Security
Better update now – a critical security flaw found in Apache Tomcat
A critical Apache Tomcat vulnerability puts companies and cloud platforms at risk, allowing attackers to alter files and execute malicious code.
Read more about Better update now – a critical security flaw found in Apache Tomcat
Dark Crystal trojan targets Ukrainians via Signal messages
Russians are once again ramping up their efforts to snoop on Ukrainian soldiers.
Read more about Dark Crystal trojan targets Ukrainians via Signal messages
Maximum risk flaw affects major server remote management system MegaRAC
The widely used server remote management system MegaRAC contains a critical flaw that hackers can exploit to bypass authentication and take full control of servers. Major brands like HPE, Asus, Lenovo, and ASRockRack are affected, and firmware updates are underway.
Read more about Maximum risk flaw affects major server remote management system MegaRAC
Hackers using AI agents more often for account takeover – Gartner
AI agents are becoming increasingly popular with hackers for exploiting online accounts. By 2027, they will reduce the time to take over an account by 50%.
Read more about Hackers using AI agents more often for account takeover – Gartner
Millions of Android TV boxes disconnected from hackers, but the risk remains
A record five million devices, mostly Android TV boxes, are running malware that can no longer call back to hackers after authorities cut off their controllers. However, the devices are still dangerous, and owners should replace them.
Read more about Millions of Android TV boxes disconnected from hackers, but the risk remains
Card collectors' secrets spilled in massive Collectibles.com leak
Collectibles.com, a collectible cards marketplace, has leaked sensitive details of nearly 900K customers, exposing clients’ card listings, transaction records, full names, and other sensitive information.
Read more about Card collectors' secrets spilled in massive Collectibles.com leak
Fraudulent Android apps displaying intrusive ads downloaded 60 million times on Google Play
Hundreds of Android apps are showing out-of-context ads and trying to persuade users to give away their credentials.
Read more about Fraudulent Android apps displaying intrusive ads downloaded 60 million times on Google Play
Major US teacher's union breach exposed 500k members' to hackers
Over 500,000 members of Pennsylvania's major teacher's union had sensitive personal and financial data stolen in a cyberattack, despite PSEA reassurances.
Read more about Major US teacher's union breach exposed 500k members' to hackers
Hackers hide malware in link files, but Microsoft refuses to fix the flaw
State-sponsored hackers from North Korea, Iran, Russia, and China are crafting malicious links that compromise governments, military, and other critical organizations, leading to espionage and data theft. Yet, Microsoft declined to address the vulnerability with a security patch, Trend Micro has said in a report.
Read more about Hackers hide malware in link files, but Microsoft refuses to fix the flaw
“Pay me or I tell Snowden:” are cybercriminals getting more desperate?
Desperation or creativity – how low are ransomware gangs ready to go to get paid? One gang has threatened to contact Edward Snowden if its victim doesn’t pay a ransom.
Read more about “Pay me or I tell Snowden:” are cybercriminals getting more desperate?
Over 320K Medicare applications exposed, revealing patients’ health data
Insurance brokerage firm Oberlin Marketing has left an open bucket leaking hundreds of thousands of sensitive documents, including customer health condition status and financial info.
Read more about Over 320K Medicare applications exposed, revealing patients’ health data
DeepSeek created Chrome infostealer without hesitation, company remains silent
Adoption of AI tools is soaring, and so are the inevitable safety issues. Researchers have found a new way to break popular AI models to commit crimes.
Read more about DeepSeek created Chrome infostealer without hesitation, company remains silent
New trojan can spy, steal crypto and mask itself to avoid detection
A new Windows remote access trojan (RAT), dubbed StilachiRAT, uses sophisticated techniques to avoid detection and can do tasks from reconnaissance to cryptocurrency theft.
Read more about New trojan can spy, steal crypto and mask itself to avoid detection
Hackers know half of passwords entered online, Cloudflare finds
People use already compromised passwords 41% of the time when logging into email, streaming services, social networks, or any other online services, Cloudflare’s analysis reveals.
Read more about Hackers know half of passwords entered online, Cloudflare finds
Sperm bank California Cryobank confirms data breach
California Cryobank (CCB), one of the largest reproductive tissue banks in the world, has disclosed a data breach that affected an unknown number of Americans. Law firms are investigating a potential case for class action amid concerns that “biometric data may be compromised.”
Read more about Sperm bank California Cryobank confirms data breach
“Rivals fabricated this” responds Pinduoduo company to an alleged ransomware
An alleged cyber heist may have exposed the data of 700 million Pinduoduo users. The company denies any breach calling it “entirely false.”
Read more about “Rivals fabricated this” responds Pinduoduo company to an alleged ransomware
Hackers claim they’ve breached Orange and have “very detailed” information
Babuk ransomware, a cybercrime ring that targets major enterprises, has posted unverified claims about a massive data breach at Orange, a major telecom.
Read more about Hackers claim they’ve breached Orange and have “very detailed” information
Customers of “China‘s Amazon” had their passwords stolen, hackers say
Jingdong, China‘s largest retailer, has allegedly been targeted by a ransomware cartel. The hackers claim they’ve stolen copious amounts of company data, including customer passwords.
Read more about Customers of “China‘s Amazon” had their passwords stolen, hackers say