Security
Hackers weaponize website sign-up forms to bury fraud in victims’ inboxes
Hackers are weaponizing legitimate sign-up forms to flood their victims’ inboxes with hundreds of automated emails. This helps hide the actual attack, such as ordering a new credit card or committing a fraudulent transaction, in the noise.
Read more about Hackers weaponize website sign-up forms to bury fraud in victims’ inboxes
22 million users at risk? Paidwork data allegedly up for sale on hacker forum
A hacker’s post on an underground forum is stirring unease across the gig economy, claiming that millions of Paidwork users who signed up for easy earnings may now have their personal and financial data circulating for sale.
Read more about 22 million users at risk? Paidwork data allegedly up for sale on hacker forum
ICE deploys spyware to track fentanyl, sparking privacy fears
As the war on fentanyl in the US continues, Immigration and Customs Enforcement (ICE) has announced that following its purchase of Israeli-made spyware, it has been able to hack into suspicious WhatsApp chats, even if they’re encrypted.
Read more about ICE deploys spyware to track fentanyl, sparking privacy fears
Controversial, hidden, or upcoming features discovered in leaked Claude Code
Digital sleuths, browsing over 512,000 lines of code leaked from Anthropic’s Claude Code, have uncovered numerous hidden, inactive, or already disabled features. Some of them are quite controversial.
Read more about Controversial, hidden, or upcoming features discovered in leaked Claude Code
Russian hackers are after your WhatsApp and Signal account, UK warns
The National Cyber Security Centre (NCSC) has issued a warning to users of messaging apps such as WhatsApp, Signal, and Messenger to watch for suspicious activity.
Read more about Russian hackers are after your WhatsApp and Signal account, UK warns
AWS cloud operations in Bahrain hit for 2nd time in targeted Iran strike
Iran has now reportedly hit AWS operations in Bahrain for a second time, after the IRGC threatened major US tech companies across the Gulf. Trump is set to address the nation later Wednesday.
Read more about AWS cloud operations in Bahrain hit for 2nd time in targeted Iran strike
Attack on the Dubai airport may have resulted in American passport leak
A hacktivist group claims it quietly infiltrated one of the world’s busiest airports for months, and is now leaking what it found in support of “regional resistance.”
Read more about Attack on the Dubai airport may have resulted in American passport leak
Normie reporter gives face to malware with vibe-coded hash-to-image generator
A huge development in the cybersecurity space – a Cybernews reporter came up with an idea on how to give a face to malware, instead of long, “boring” hashes.
Read more about Normie reporter gives face to malware with vibe-coded hash-to-image generator
North Korean hackers behind axios critical supply chain attack, Google says
It didn’t take long for Google researchers to implicate North Korean hackers in an ongoing compromise of the widely used open-source package, axios. The immediate danger is over, analysts say, but the incident could have far-reaching impacts.
Read more about North Korean hackers behind axios critical supply chain attack, Google says
Time is ticking for Hallmark: hackers threaten to expose 8M records
Shinyhunters has been on fire lately, adding one victim after another. This time, the shadowy hacker group is dangling nearly 8 million Hallmark records on the edge of the internet, giving the US-based corporation just one day to respond.
Read more about Time is ticking for Hallmark: hackers threaten to expose 8M records
GTA V role-play servers neglected security, exposing millions of players’ records
A misconfigured server spilled nearly a million records from Spanish-speaking Grand Theft Auto V role-play communities, potentially revealing gamers' identities.
Read more about GTA V role-play servers neglected security, exposing millions of players’ records
Is cybercrime really worth it? What hackers actually earn on both sides of the law
Rationally, we might assume that hackers will calmly and logically calculate the likelihood of being busted and compare that to the possible rewards for breaking the law when deciding which side of the line they want to operate on. Of course, there are ethical elements to consider too, but in terms of the risk vs reward, the conversation is a difficult one, especially if you happen to live in a country that is outside of the remit of the companies and countries you might be targeting.
Read more about Is cybercrime really worth it? What hackers actually earn on both sides of the law
Everest increases pressure on Nissan, but desperation creeps in
Nissan isn’t willing to pay a ransom to the ransomware gang Everest, so the threat actor is upping the stakes. It has posted new details about the breach on its dark web site, and has even included the negotiation log between the hackers and the company.
Read more about Everest increases pressure on Nissan, but desperation creeps in
Mercor confirms cyberattack as hackers claim 4TB of critical data in possession
AI recruiting startup Mercor has confirmed it was impacted by a supply chain attack via the open-source LiteLLM incident. Meanwhile, a hacker group is claiming access to several terabytes of data, including the company’s source code.
Read more about Mercor confirms cyberattack as hackers claim 4TB of critical data in possession
Hackers hit Cisco: 3M Salesforce records, GitHub repos allegedly stolen
A serious cybersecurity incident is suspected at US tech giant Cisco Systems. ShinyHunters, a notorious criminal hacking and extortion group, claims it has stolen over 3 million Salesforce records containing personal data, GitHub repositories, AWS buckets, and other compromised corporate data.
Read more about Hackers hit Cisco: 3M Salesforce records, GitHub repos allegedly stolen
Major Italian bank fined €31.8M after employee snooped on 3,500 customers
Italy’s data protection authority (DPA) imposed a fine of €31.8 million on Intesa Sanpaolo S.p.A. for “serious shortcomings in personal data security, due to the inadequacy of the technical and organizational measures adopted.”
Read more about Major Italian bank fined €31.8M after employee snooped on 3,500 customers
Roan and Eurocamp data breach exposes tourists to WhatsApp scams
Luxury camping providers Roan and Eurocamp have disclosed a data breach, affecting thousands of tourists.
Read more about Roan and Eurocamp data breach exposes tourists to WhatsApp scams
Anthropic inadvertently leaks source code for Claude Code CLI tool
Anthropic, the flagship AI company, has inadvertently exposed the source code for its major CLI tool Claude Code. It has already been extracted with mirrors published on GitHub.
Read more about Anthropic inadvertently leaks source code for Claude Code CLI tool
Venom Stealer touts fully automated malware pipeline for $250 a month, bypasses browser encryption
A new Malware-as-a-Service (MaaS) platform that combines ClickFix social engineering with automated data exfiltration and wallet detection is being sold on the dark web for $250 a month – or $1,800 for lifetime access.
Read more about Venom Stealer touts fully automated malware pipeline for $250 a month, bypasses browser encryption
ChatGPT retrieved internal company files in 42 milliseconds when asked a single question
An employee of Sola Security, a small new cybersecurity company, asked ChatGPT a single routine question about SSO configuration. But in response, the chatbot’s backend quietly retrieved hundreds of internal company files in less than a second.
Read more about ChatGPT retrieved internal company files in 42 milliseconds when asked a single question
