Security
I wanted to keep my TP-Link router but security pros roasted me
Like most Americans, I have a TP-Link router at home and am contemplating what to do with it. The company is under scrutiny for potential backdoors, and authorities are considering it as the next potential target for a ban. Is replacing the TP-Link router really the only option?
Read more about I wanted to keep my TP-Link router but security pros roasted me
Cutbacks bite back as hackers play with Musk's DOGE site
Musk’s DOGE efforts to lower federal expenses may be a victim of its own quest for efficiency, with lax cybersecurity practices allowing anyone to access the government’s newly created website.
Read more about Cutbacks bite back as hackers play with Musk's DOGE site
Russian hackers launch new attack vector: joining a meeting can compromise your account
Russian threat actors have launched another successful hacking campaign. Targeted users receive fake meeting invitations to WhatsApp, Signal, or Teams and allow attackers into their accounts when attempting to log in.
Read more about Russian hackers launch new attack vector: joining a meeting can compromise your account
Russian-backed Seashell Blizzard relies on "BadPilot" subgroup for initial exploits, researchers say
Microsoft researchers uncover the “BadPilot campaign,” a threat subgroup working behind the scenes to support the Krelmin-backed hacking cartel Seashell Blizzard, responsible for years of persistent attacks on high-value targets worldwide.
Read more about Russian-backed Seashell Blizzard relies on "BadPilot" subgroup for initial exploits, researchers say
Unguarded database spills 440M personal records
An exposed instance with an unknown owner has revealed copious amounts of records from multiple Middle Eastern nations.
Read more about Unguarded database spills 440M personal records
Researchers get $10K for disclosure of YouTube flaw that exposed billions of user emails
There were no truly private accounts on YouTube until recently. Security researchers demonstrated that any email behind an account could be pulled from Google using a relatively simple exploit. Google has patched the flaw and awarded researchers a $10,633 bounty.
Read more about Researchers get $10K for disclosure of YouTube flaw that exposed billions of user emails
International travelers targeted in immigration-themed phishing campaign
A sophisticated phishing campaign that first targeted travelers heading to Singapore has expanded to exploit those traveling to other nations, including the United Kingdom and Malaysia.
Read more about International travelers targeted in immigration-themed phishing campaign
Heartbreak hackers: Valentine’s day scams on the rise
With a love rush ahead, Valentine’s Day brings more than just romance. Cybersecurity experts are warning about a rise in phishing scams.
Read more about Heartbreak hackers: Valentine’s day scams on the rise
North Korean hackers Kimsuky exploiting the oldest critical vulnerability – the user
North Korean hackers have joined the cyberattack bandwagon, asking users to copy and paste malicious code into PowerShell.
Read more about North Korean hackers Kimsuky exploiting the oldest critical vulnerability – the user
Warning: fake Etsy invoices sent via legitimate domains
Emails with fake invoices are using a legitimate Etsy domain, making it more difficult to detect scams.
Read more about Warning: fake Etsy invoices sent via legitimate domains
Fewer than one in three Chrome users have ‘Enhanced Security’ enabled
Google said that over a billion Chrome users are using Enhanced Protection mode, which provides real-time AI-powered protection against dangerous online content. However, this means that almost 2.5 billion other Chrome users haven't enabled the feature.
Read more about Fewer than one in three Chrome users have ‘Enhanced Security’ enabled
CISA, experts urging users to patch new Windows zero-days: “test and deploy quickly”
The US Cybersecurity and Security Infrastructure Agency (CISA) has warned that two recently disclosed Microsoft zero-day vulnerabilities are being actively exploited by threat actors and urges users to patch them.
Read more about CISA, experts urging users to patch new Windows zero-days: “test and deploy quickly”
Building a website with AI? Here are the hidden risks you should be aware of
AI-written code enhances productivity, but its benefits also come with risks.
Read more about Building a website with AI? Here are the hidden risks you should be aware of
Millions exposed as 14M shipping records accidentally leaked
Hipshipper, an international shipping platform used by eBay, Shopify and Amazon sellers, has exposed millions of shipping labels, revealing personal customer data.
Read more about Millions exposed as 14M shipping records accidentally leaked
Weak encryption and privacy risks found in DeepSeek’s Android app
Just days after security flaws were found in the DeepSeek iOS app, another research team has discovered similar issues in the company’s Android app.
Read more about Weak encryption and privacy risks found in DeepSeek’s Android app
OpChildSafety: when parents fight back against predators
Throughout messages, individuals made a girl feel like she owed them – it was how they controlled her while offering friendship. This, in turn, caused her to lie when questioned about the messages.
Read more about OpChildSafety: when parents fight back against predators
Russia disappearing from the internet: cloaking digital presence brings strategic cyberwarfare advantage
Russia is rapidly isolating its internet-connected infrastructure from the outside world. In less than a half year, over two-thirds of previously discoverable services and devices have vanished behind the ‘Great Firewall.’
Read more about Russia disappearing from the internet: cloaking digital presence brings strategic cyberwarfare advantage
Over 2 million IPs bombard edge network devices in ongoing brute force login attack
The Shadowserver Foundation is warning of an alarming surge in brute force login attacks targeting web logins for multiple network devices, especially Palo Alto Networks, Invanti, and SonicWall.
Read more about Over 2 million IPs bombard edge network devices in ongoing brute force login attack