Security
Google urges Android users to update their phones to combat takeover flaw
Google is urging Android users to update now after discovering a critical flaw that could allow attackers to compromise their devices without needing extra permissions or user interaction.
Read more about Google urges Android users to update their phones to combat takeover flaw
China-linked APT group attacking government entities in South America and Europe
A sophisticated China-linked advanced persistent threat (APT) group has been targeting government entities in South America since at least late 2024 and in Southeastern Europe since 2025, according to researchers.
Read more about China-linked APT group attacking government entities in South America and Europe
Germany’s .de domains just disappeared from the internet due to DNS outage
Millions of German websites went dark, and apps stopped working on Tuesday night as Germany’s top-level domain (TLD) .de became unreachable.
Read more about Germany’s .de domains just disappeared from the internet due to DNS outage
Guy finds Google Chrome is quietly installing a 4GB AI model on our devices
Google Chrome is silently installing a 4GB AI model on each of our devices without consent, says Alexander Hanff, a prominent computer scientist and lawyer. According to him, that’s both illegal and extremely costly for the climate.
Read more about Guy finds Google Chrome is quietly installing a 4GB AI model on our devices
Microsoft Edge writes passwords to memory in cleartext: a gift for attackers
Microsoft Edge “by design” decrypts and loads all saved user passwords into memory, where they remain in cleartext throughout the session. This makes credential harvesting easier for attackers, a security researcher warns. However, if a hacker is in a position to read from your memory, the user already has big problems.
Read more about Microsoft Edge writes passwords to memory in cleartext: a gift for attackers
A critical bug in corporate file transfer software lets hackers bypass login entirely
Software developer Progress has issued a warning about a critical security vulnerability in MOVEit Automation that allows an attacker to bypass authentication and gain access to corporate systems.
Read more about A critical bug in corporate file transfer software lets hackers bypass login entirely
Brussels takes aim at Huawei and ZTE to rule out Chinese equipment in network security
The European Commission has recommended that member states exclude Huawei and ZTE network equipment from local telecom operators’ connectivity infrastructure due to security concerns.
Read more about Brussels takes aim at Huawei and ZTE to rule out Chinese equipment in network security
Russian embassy staff kicked out of Austria over rooftop satellite spying network
Months after acknowledging that Russia has been using satellite dishes – strategically placed on top of diplomatic buildings to spy on NATO and Western allies – Austrian authorities finally booted three Russian diplomats out of the self-proclaimed neutral nation.
Read more about Russian embassy staff kicked out of Austria over rooftop satellite spying network
Hackers replace top Google result for Homebrew with sponsored MacOS malware
Clicking the first link in Google search results for Homebrew, a major CLI package manager for macOS, can lead users to a malicious page that installs the MacSync infostealer malware, security researchers at the SANS Internet Storm Center (ISC) warn.
Read more about Hackers replace top Google result for Homebrew with sponsored MacOS malware
Hackers threaten to leak Canvas messages and emails: 275M students at risk?
ShinyHunters has claimed an attack on Canvas, an education platform used by millions worldwide. The attackers are threatening to leak billions of private messages and user records unless their demands are met.
Read more about Hackers threaten to leak Canvas messages and emails: 275M students at risk?
ShinyHunters impersonator claims to have hacked Nvidia’s GeForce Now. Here's what Nvidia told us
A threat actor impersonating the ShinyHunters extortion group claims to be selling “millions of real user records” allegedly stolen from Nvidia’s GeForce Now service. Nvidia explains the breach only affects its partner in Armenia.
Read more about ShinyHunters impersonator claims to have hacked Nvidia’s GeForce Now. Here's what Nvidia told us
US weighs cutting cyber fix deadlines to 3 days as AI speeds up cyberattacks
US cyber officials are weighing a major shift – cutting patch deadlines to just 3 days as AI tools speed up hacking timelines from weeks to hours.
Read more about US weighs cutting cyber fix deadlines to 3 days as AI speeds up cyberattacks
Liberty Mutual ransomware attack exposes thousands of policyholders, hackers claim
US insurance giant Liberty Mutual has been claimed by the Everest ransomware group – allegedly exposing over 100 GB of data, including the personal and financial information of thousands of individual policyholders.
Read more about Liberty Mutual ransomware attack exposes thousands of policyholders, hackers claim
This selfie background editor is a password-stealing trap
A convincing fake “remove your photo background” website is being used to trick people into infecting their own computers, a new threat report by security firm Huntress has uncovered.
Read more about This selfie background editor is a password-stealing trap
Security researcher hacks PS5 to run Linux and Steam games, releases code publicly
Any PlayStation 5 can be turned into a highly capable Linux computer. A public Linux loader has been released by Andy Nguyen, an information security engineer, who exploited a firmware vulnerability. Users are already using it to play Steam or other third-party games, but for the soft-mod to work, the console needs to run an older firmware version.
Read more about Security researcher hacks PS5 to run Linux and Steam games, releases code publicly
One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable
All Linux kernels released after 2017 are vulnerable to critical privilege escalation bugs. A tiny 732-byte exploit grants root privileges across all major Linux distributions, with containerized environments being especially vulnerable. The proof of concept and patches are publicly available.
Read more about One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable
A sneaky cyber enemy is creeping into our browsers and password managers
It is a low-noise, short-lived piece of malicious software, yet it can cause significant damage to its victims.
Read more about A sneaky cyber enemy is creeping into our browsers and password managers
Scammers vibecode server to verify stolen credit cards, leak details of 345K cards
Jerry’s Store, a marketplace for stolen credit cards, left an unprotected server, revealing that carding marketplaces use Amazon, Temu, Lyft, and other legitimate merchants to do their validity checks.
Read more about Scammers vibecode server to verify stolen credit cards, leak details of 345K cards
VECT ransomware is so flawed it can’t even unlock encrypted files, researchers warn
VECT ransomware will provide the keys to its ransomware to anyone willing to deploy it. There’s just one problem: it isn’t even capable of decrypting locked files. Don’t pay the ransom, researchers warn.
Read more about VECT ransomware is so flawed it can’t even unlock encrypted files, researchers warn
One git push from disaster: this fundamental GitHub flaw could’ve compromised the world’s code
Run a single git push command, and get access to millions of repositories on GitHub. This is the critical massive remote code execution flaw uncovered by Wiz security researchers in a nutshell. They warn that 88% of GitHub Enterprise Servers remain unpatched.
Read more about One git push from disaster: this fundamental GitHub flaw could’ve compromised the world’s code
