Security
Website owners report surge in malicious bots impersonating Googlebot, sparking call to check IPs
Administrators are noticing an influx of malicious bot requests impersonating Googlebot and other legitimate crawlers, attempting to slip past website defenses. Google offers IP verification tools to help its crawlers be identified.
Read more about Website owners report surge in malicious bots impersonating Googlebot, sparking call to check IPs
Hackers claiming leak of 310 million Temu accounts: here's what we know
An alleged 310 million Temu user records have been put up for sale on a cybercrime forum. While the leaked samples appear recent, researchers say the scale of the alleged breach remains impossible to verify.
Read more about Hackers claiming leak of 310 million Temu accounts: here's what we know
Hackers claim 110M Notion records exposed, but the company’s AI assistant is not concerned
A hacker has claimed responsibility for a massive breach of Notion – a productivity platform used by Nvidia and OpenAI – exposing 110 million user records. However, the company’s AI assistant, which responded to our journalists, does not seem to be bothered.
Read more about Hackers claim 110M Notion records exposed, but the company’s AI assistant is not concerned
Russian state hackers stealing new Signal accounts with old backup keys, FBI warns
Signal’s Secure Backup key, once stolen, can unlock new accounts, and Russian state hackers are already abusing it in a global wave of phishing attacks, the US cyber authorities warn.
Read more about Russian state hackers stealing new Signal accounts with old backup keys, FBI warns
UK data watchdog fines consultancy firm £300K for flooding people with millions of illegal texts
The Information Commissioner’s Office (ICO) has issued a fine of £300,000 to a Manchester-based consultancy firm for sending millions of unlawful text messages to people in debt. They included fake bailiff threats designed to pressure and intimidate recipients.
Read more about UK data watchdog fines consultancy firm £300K for flooding people with millions of illegal texts
Microsoft reveals phishing campaign targeting hotels in Europe and Asia
An unknown threat actor has launched a convincing phishing campaign aimed at tricking hotel employees into installing malware via fake photo attachments.
Read more about Microsoft reveals phishing campaign targeting hotels in Europe and Asia
Apple supplier locks down systems after alleged Apple files appear on dark web
An Apple supplier at the heart of the company's push to move iPhone production out of China has locked down its internal systems after a ransomware group leaked thousands of confidential files allegedly linked to Apple, Tesla, TSMC and Qualcomm. The breach has triggered a forensic investigation and prompted Apple's security team to step in, according to sources.
Read more about Apple supplier locks down systems after alleged Apple files appear on dark web
France statistics agency Insee confirms cyberattack on staff data
France's national statistics department Insee said a cyberattack had led to a breach of personal data from its directory, affecting about 12,800 current and former staff and members of Insee-related civil service corps.
Read more about France statistics agency Insee confirms cyberattack on staff data
Polymarket hit by $3M cyberattack via third-party dependency, promises full refunds
Polymarket has been targeted by hackers exploiting a third-party dependency. Some users report being hacked, and blockchain analysts flagged $3 million outflows from the company. Polymarket has reassured all impacted users that they will be refunded in full.
Read more about Polymarket hit by $3M cyberattack via third-party dependency, promises full refunds
Someone hacked Johnson & Johnson's internal systems to teach it a lesson
A simple vulnerability can give access to highly confidential corporate data.
Read more about Someone hacked Johnson & Johnson's internal systems to teach it a lesson
Alibaba is suing US government for branding it a “Chinese military company”
Alibaba has filed a lawsuit against the US Department of Defense, seeking to overturn its designation as a "Chinese military company" after the Pentagon blacklisted the tech giant over alleged military ties that Alibaba says simply do not exist.
Read more about Alibaba is suing US government for branding it a “Chinese military company”
NAIC confirms breach as ShinyHunters dumps 3.1TB tied to national insurance systems
The National Association of Insurance Commissioners (NAIC) on Thursday confirmed data was stolen during a recent Oracle zero-day attack earlier this month – all as the notorious ShinyHunters dumps a 3.1TB cache it says is tied to the regulatory body's systems used across the US insurance industry.
Read more about NAIC confirms breach as ShinyHunters dumps 3.1TB tied to national insurance systems
What happens when hackers steal AI? US lawmakers push new reporting rules
A Texas lawmaker on Thursday has proposed new AI incident reporting rules that would require AI companies such as Anthropic and OpenAI to report critical security incidents – as well as dangerous model behaviour – to Washington within seven days.
Read more about What happens when hackers steal AI? US lawmakers push new reporting rules
Ubiquiti UniFi OS devices targeted: CISA orders the patching of critical bugs
Having network access is all it takes for an attacker to access files, run arbitrary commands, and completely compromise a wide range of unpatched UniFi OS systems, including routers, firewalls, gateways, network video recorders, corporate software, and others. CISA warns that attackers are already exploiting critical bugs.
Read more about Ubiquiti UniFi OS devices targeted: CISA orders the patching of critical bugs
UK Scouts launch AI badges while US Girl Scouts use Google-backed programmes
While national governments and tech giants search for ways to regulate teen activity online, some groups are taking matters into their own hands. For example, Scouts are now introducing new badges on artificial intelligence, digital communication, and online safety.
Read more about UK Scouts launch AI badges while US Girl Scouts use Google-backed programmes
Microsoft: 2 ransomware groups hit SharePoint in parallel attacks
A Microsoft investigation into a ransomware case found that 2 different attackers operated simultaneously, demonstrating that modern attacks are not always isolated events and require different responses. The activity was linked to on-premises SharePoint servers that were targeted through known vulnerabilities.
Read more about Microsoft: 2 ransomware groups hit SharePoint in parallel attacks
Snyk slashes jobs and races to reinvent itself to keep up with AI
Cybersecurity unicorn Snyk has announced a 4th round of layoffs, shedding 90 employees in Israel and worldwide. The company is reorganizing to “move faster” with AI, at a time when Claude Code might be nibbling at its lunch.
Read more about Snyk slashes jobs and races to reinvent itself to keep up with AI
27 million passwords seized as Microsoft and EU authorities knock down malware infrastructure
Authorities have knocked out 3 of the cybercrime world's favorite malware tools used to launch ransomware attacks, seizing 27 million stolen passwords in the process.
Read more about 27 million passwords seized as Microsoft and EU authorities knock down malware infrastructure
OpenAI expands Daybreak – but experts warn it may find bugs faster than defenders can fix them
OpenAI on Tuesday announced the expansion of its AI-powered cybersecurity initiative, Daybreak – but experts are now warning Cybernews that fixing software flaws before hackers can exploit them may become the industry's biggest challenge.
Read more about OpenAI expands Daybreak – but experts warn it may find bugs faster than defenders can fix them
Hacker employs Claude to breach booking firms, leaves millions of records publicly accessible
A Russian hacker utilized HexStrike AI, combined with Anthropic's Claude, to steal data from numerous companies in the accommodation sector, our research team has found.
Read more about Hacker employs Claude to breach booking firms, leaves millions of records publicly accessible
