Security
California county sues Meta, alleges it made $7bn from scam ads and even tweaked them
California's Santa Clara County has sued Meta Platforms, alleging that it profited from Facebook and Instagram ads promoting scams. That’s a violation of California's false advertising and unfair business practices laws.
Read more about California county sues Meta, alleges it made $7bn from scam ads and even tweaked them
UK water firm fined £1M after running Windows Server 2003
The Information Commissioner’s Office (ICO) has imposed a fine of £963,900 on South Staffordshire Water and its parent company after the personal data of 633,887 people was extracted and published on the dark web following a cyberattack.
Read more about UK water firm fined £1M after running Windows Server 2003
Chinese firm seeks $8bn from the Netherlands over intervention at chip maker Nexperia
Chinese technology company Wingtech is demanding $8 billion in damages from the Netherlands due to its intervention at chip manufacturer Nexperia.
Read more about Chinese firm seeks $8bn from the Netherlands over intervention at chip maker Nexperia
We investigated the Vodafone data leak: Here is what hackers claim they stole
Lapsus$ has claimed responsibility for a dump of Vodafone’s internal source code, exposing what researchers say could be a blueprint for the telecom giant’s backend infrastructure.
Read more about We investigated the Vodafone data leak: Here is what hackers claim they stole
China-linked New York robotics firm issues fix after hacker remotely hijacks thousands of lawn mowers
A US-based robotics firm with ties to China has rushed out security fixes after an ethical hacker revealed that thousands of its internet connected robotic lawnmowers could be hijacked remotely using the same built-in administrator password.
Read more about China-linked New York robotics firm issues fix after hacker remotely hijacks thousands of lawn mowers
Millions of Android users tricked into paying for fake call logs
App creators will offer basically anything these days, even if most claims appear too good to be true. Unfortunately, an army of Android users took the bait, paying for apps that sold access to call histories for any phone number. Over 7 million downloads later, it’s now official – it was all fake.
Read more about Millions of Android users tricked into paying for fake call logs
AI investment fraudsters spawn 15,500 scam sites abusing legitimate marketing tool
A massive investment scam campaign involves thousands of websites and a common trait: fraudsters abuse a legitimate advertising performance tracking tool to profile victims, direct them to targeted scams, while showing benign content to security researchers and tools.
Read more about AI investment fraudsters spawn 15,500 scam sites abusing legitimate marketing tool
ShinyHunters leaks Cushman & Wakefield Salesforce dataset after failed negotiations
ShinyHunters has leaked a massive Salesforce-linked dataset allegedly tied to commercial real estate giant Cushman & Wakefield – claiming ransom negotiations with the company have failed.
Read more about ShinyHunters leaks Cushman & Wakefield Salesforce dataset after failed negotiations
Trellix hackers may have accessed far more than source code, researchers warn
Cybersecurity giant Trellix has been breached, with a ransomware gang leaking screenshots of its internal infrastructure. Researchers say the attackers may have accessed critical VMware, Rubrik, and Dell EMC systems, raising fears that the incident goes far beyond source code exposure.
Read more about Trellix hackers may have accessed far more than source code, researchers warn
Amazon cloud outage disrupts Coinbase and CME trading systems at North Virginia data centre
Amazon's cloud unit reported an outage at one of its data center zones in northern Virginia on Thursday, while derivatives marketplace CME Group and cryptocurrency exchange Coinbase said there were issues with their trading platforms.
Read more about Amazon cloud outage disrupts Coinbase and CME trading systems at North Virginia data centre
Two critical Linux kernel exploits dropped with no patches available
Unprivileged users on a Linux system can gain root privileges in seconds using two recently disclosed critical kernel exploits, with no patches available. The multiplying kernel exploits put most cloud infrastructure at risk. Until patches arrive, security researchers warn users to be extra careful when installing new software or updating packages.
Read more about Two critical Linux kernel exploits dropped with no patches available
What ceasefire? Iranian hacking group Handala leaks data of thousands of US Marines
Stryker devices wiped, the email of the FBI boss Kash Patel breached, and now, personal details of thousands of US Marines leaked. The Iranian hacking group Handala clearly doesn’t care about any ceasefire between the US and Iran, as fragile as the agreement is.
Read more about What ceasefire? Iranian hacking group Handala leaks data of thousands of US Marines
Anthropic releases fix for severe Claude Chrome extension flaw – researcher hacks patch in 3 hours
Anthropic has released only a partial fix for a flaw in Claude Code's Chrome extension – allowing any browser extension to hijack the AI assistant and act as the user – and researchers say they hacked the patch in just 3 hours.
Read more about Anthropic releases fix for severe Claude Chrome extension flaw – researcher hacks patch in 3 hours
Critical PAN-OS zero-day vulnerability exploited in the wild, with no patches available
Palo Alto Networks warns that its widely deployed firewalls are under attack with hackers exploiting a critical zero-day vulnerability. Unauthenticated attackers can achieve remote code execution with root privileges, and no patches are yet available.
Read more about Critical PAN-OS zero-day vulnerability exploited in the wild, with no patches available
Hogwarts for Russian hackers: where GRU turns students into state-sponsored threat actors
Documents obtained by investigative journalists describe how the GRU, Russia’s military intelligence agency, is training students in hacking attacks and disinformation tactics at Bauman Moscow State Technical University. Yep, that’s where Sandworm and Fancy Bear get fresh talent from.
Read more about Hogwarts for Russian hackers: where GRU turns students into state-sponsored threat actors
Hackers claim 500K Coinbase France users exposed as researchers warn leak offers phsihing campaign "starter pack"
A threat actor is advertising what they claim to be a dataset of 500,000 French crypto users, stolen from Coinbase.
Read more about Hackers claim 500K Coinbase France users exposed as researchers warn leak offers phsihing campaign "starter pack"
Harvard, Oxford, and MIT named as hackers drop full Canvas breach victim list
Hackers have published a massive list naming Harvard, Oxford, and MIT among thousands of educational institutions allegedly caught in the expanding Canvas data breach.
Read more about Harvard, Oxford, and MIT named as hackers drop full Canvas breach victim list
Critical vulnerability affects Ollama: 300,000 servers exposed to attackers
Ollama accepts requests without authentication, and 300,000 servers are sitting ducks. A new critical vulnerability allows hackers to leak server memory storing API keys, environment variables, system prompts, and users’ conversation data.
Read more about Critical vulnerability affects Ollama: 300,000 servers exposed to attackers
Trump admin’s about-face on AI safety alarms US techies but is a win for national security
With Donald Trump, you can never be sure he won’t change his mind – or be talked into doing so – in basically a minute. Still, the White House’s apparent shift in AI policy approach is causing waves in the tech industry.
Read more about Trump admin’s about-face on AI safety alarms US techies but is a win for national security
US Army contractor leaks military base photos, personnel information for over a year
A US government contractor providing facility management solutions to the US Army leaked sensitive information from military installations.
Read more about US Army contractor leaks military base photos, personnel information for over a year
