Security
Patching one Linux kernel critical exploit spawns another: a third vulnerability in two weeks
A fix for the previous Linux kernel critical exploit has seemingly introduced another critical local privilege escalation exploit, a third in two weeks. Security professionals are now frustrated with disclosures dropping without any embargoes for defenders to prepare.
Read more about Patching one Linux kernel critical exploit spawns another: a third vulnerability in two weeks
British Airways hit by Telegram breach claims involving pilot data
A hacker group claims it breached British Airways’ internal systems, exposing sensitive crew and medical data that researchers warn could expose the airline’s operational data.
Read more about British Airways hit by Telegram breach claims involving pilot data
NGINX is critically vulnerable: hackers can crash servers and run remote code with no authentication
A critical NGINX vulnerability, undiscovered for 18 years, allows hackers to crash servers with ease and even take full control without authentication in some common configurations. Emergency patches for the internet’s most popular web server were released on Wednesday, but working exploits are already public.
Read more about NGINX is critically vulnerable: hackers can crash servers and run remote code with no authentication
Dutch lab failed security standards before hackers stole 850,000 cancer patients’ data
Before last year’s cyberattack, Clinical Diagnostics didn’t meet the legally required information security standards for the healthcare sector. Skipping audits was one of the many major flaws the lab oversaw.
Read more about Dutch lab failed security standards before hackers stole 850,000 cancer patients’ data
OpenAI confirms two devices compromised in TanStack supply-chain attack
OpenAI has found no evidence that its user data was accessed after a security issue involving a supply-chain attack on TanStack npm, an open-source library.
Read more about OpenAI confirms two devices compromised in TanStack supply-chain attack
Best Western parent company says hackers spent 6 months inside hotel systems, exposing guest data
BWH Hotels – parent company of WorldHotels, Best Western, and the SureStays hotel brands is notifying guests that its reservations systems were hacked last October, warning their personal data may have been exposed for months.
Read more about Best Western parent company says hackers spent 6 months inside hotel systems, exposing guest data
European defense tech giant Thales confirms data breach
A dataset tied to NATO-linked defense giant Thales Group has surfaced on a cybercrime forum, raising fresh concerns that sensitive identity infrastructure used across European governments may be exposed. he company has confirmed the third-party data breach.
Read more about European defense tech giant Thales confirms data breach
Hacker buys baby monitor on Amazon, finds mother of all security flaws
A security researcher has uncovered a sweeping set of flaws in baby monitors, many of which use white-label tech stacks from China and are then rebranded and sold to new parents on channels such as Amazon.
Read more about Hacker buys baby monitor on Amazon, finds mother of all security flaws
Wiping 96 US government databases after being fired may cost ex-hackers two decades in prison
Sohaib Akhter, together with his twin brother Muneeb, deleted nearly 100 US government databases after being fired from a government contractor.
Read more about Wiping 96 US government databases after being fired may cost ex-hackers two decades in prison
Vengeful researcher drops Microsoft zero-days for a third time: “It will never stop”
A skilled security researcher who went rogue after claiming Microsoft left him “homeless with nothing” has released a third wave of Windows zero-day vulnerabilities, timing the drop just after Patch Tuesday. The “most insane” exploit bypasses BitLocker encryption, while the other zero-day escalates any user to SYSTEM privileges.
Read more about Vengeful researcher drops Microsoft zero-days for a third time: “It will never stop”
Here’s why Odido didn’t pay a ransom in the recent cyberattack, CEO explains
Søren Abildgaard, the CEO of Odido, has posted several videos online explaining exactly what happened when the telecom provider was attacked by ShinyHunters and why the company decided not to pay its attackers.
Read more about Here’s why Odido didn’t pay a ransom in the recent cyberattack, CEO explains
Skoda issues data breach alert for its online shop: hackers accessed customer information
Car manufacturer Skoda has experienced a data breach that may have exposed customers’ personal information.
Read more about Skoda issues data breach alert for its online shop: hackers accessed customer information
Google Cloud developers going bankrupt over Gemini API key abuse: hard spending caps now available
Developers and startup founders on social media are sharing stories of being hit with devastating Google Cloud charges totaling dozens of thousands of dollars due to unauthorized Gemini API usage.
Read more about Google Cloud developers going bankrupt over Gemini API key abuse: hard spending caps now available
BBVA haunted by fresh leak claims as customer banking data resurfaces online
An alleged BBVA leak is haunting Mexico again, with hackers posting customers’ data for sale.
Read more about BBVA haunted by fresh leak claims as customer banking data resurfaces online
How lithium batteries go up in flames
Lithium batteries are all around us, but did you know that charging them can pose a fire risk?
Read more about How lithium batteries go up in flames
1.2M messaging app profiles leaked online: Were you impacted?
Our researchers have found that Tokee, a video and text messaging app, has leaked users' records, including names and phone numbers.
Read more about 1.2M messaging app profiles leaked online: Were you impacted?
Hackers claim 11M files from major Apple and Nvidia partner days after Wisconsin plant suffers “IT outage”
Foxconn, one of the world’s leading electronics makers, has been listed on a dark web blog, with attackers allegedly posting component details for Google and Intel products.
Read more about Hackers claim 11M files from major Apple and Nvidia partner days after Wisconsin plant suffers “IT outage”
Hundreds of open-source packages, including TanStack and Mistral, compromised in fresh wave of supply chain attacks
Hundreds of malicious packages are being flagged in NPM and PYPI repositories, including those from TanStack and Mistral, which are hugely popular. A broad hacking campaign is targeting millions of developers: malware steals credentials and wipes all data when it’s done.
Read more about Hundreds of open-source packages, including TanStack and Mistral, compromised in fresh wave of supply chain attacks
Google Drive loophole lets blocked malware reach Gmail, puts billions at risk
New research has revealed that “Scanned by Gmail” is no longer a guarantee. Researchers discovered a structural flaw that allows malicious files to bypass Google’s native security controls.
Read more about Google Drive loophole lets blocked malware reach Gmail, puts billions at risk
London glasshole films woman, demands money: here’s how to protect yourself
A Londoner says she was secretly filmed by a man wearing smart glasses, who then asked for money to remove the video from social media. Experts aren’t surprised and warn that it’s not just privacy at stake: in the age of AI, these accessories can become powerful surveillance devices.
Read more about London glasshole films woman, demands money: here’s how to protect yourself
