Security
Roblox users warned: 50 million login records are up for sale on the dark web
A threat actor claims to be selling a trove of Roblox credentials, likely harvested by infostealer malware from users directly. The database, which allegedly contains 50 million records, is listed for $777, according to Brinztech, a cybersecurity firm.
Read more about Roblox users warned: 50 million login records are up for sale on the dark web
MrBeast-advertised calorie app Cal AI allegedly hacked: 3 million subscribers exposed
Cal AI, the viral calorie-tracking app endorsed by many celebrities, has allegedly suffered a massive data breach. A threat actor dumped nearly 15GB of data, including 3 million emails, personal and subscription details, and even “times of day users eat.” The incident has not yet been officially confirmed.
Read more about MrBeast-advertised calorie app Cal AI allegedly hacked: 3 million subscribers exposed
Russia-backed hackers breach Signal, WhatsApp accounts
Russian-backed hackers have launched a global cyber campaign to gain access to Signal and WhatsApp accounts used by officials, military personnel and journalists, two intelligence agencies in the Netherlands warned on Monday.
Read more about Russia-backed hackers breach Signal, WhatsApp accounts
Campaign tricks Israelis into downloading a malicious version of a popular emergency app
The Acronis Threat Research Unit (TRU) has identified a campaign targeting Israelis. It tricks them into downloading a trojanized version of the RedAlert rocket app for Android.
Read more about Campaign tricks Israelis into downloading a malicious version of a popular emergency app
NGINX UI critical vulnerability enables hackers to download full system backups
A critical vulnerability is affecting the NGINX UI, a widely used third-party web management tool for NGINX, the most popular web server. Unauthenticated attackers can download a full system backup with user credentials, session tokens, SSL private keys, configurations, and other sensitive data.
Read more about NGINX UI critical vulnerability enables hackers to download full system backups
Hackers target Mac users with fake CleanMyMac, empty crypto wallets
Hackers are running a convincing malware campaign targeting Mac owners, stealing money and data. They are using a fraudulent CleanMyMac website and likely buying ads to reach users searching for the popular cleaner utility.
Read more about Hackers target Mac users with fake CleanMyMac, empty crypto wallets
“US power provider attacked,” claim Russian cyber gang
A Russia-linked ransomware gang has claimed it breached a US electric cooperative, raising fresh concerns that cybercriminals are once again circling critical power infrastructure.
Read more about “US power provider attacked,” claim Russian cyber gang
These Chrome AI assistants secretly harvested ChatGPT chats
Nearly 900,000 people installed AI browser assistants on Chrome and Edge that secretly harvested their chat conversations and browsing activity.
Read more about These Chrome AI assistants secretly harvested ChatGPT chats
Popular AI coding tool Blackbox AI, with 5M downloads, grants root access to hackers
Blackbox AI, one of the most popular AI coding and development assistants for VS Code, downloaded 5 million times, was hacked to give attackers remote access. The security researcher behind the attack asked the agent to apologize – it gave him root.
Read more about Popular AI coding tool Blackbox AI, with 5M downloads, grants root access to hackers
Cybercrooks using ICE as cover to steal information in phishing campaign
Companies hurrying to disable ICE-supporting messages might fall into a phishing trap.
Read more about Cybercrooks using ICE as cover to steal information in phishing campaign
Iran-linked Seedworm hackers found inside US bank, airline, tech networks
Iranian state-backed Seedworm hackers lurk inside US-Israeli critical networks – signaling a possible cyber campaign targeting US banking, aviation, and tech sectors.
Read more about Iran-linked Seedworm hackers found inside US bank, airline, tech networks
Windows user? Don’t get tricked by these GitHub tools spreading malware
Fake tools on GitHub are being used to raid Chrome, Microsoft Edge, and Brave browsers, to wipe your crypto wallets.
Read more about Windows user? Don’t get tricked by these GitHub tools spreading malware
Any browser extension can secretly install malware, researchers demonstrate
A handy price tracker, ad blocker, AI chatbot, or any other extension can turn malicious overnight and secretly install malware. Security researchers have demonstrated that extensions can modify every downloaded file without requiring permissions, and neither Google nor Mozilla sees a problem.
Read more about Any browser extension can secretly install malware, researchers demonstrate
Drone attacks expose vulnerability of cloud infrastructure in Gulf conflict
In the wake of Amazon's revelation that Iran struck three of its facilities in the UAE, and as Iran sees commercial cloud regions as high-leverage nodes for critical services, we might wonder what this all means going forward
Read more about Drone attacks expose vulnerability of cloud infrastructure in Gulf conflict
Developer finds his website banned by Google, spends weeks getting it delisted by security firms
One software engineer found that his side project website was mistakenly banned by Google – instantly, 10 other security firms flagged it, too. He spent weeks getting it delisted, raising concerns about one company’s control over the web.
Read more about Developer finds his website banned by Google, spends weeks getting it delisted by security firms
US and EU police seize LeakBase, a site where crooks share stolen passwords and hacking tools
European and US law enforcement have shut down LeakBase’s database, which prosecutors called “one of the world’s largest online forums for cybercriminals” for sharing stolen passwords and hacking tools.
Read more about US and EU police seize LeakBase, a site where crooks share stolen passwords and hacking tools
This paint company is dripping stolen information, hackers claim
The US branch of AkzoNobel, a multinational paint and coatings company from the Netherlands, has been attacked by hackers. They managed to steal approximately 170,000 files from the company.
Read more about This paint company is dripping stolen information, hackers claim
Claude AI shows just how fast technology is outpacing rules and ethics
The Claude saga that’s unfolding as we speak isn’t just about a popular AI chatbot going down. It’s about the awkward, unexpected place artificial intelligence has carved out for itself in the real world and the dramatic contrasts it highlights.
Read more about Claude AI shows just how fast technology is outpacing rules and ethics
China-linked hackers hide cyber spy operation inside Windows services and Google Drive
A cyber espionage campaign linked to the China-nexus hackers, tracked as Silver Dragon, has been uncovered, hiding inside legitimate Windows services and using Google Drive as a covert communications channel.
Read more about China-linked hackers hide cyber spy operation inside Windows services and Google Drive
AI agents are too easy to fool, with websites now littered with hidden “system override” commands
Don’t act surprised when your AI agent starts printing millions of pages of cabbages, deletes an entire system partition, or sends your life savings to fraudsters – they’re just being helpful. Security researchers have warned that many websites now sprinkle poison for AI, leaving malicious instructions for well-meaning agents to act upon. Here are 12 real-life examples.
Read more about AI agents are too easy to fool, with websites now littered with hidden “system override” commands
