Security

Critical security flaw affects Asus AiCloud routers, urgent update required

Hackers can craft a request, send it to the Asus router, and execute functions without authorization. Due to this critical vulnerability, bearing a score of 9.2 out of 10, the company is urging users to update the firmware of Asus routers running AiCloud.
Read more about Critical security flaw affects Asus AiCloud routers, urgent update required

“Vote for me” scam turns into chain reaction of stolen Facebook, X accounts

Is a friend asking you to vote for them on Facebook? It’s a scam that starts a chain reaction. Many people have already fallen victim.
Read more about “Vote for me” scam turns into chain reaction of stolen Facebook, X accounts

6M users at risk: 58 Chrome extensions discovered containing secret tracking code

Dozens of Chrome extensions, many of them featured on the Chrome Web Store but also hidden and not indexed by search engines, contain secret functionality to track users, a security researcher has discovered.
Read more about 6M users at risk: 58 Chrome extensions discovered containing secret tracking code

CISA recommends password reset after potential Oracle data breach

The Cybersecurity and Infrastructure Security Agency (CISA) is suggesting that organizations that have been affected by a potential data breach at Oracle’s Cloud Infrastructure reset passwords to minimize the risk associated with credential compromise.
Read more about CISA recommends password reset after potential Oracle data breach

Screw gov’t funding, we’re going nonprofit, CVE Board declares after database debacle

Citing global security for all, CVE board members have announced the creation of a new nonprofit CVE Foundation, aimed at taking the onus for funding the critical vulnerability database program out of government hands.
Read more about Screw gov’t funding, we’re going nonprofit, CVE Board declares after database debacle

Fake jobs, tolls, and deliveries text cost Americans half a billion

Text scams are raking in millions. And they're no longer just a minor annoyance – they’re looting Americans' accounts.
Read more about Fake jobs, tolls, and deliveries text cost Americans half a billion

Stop & Shop, Albert Heijn, Food Lion: Ransomware gang targets grocery heavyweights

Ahold Delhaize, the €87 billion ($99 billion) retail titan behind your local Stop & Shop and Albert Heijn, has been hit by a data breach. At least that’s what a ransomware gang is claiming on its dark web blog.
Read more about Stop & Shop, Albert Heijn, Food Lion: Ransomware gang targets grocery heavyweights

iPhone AI app leaked user-generated NSFW stories

Apple App Store’s Novel AI: Book Creator leaked its Firebase database, revealing that its users generated far spicier stuff than your average ghost story.
Read more about iPhone AI app leaked user-generated NSFW stories

A whopping 46% of US companies’ employees reuse passwords

Cybernews researchers analyzed the top 100 most trusted companies in America – including Nvidia, Costco, Apple, American Express, and others – and found that all of them had experienced data breaches, exposing critical cybersecurity weaknesses.
Read more about A whopping 46% of US companies’ employees reuse passwords

YouTuber’s pixelation fail: private video part unmasked in hours

One YouTuber laid out a challenge to his viewers: $50 to anyone who could de-pixelate a heavily obscured section of his video, intended to hide private folders. It was cracked in hours, demonstrating the vulnerability of blurring as a privacy measure.
Read more about YouTuber’s pixelation fail: private video part unmasked in hours

GoDaddy flop caused major Zoom outage

Zoom went down on Wednesday, and the company revealed it wasn’t to blame for the major outage.
Read more about GoDaddy flop caused major Zoom outage

Former CISA chief resigns from SentinelOne following White House pressure

Christopher Krebs, whom President Donald Trump fired as head of the Cybersecurity and Infrastructure Security Agency (CISA) in 2020, said on Wednesday he is leaving cybersecurity company SentinelOne following pressure from the White House.
Read more about Former CISA chief resigns from SentinelOne following White House pressure

Identity-based attacks most prevalent in cybersecurity incidents

Last year, cybercriminals leaned heavily on stealth and efficiency, favoring straightforward techniques over complex malware and zero-day exploits.
Read more about Identity-based attacks most prevalent in cybersecurity incidents

CVE database funding extended through 2026 – was the panic all for nothing?

Critical funding for the Common Vulnerabilities and Exposures database, set to expire on Wednesday, has been renewed in full, the US Cybersecurity and Infrastructure Security Agency (CISA) announced late Tuesday evening. So, was there a real threat to the MITRE-led program ending, or just government business as usual?
Read more about CVE database funding extended through 2026 – was the panic all for nothing?

Huge ransomware campaign targets AWS S3 storage: attackers have thousands of keys

A massive database of over 1,200 unique Amazon Web Services (AWS) access keys has been amassed and exploited in a ransomware campaign. Administrators of exposed AWS S3 buckets are finding their files encrypted except for a ransom note demanding payment in bitcoin.
Read more about Huge ransomware campaign targets AWS S3 storage: attackers have thousands of keys

Android devices to auto-restart if locked for 3 days: why does it matter?

Google is rolling out a new security feature that reboots Android devices if they remain locked for three consecutive days. This makes it much harder to access data from stolen but also seized devices.
Read more about Android devices to auto-restart if locked for 3 days: why does it matter?

Former MTV execs’ ghost platform still leaking personal data of numerous creatives

The Loop is dead, but your personal data isn’t. Over two million files packed with personal data are still sitting online, waiting to ruin someone's day.
Read more about Former MTV execs’ ghost platform still leaking personal data of numerous creatives

Think you're downloading Binance? It’s malware in disguise

Hackers are disguising malware as legit crypto trading tools, turning your curiosity about bitcoin into a full-blown system compromise.
Read more about Think you're downloading Binance? It’s malware in disguise