Security
DoorDash, Walmart data manager breached, with millions of records exposed, attackers claim
Woflow, an AI-driven merchant data platform, has been claimed by ShinyHunters, the notorious data extortion group.
Read more about DoorDash, Walmart data manager breached, with millions of records exposed, attackers claim
Microsoft warning: attackers are abusing Google logins to spread malware
Hackers are hijacking trusted OAuth login flows to redirect victims to phishing traps, where they unknowingly download malware.
Read more about Microsoft warning: attackers are abusing Google logins to spread malware
Mass iPhone attack: government-grade iOS hacking tool falls into the hands of cybercriminals
iPhones are under mass attack, with Chinese scammers, Russian spies, and other cybercriminals using government-grade iOS exploit kits. Security experts suspect that the highly sophisticated spyware escaped the US government and are warning iOS users to update their devices to the latest version.
Read more about Mass iPhone attack: government-grade iOS hacking tool falls into the hands of cybercriminals
TikTok skips DM encryption, leaving privacy experts concerned
Unlike most of its rivals, TikTok is not planning to introduce end-to-end encryption on its direct messages. The platform says it wants to protect users, especially young people, from harm, but critics are already naming one caveat after another.
Read more about TikTok skips DM encryption, leaving privacy experts concerned
The Booking.com scam crisis – how a simple message revealed a sophisticated fraud
I was preparing for a long‑awaited weekend in Vilnius when my phone vibrated. The WhatsApp message came from someone calling...
Read more about The Booking.com scam crisis – how a simple message revealed a sophisticated fraud
Dutch watchdog accuses Meta of turning a blind eye as scam ads keep circulating
According to the Consumentenbond, the consumer interest group in the Netherlands, Meta barely monitors advertisers and takes no action against unreliable online stores.
Read more about Dutch watchdog accuses Meta of turning a blind eye as scam ads keep circulating
Ivanti Connect Secure devices may carry dormant RESURGE malware
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that RESURGE malware may still be silently embedded in Ivanti Connect Secure VPN appliances. It remains dormant until attackers attempt to regain access.
Read more about Ivanti Connect Secure devices may carry dormant RESURGE malware
Hackers claim LexisNexis cloud breach exposing 400K users and .gov emails
Hackers claim to have breached LexisNexis by accessing its AWS infrastructure, publishing a trove of internal records allegedly tied to 400K users – including .gov accounts from courts and federal agencies.
Read more about Hackers claim LexisNexis cloud breach exposing 400K users and .gov emails
Attackers could hijack Perplexity’s Comet browser to take over your 1Password vault
Researchers have identified a new family of vulnerabilities affecting the Perplexity Comet agentic browser. Two distinct exploit paths enable zero-click agent compromise and credential theft or full account takeover via authorized workflows, including interactions with 1Password.
Read more about Attackers could hijack Perplexity’s Comet browser to take over your 1Password vault
“We go bankrupt:” stolen Gemini API key turns $180 monthly bill into $82K catastrophe, developer says
Just as researchers are ringing the alarm bells about thousands of exposed Google API keys, one small dev team is facing the worst-case scenario – an $82,000 bill.
Read more about “We go bankrupt:” stolen Gemini API key turns $180 monthly bill into $82K catastrophe, developer says
How do 100 lava lamps help Cloudflare with data encryption?
There’s a security reason behind why Cloudflare’s office has a wall with 100 lava lamps.
Read more about How do 100 lava lamps help Cloudflare with data encryption?
Check if your Chrome is up to date: Google’s Gemini might still be spying on you
This is why you need to update your Chrome. A patched Chrome vulnerability could have turned Google’s Gemini AI into a built-in surveillance tool.
Read more about Check if your Chrome is up to date: Google’s Gemini might still be spying on you
“Star Citizen” maker says that an undisclosed month-old data breach isn’t a big deal
Cloud Imperium Games (CIG), a British gaming company, knew for over a month that its customers' personal information had been accessed by hackers. It seems the company doesn’t see this data breach as that much of a big deal.
Read more about “Star Citizen” maker says that an undisclosed month-old data breach isn’t a big deal
Next.js turf war heating up: Cloudflare’s vibe-coded gambit humbled by critical security bugs
Cloudflare boasted about a single engineer with just $1,100 in AI tokens building “a drop-in replacement for Next.js” in a week. This kicked off a beef with Vercel, which maintains Next.js, a popular web development tool. The ambitious project arrived riddled with security holes, but with enough punch to rattle the industry.
Read more about Next.js turf war heating up: Cloudflare’s vibe-coded gambit humbled by critical security bugs
Wild pack without a leader: pro-Iranian hackers already active in wake of US-Israeli strikes
With the conflict in the Middle East entering a phase of total infrastructure and economic warfare, threat analysts are urging organizations across the US and its allies to beware of potential retaliatory cyberattacks. In fact, they’ve already begun.
Read more about Wild pack without a leader: pro-Iranian hackers already active in wake of US-Israeli strikes
US agencies dump Anthropic as Altman revises Defense Department agreement
The US Treasury Department, State Department, and the federal housing agency announced they are terminating all use of Anthropic products, in a shift to OpenAI, the ChatGPT maker led by Sam Altman, who on Monday said changes were being made to the it US Defense Department agreement.
Read more about US agencies dump Anthropic as Altman revises Defense Department agreement
Motorola joins forces with GrapheneOS to boost smartphone security
Smartphone manufacturer Motorola has announced a partnership with GrapheneOS Foundation, touting it as “a new chapter in smartphone security.” The non-profit explains that the Lenovo-owned company is working on “a subset of their next generation” devices to meet GrapheneOS requirements.
Read more about Motorola joins forces with GrapheneOS to boost smartphone security
French Airbus and Boeing parts supplier confirms data breach
A Russia-linked ransomware gang claims it has breached a key French supplier to Airbus and Boeing – LISI Group and stolen financial and corporate data. The company has confirmed the “cyber incident.”
Read more about French Airbus and Boeing parts supplier confirms data breach
This purchase order PDF is fake, malicious, and after your password
Another day, another scam on Telegram. Researchers have found an attachment posing as a purchase order in PDF form that’s actually a credential-harvesting web page quietly sending passwords and other sensitive data straight to a Telegram bot controlled by an attacker.
Read more about This purchase order PDF is fake, malicious, and after your password
Unprecedented GitHub hacking spree: “security research” AI bot compromises major repos from Microsoft, Datadog, and others
The AI bot, still active on GitHub, is hacking one repo after another, curating its own brag page, and claiming to have scanned over 47,000 repositories. In just one week, it targeted at least six popular open-source projects, including those from Microsoft and DataDog. Trivy, a popular vulnerability scanner repo, was fully compromised.
Read more about Unprecedented GitHub hacking spree: “security research” AI bot compromises major repos from Microsoft, Datadog, and others
