Security

I wanted to keep my TP-Link router but security pros roasted me

Like most Americans, I have a TP-Link router at home and am contemplating what to do with it. The company is under scrutiny for potential backdoors, and authorities are considering it as the next potential target for a ban. Is replacing the TP-Link router really the only option?
Read more about I wanted to keep my TP-Link router but security pros roasted me

Cutbacks bite back as hackers play with Musk's DOGE site

Musk’s DOGE efforts to lower federal expenses may be a victim of its own quest for efficiency, with lax cybersecurity practices allowing anyone to access the government’s newly created website.
Read more about Cutbacks bite back as hackers play with Musk's DOGE site

Russian hackers launch new attack vector: joining a meeting can compromise your account

Russian threat actors have launched another successful hacking campaign. Targeted users receive fake meeting invitations to WhatsApp, Signal, or Teams and allow attackers into their accounts when attempting to log in.
Read more about Russian hackers launch new attack vector: joining a meeting can compromise your account

Russian-backed Seashell Blizzard relies on "BadPilot" subgroup for initial exploits, researchers say

Microsoft researchers uncover the “BadPilot campaign,” a threat subgroup working behind the scenes to support the Krelmin-backed hacking cartel Seashell Blizzard, responsible for years of persistent attacks on high-value targets worldwide.
Read more about Russian-backed Seashell Blizzard relies on "BadPilot" subgroup for initial exploits, researchers say

Unguarded database spills 440M personal records

An exposed instance with an unknown owner has revealed copious amounts of records from multiple Middle Eastern nations.
Read more about Unguarded database spills 440M personal records

Researchers get $10K for disclosure of YouTube flaw that exposed billions of user emails

There were no truly private accounts on YouTube until recently. Security researchers demonstrated that any email behind an account could be pulled from Google using a relatively simple exploit. Google has patched the flaw and awarded researchers a $10,633 bounty.
Read more about Researchers get $10K for disclosure of YouTube flaw that exposed billions of user emails

International travelers targeted in immigration-themed phishing campaign

A sophisticated phishing campaign that first targeted travelers heading to Singapore has expanded to exploit those traveling to other nations, including the United Kingdom and Malaysia.
Read more about International travelers targeted in immigration-themed phishing campaign

Heartbreak hackers: Valentine’s day scams on the rise

With a love rush ahead, Valentine’s Day brings more than just romance. Cybersecurity experts are warning about a rise in phishing scams.
Read more about Heartbreak hackers: Valentine’s day scams on the rise

North Korean hackers Kimsuky exploiting the oldest critical vulnerability – the user

North Korean hackers have joined the cyberattack bandwagon, asking users to copy and paste malicious code into PowerShell.
Read more about North Korean hackers Kimsuky exploiting the oldest critical vulnerability – the user

Warning: fake Etsy invoices sent via legitimate domains

Emails with fake invoices are using a legitimate Etsy domain, making it more difficult to detect scams.
Read more about Warning: fake Etsy invoices sent via legitimate domains

Fewer than one in three Chrome users have ‘Enhanced Security’ enabled

Google said that over a billion Chrome users are using Enhanced Protection mode, which provides real-time AI-powered protection against dangerous online content. However, this means that almost 2.5 billion other Chrome users haven't enabled the feature.
Read more about Fewer than one in three Chrome users have ‘Enhanced Security’ enabled

CISA, experts urging users to patch new Windows zero-days: “test and deploy quickly”

The US Cybersecurity and Security Infrastructure Agency (CISA) has warned that two recently disclosed Microsoft zero-day vulnerabilities are being actively exploited by threat actors and urges users to patch them.
Read more about CISA, experts urging users to patch new Windows zero-days: “test and deploy quickly”

Building a website with AI? Here are the hidden risks you should be aware of

AI-written code enhances productivity, but its benefits also come with risks.
Read more about Building a website with AI? Here are the hidden risks you should be aware of

Millions exposed as 14M shipping records accidentally leaked

Hipshipper, an international shipping platform used by eBay, Shopify and Amazon sellers, has exposed millions of shipping labels, revealing personal customer data.
Read more about Millions exposed as 14M shipping records accidentally leaked

Weak encryption and privacy risks found in DeepSeek’s Android app

Just days after security flaws were found in the DeepSeek iOS app, another research team has discovered similar issues in the company’s Android app.
Read more about Weak encryption and privacy risks found in DeepSeek’s Android app

OpChildSafety: when parents fight back against predators

Throughout messages, individuals made a girl feel like she owed them – it was how they controlled her while offering friendship. This, in turn, caused her to lie when questioned about the messages.
Read more about OpChildSafety: when parents fight back against predators

Russia disappearing from the internet: cloaking digital presence brings strategic cyberwarfare advantage

Russia is rapidly isolating its internet-connected infrastructure from the outside world. In less than a half year, over two-thirds of previously discoverable services and devices have vanished behind the ‘Great Firewall.’
Read more about Russia disappearing from the internet: cloaking digital presence brings strategic cyberwarfare advantage

Over 2 million IPs bombard edge network devices in ongoing brute force login attack

The Shadowserver Foundation is warning of an alarming surge in brute force login attacks targeting web logins for multiple network devices, especially Palo Alto Networks, Invanti, and SonicWall.
Read more about Over 2 million IPs bombard edge network devices in ongoing brute force login attack