Security
Customers of “China‘s Amazon” had their passwords stolen, hackers say
Jingdong, China‘s largest retailer, has allegedly been targeted by a ransomware cartel. The hackers claim they’ve stolen copious amounts of company data, including customer passwords.
Read more about Customers of “China‘s Amazon” had their passwords stolen, hackers say
Hackers claim major Chinese online shopping platform Taobao
Babuk ransomware, a threat actor targeting big enterprises, claims to have stolen data from Taobao, an Alibaba Group-owned online shopping platform and the eighth most-visited website in China.
Read more about Hackers claim major Chinese online shopping platform Taobao
We also reveal a secret: this is how we tested thousands of leaky iOS apps
We went behind the scenes of the biggest investigation into iOS app safety so far. We easily gained access to our colleague chats – imagine what threat actors could do.
Read more about We also reveal a secret: this is how we tested thousands of leaky iOS apps
A hacktivist's manifesto: The irony of Dark Storm Team’s massive DDoS attack against X
Whenever we think of hacktivism, what comes to mind? You see, the spirit of hacktivism is enriched with a broad palette of ideological flavors.
Read more about A hacktivist's manifesto: The irony of Dark Storm Team’s massive DDoS attack against X
DeepSeek’s chatbot can be used to generate ransomware and keylogger
DeepSeek’s reasoning model R1 can easily be tricked into generating malicious code, even though it still needs human input, research shows.
Read more about DeepSeek’s chatbot can be used to generate ransomware and keylogger
Booking.com scammers unleash credential-stealing malware havoc against hosts
Booking.com hosts are being targeted with dangerous credential-stealing malware, Microsoft warns. Scammers convincingly impersonate the platform to craft fraudulent emails about complaining guests, promotion opportunities, account verification, and other requests.
Read more about Booking.com scammers unleash credential-stealing malware havoc against hosts
Getting hacked through fonts: Facebook warns about major vulnerability
Meta has warned about a dangerous vulnerability in FreeType, a widely used font-rendering library that many applications depend on. Hackers may already have exploited it in the wild. Some Linux distributions include vulnerable versions.
Read more about Getting hacked through fonts: Facebook warns about major vulnerability
System oversight leaks 23 million government records
Nigeria‘s social investment coordination platform accidentally leaked tens of millions of citizens‘ records, exposing everything from home addresses to work backgrounds.
Read more about System oversight leaks 23 million government records
Over 300 critical organizations affected by Medusa ransomware, FBI warns
Medusa ransomware has already affected over 300 victims across critical infrastructure sectors since its first detection in June 2021, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warn.
Read more about Over 300 critical organizations affected by Medusa ransomware, FBI warns
CISA denies mass DOGE-led firings, says employment status unaffected
A significant dispute has emerged regarding the fate of the US Cybersecurity and Infrastructure Security Agency's (CISA) elite “Red Teams.” The CISA is vigorously denying reports of a mass termination by Elon Musk's Department of Government Efficiency (DOGE).
Read more about CISA denies mass DOGE-led firings, says employment status unaffected
Lawsuit targets PlayerAuctions over hacked GTA accounts and currency sales
Rockstar Games has filed a lawsuit against PlayerAuctions for selling hacked accounts and in-game currency for GTA Online.
Read more about Lawsuit targets PlayerAuctions over hacked GTA accounts and currency sales
FTC: “Top scams in 2024 led to $12.5B in losses”
Americans lost an unprecedented $12.5 billion to fraud last year.
Read more about FTC: “Top scams in 2024 led to $12.5B in losses”
23 million secrets spilled on GitHub, developers naively assume no one will know
A single hardcoded password is like leaving a digital landmine. Still, developers remain trapped in a false sense of security.
Read more about 23 million secrets spilled on GitHub, developers naively assume no one will know
Chinese spies plant custom backdoors and secretly lurk in Juniper routers
Juniper routers, widely used by telecoms, large companies, and data centers, are being targeted by a Chinese cyberespionage group. Google Mandiant researchers have discovered custom backdoors tailored for end-of-life hardware.
Read more about Chinese spies plant custom backdoors and secretly lurk in Juniper routers
Massive research into iOS apps uncovers widespread secret leaks, abysmal coding practices
Most apps on Apple’s App Store seem to leak at least one hard-coded secret. Many high-sensitivity secrets were found, including keys to cloud storage, various APIs, and even payment processors. Some endpoints are left completely unprotected, putting users at risk.
Read more about Massive research into iOS apps uncovers widespread secret leaks, abysmal coding practices
How Apple App Store apps can expose your data: hard-coded secrets explained
Your data can be exposed to bad actors because of poor programming practices.
Read more about How Apple App Store apps can expose your data: hard-coded secrets explained
How do malicious apps end up on official app stores?
While you may think that downloading apps from official app stores is entirely secure, you can still catch malware that will steal your private data.
Read more about How do malicious apps end up on official app stores?
Multiple vulnerabilities in Mozilla products could put governments and businesses at risk
Mozilla has patched multiple vulnerabilities that could have enabled attackers to hijack user devices.
Read more about Multiple vulnerabilities in Mozilla products could put governments and businesses at risk