Security

Canary tokens: threat hunting with digital trip wires

Canary tokens are digital "tripwires" that function like honeypots, designed to send a notification when triggered by a threat actor.
Read more about Canary tokens: threat hunting with digital trip wires

Ransomware hackers are desperate lying liars

Unlike usual Mondays, last Monday was fun – a manic Monday, I’d say. We woke up to our Ransomlooker, a tool exclusively developed by Cybernews to monitor the dark web, flashing like crazy.
Read more about Ransomware hackers are desperate lying liars

Massive Keenetic data leak uncovered: 1M households could be exposed

Users of Keenetic routers, mainly in Russia, have been exposed in a major data leak revealing sensitive credentials, device details, network configurations, and logs. With this information, hackers can directly connect and overtake affected networks. However, the vendor estimates the risk of fraudulent activity to be low.
Read more about Massive Keenetic data leak uncovered: 1M households could be exposed

Fake Meta support agent will steal your passwords

A new phishing campaign is targeting businesses using Meta ads. Attackers claim that your account was banned, but instead of fixing the problem, you get hacked.
Read more about Fake Meta support agent will steal your passwords

Rooting Android invites hackers: up to 3,000 times more vulnerable

A new report has revealed that rooted devices are orders of magnitude more vulnerable to various threats.
Read more about Rooting Android invites hackers: up to 3,000 times more vulnerable

Phishing campaign shifts focus to Macs after browsers enhance security on Windows

A phishing campaign, which initially targeted Windows users by masquerading as Microsoft security alerts, is now aiming at Mac users.
Read more about Phishing campaign shifts focus to Macs after browsers enhance security on Windows

Cybercrime karma: Babuk 2 ransomware steals from fellow crooks, makes fraudulent claims

Babuk 2 ransomware is making waves, claiming dozens of high-profile cyberattacks in a short time. Yet, other threat actors are accusing Babuk 2 of stealing their work, calling it a fraud. Evidence supports their claims and some security researchers seem to agree.
Read more about Cybercrime karma: Babuk 2 ransomware steals from fellow crooks, makes fraudulent claims

Top 10 secrets iOS apps leak without you knowing

Downloading an app should be safe. Unfortunately, this isn’t always the case. A Cybernews investigation found that 71% of iOS apps leak sensitive secrets, putting your data at risk.
Read more about Top 10 secrets iOS apps leak without you knowing

Better update now – a critical security flaw found in Apache Tomcat

A critical Apache Tomcat vulnerability puts companies and cloud platforms at risk, allowing attackers to alter files and execute malicious code.
Read more about Better update now – a critical security flaw found in Apache Tomcat

Dark Crystal trojan targets Ukrainians via Signal messages

Russians are once again ramping up their efforts to snoop on Ukrainian soldiers.
Read more about Dark Crystal trojan targets Ukrainians via Signal messages

Maximum risk flaw affects major server remote management system MegaRAC

The widely used server remote management system MegaRAC contains a critical flaw that hackers can exploit to bypass authentication and take full control of servers. Major brands like HPE, Asus, Lenovo, and ASRockRack are affected, and firmware updates are underway.
Read more about Maximum risk flaw affects major server remote management system MegaRAC

Hackers using AI agents more often for account takeover – Gartner

AI agents are becoming increasingly popular with hackers for exploiting online accounts. By 2027, they will reduce the time to take over an account by 50%.
Read more about Hackers using AI agents more often for account takeover – Gartner

Millions of Android TV boxes disconnected from hackers, but the risk remains

A record five million devices, mostly Android TV boxes, are running malware that can no longer call back to hackers after authorities cut off their controllers. However, the devices are still dangerous, and owners should replace them.
Read more about Millions of Android TV boxes disconnected from hackers, but the risk remains

Card collectors' secrets spilled in massive Collectibles.com leak

Collectibles.com, a collectible cards marketplace, has leaked sensitive details of nearly 900K customers, exposing clients’ card listings, transaction records, full names, and other sensitive information.
Read more about Card collectors' secrets spilled in massive Collectibles.com leak

Fraudulent Android apps displaying intrusive ads downloaded 60 million times on Google Play

Hundreds of Android apps are showing out-of-context ads and trying to persuade users to give away their credentials.
Read more about Fraudulent Android apps displaying intrusive ads downloaded 60 million times on Google Play

Major US teacher's union breach exposed 500k members' to hackers

Over 500,000 members of Pennsylvania's major teacher's union had sensitive personal and financial data stolen in a cyberattack, despite PSEA reassurances.
Read more about Major US teacher's union breach exposed 500k members' to hackers

Hackers hide malware in link files, but Microsoft refuses to fix the flaw

State-sponsored hackers from North Korea, Iran, Russia, and China are crafting malicious links that compromise governments, military, and other critical organizations, leading to espionage and data theft. Yet, Microsoft declined to address the vulnerability with a security patch, Trend Micro has said in a report.
Read more about Hackers hide malware in link files, but Microsoft refuses to fix the flaw

“Pay me or I tell Snowden:” are cybercriminals getting more desperate?

Desperation or creativity – how low are ransomware gangs ready to go to get paid? One gang has threatened to contact Edward Snowden if its victim doesn’t pay a ransom.
Read more about “Pay me or I tell Snowden:” are cybercriminals getting more desperate?