apps end up on official app stores?

Multiple vulnerabilities in Mozilla products could put governments and businesses at risk

Mozilla has patched multiple vulnerabilities that could have enabled attackers to hijack user devices.
Read more about Multiple vulnerabilities in Mozilla products could put governments and businesses at risk

Jaguar Land Rover’s source code, tracking data leaked, attackers claim

Britain’s luxury car maker Jaguar Land Rover (JLR) allegedly has had its tracking data, source code, and employee details stolen and leaked.
Read more about Jaguar Land Rover’s source code, tracking data leaked, attackers claim

Critical Apple vulnerability enables “extremely sophisticated” attacks

Apple has urgently patched a zero-day vulnerability in WebKit, the engine powering the Safari web browser and many other apps.
Read more about Critical Apple vulnerability enables “extremely sophisticated” attacks

Russian YouTubers blackmailed into spreading crypto miner

“A massive malware campaign” has been uncovered, with Russian YouTubers being forced to spread crypto-mining malware.
Read more about Russian YouTubers blackmailed into spreading crypto miner

Google coughed up $12M in bug bounties in 2024

Google’s Vulnerability Reward Program paid $11.8 million to the security research community last year to make the company and its products safer.
Read more about Google coughed up $12M in bug bounties in 2024

“Script kiddie” hackers behind Dark Storm cyberattack on Musk's X, security researcher says

A French security researcher on Tuesday claims to have uncovered the identity of the Dark Storm hacker behind the hours-long DDoS cyberattack on Elon Musk’s X social media platform – and it looks as if an Egyptian college student was behind the entire operation.
Read more about “Script kiddie” hackers behind Dark Storm cyberattack on Musk's X, security researcher says

Government leaks nearly two million citizens’ documents

India’s Ministry of Housing and Urban Affairs left an open AWS bucket revealing nearly two million IDs, bank statements, and other files with sensitive citizens’ data.
Read more about Government leaks nearly two million citizens’ documents