Security
Google’s crackdown on bad developers: 2M apps banned from Play Store
Google barred 2.36 million Android apps from entering the Google Play store and prevented an additional 1.3 million apps from gaining excessive access to sensitive user data in 2024. Google also banned more than 158,000 bad developer accounts.
Read more about Google’s crackdown on bad developers: 2M apps banned from Play Store
Dangerous mistake: major US broadcaster exposed 1M sensitive files to public
Valley News Live, a subsidiary of America’s third-largest media network, exposed millions of resumes with personal data, ranging from home addresses to educational backgrounds.
Read more about Dangerous mistake: major US broadcaster exposed 1M sensitive files to public
Hackers leverage Google’s phone number, subdomains to attack victims
Scammers managed to call a victim using Google’s phone number, which is listed on the official support website, and then send an email from an official subdomain. It's unclear how threat actors might have abused Google’s features.
Read more about Hackers leverage Google’s phone number, subdomains to attack victims
LockBit‘s empire crumbles in the great ransomware reshuffle of 2024
While others can only guess what the latest ransomware trends are, Cybernews knows the full picture. Our research team took a deep dive into what our Ransomlooker tool said about key ransomware trends in 2024.
Read more about LockBit‘s empire crumbles in the great ransomware reshuffle of 2024
Hackers fail at turning AI into a powerful weapon, but scammers are happy
Hackers are already using AI models to be more productive when researching, troubleshooting code, creating, and localizing content, Google Threat Intelligence Group (GTIG) warns. While attempts are often unoriginal and unsuccessful, new models and agentic systems pop up every day.
Read more about Hackers fail at turning AI into a powerful weapon, but scammers are happy
Critical vulnerability plagued AI development platform Lightning AI
Popular AI development platform Lightning AI fixed a critical remote code execution vulnerability. Due to improper user input handling, attackers could run commands with root privileges.
Read more about Critical vulnerability plagued AI development platform Lightning AI
Unprotected AI service streams private Slack messages for 30 bucks a month
Struct Chat, a $29.95 per month AI-powered Slack tool, organizes and summarizes threads, answers questions, generates newsletters and exposes its users’ private data and communications.
Read more about Unprotected AI service streams private Slack messages for 30 bucks a month
ENGlobal energy corp says hackers accessed personal data in Nov breach
US-based energy infrastructure solutions company ENGlobal revealed on Tuesday that the attackers who breached the company last November were able to access sensitive personal information from its network servers.
Read more about ENGlobal energy corp says hackers accessed personal data in Nov breach
96% of S&P 500 companies had data breaches – report
Only 6% of S&P 500 companies scored an A for their cybersecurity, a new report by Cybernews shows.
Read more about 96% of S&P 500 companies had data breaches – report
Daytrip data leak reveals detailed travel data, VIP members
A subcontractor mistake has put the intercity travel platform Daytrip in a hot spot. An exposed database revealed hundreds of thousands of customer records and travel orders.
Read more about Daytrip data leak reveals detailed travel data, VIP members
Apple patches actively exploited zero-day affecting iPhones and other devices
Hackers are attacking iPhone users by exploiting a recently discovered security flaw that enables malicious apps to elevate privileges. Apple has released security updates addressing this zero-day among other vulnerabilities.
Read more about Apple patches actively exploited zero-day affecting iPhones and other devices
BASHE ransomware gang claims ICICI bank, leaves three days to pay the ransom
Hackers from the BASHE ransomware gang, also known as APT73, have added ICICI Bank, a major financial institution in India, to their victim site on the dark web and left three days to pay the ransom. The cybersecurity incident is not officially confirmed.
Read more about BASHE ransomware gang claims ICICI bank, leaves three days to pay the ransom
New crypto mining worm linked to global campaign
Tangerine Turkey is a visual basic script (VBS) worm that spreads via USB drives and deploys crypto mining malware to generate cryptocurrency for attackers.
Read more about New crypto mining worm linked to global campaign
Hackers evading email spam filters using hidden text, Cisco Talos alerts
There’s yet another reason to view email messages in plain text format instead of HTML. Hackers are increasingly ‘salting’ scam emails with text invisible to human readers, which deceives security systems.
Read more about Hackers evading email spam filters using hidden text, Cisco Talos alerts
FTC issues warning about dangerous deliveries: free gifts that contain identity theft
The Federal Trade Commission (FTC) has warned Americans about a dangerous new scam: mysterious ‘gifts’ arriving at doorsteps containing malicious QR codes. This makes old brushing schemes more sophisticated.
Read more about FTC issues warning about dangerous deliveries: free gifts that contain identity theft
DoD defense contractor Stark AeroSpace potentially breached by INC ransomware
Stark Aerospace, a US-based missile systems and aerial weapons manufacturer contracted with the US Military and the Department of Defense, has been claimed by the INC ransom group.
Read more about DoD defense contractor Stark AeroSpace potentially breached by INC ransomware
Scammers really like to impersonate Microsoft
If you get a phishing email impersonating a known brand, it will most likely masquerade as Microsoft.
Read more about Scammers really like to impersonate Microsoft
Network security firm SonicWall warns about critical vulnerability affecting its gateways
SonicWall, a network security solutions provider, alerts users about a critical 9.8 out of 10 vulnerability affecting its widely used unified, secure access gateways from the SMA 1000 series. Hackers are already exploiting the flaw.
Read more about Network security firm SonicWall warns about critical vulnerability affecting its gateways
Entire Georgian country population exposed in a massive data leak
A ghost database containing millions of records on Georgian citizens appeared in the cloud and then mysteriously vanished. The concerning leak potentially leaves sensitive personal data vulnerable to malicious actors.
Read more about Entire Georgian country population exposed in a massive data leak
Stealthy Chinese hackers target VPN users via infected installer
China-aligned attackers known for cyber espionage have launched a supply-chain attack targeting IPany VPN.
Read more about Stealthy Chinese hackers target VPN users via infected installer
