Security
Someone just deleted $8.2 million worth of bitcoin by sending it to a burn address
Someone just sent a crazy amount of money – 107 bitcoins, worth $8.2 million – to a burn address which has no private key, meaning that the money will never be recovered.
Read more about Someone just deleted $8.2 million worth of bitcoin by sending it to a burn address
Some developers seeing 7-fold increase in supply chain compromises
As supply chain attacks rage, one engineering team reported a 7-fold spike in vulnerable dependencies over 3 months. Developer computers have become the prime targets for attackers – many open doors, and malicious code bypasses Endpoint Detection and Response tools, giving hackers the highest return for the effort.
Read more about Some developers seeing 7-fold increase in supply chain compromises
Trump Mobile probes data breach of 27,000 T1 pre-order customers
Trump Mobile says it’s investigating a potential data breach of customer information, allegedly caused by security flaws on its website.
Read more about Trump Mobile probes data breach of 27,000 T1 pre-order customers
British drivers data surfaces on hacker market, Mercedes questions dataset's legitimacy
Mercedes-Benz, the globally renowned German luxury automotive brand, may be the latest victim in a string of attacks against the automotive sector. At least that's what hackers claim. The company's representatives call the data "unreliable."
Read more about British drivers data surfaces on hacker market, Mercedes questions dataset's legitimacy
WhatsApp users on alert after hacker drops massive dataset
The hacker said he is quitting crime and has dropped a dozen million WhatsApp user records for free. Cybernews researchers found millions of phone numbers and login credentials allegedly leaked.
Read more about WhatsApp users on alert after hacker drops massive dataset
OnlyFans mega leak reveals 340M user records, hackers claim
Threat actors claim they’re selling hundreds of millions of records that supposedly reveal OnlyFans creator and fan records, including their activity metrics and social profiles.
Read more about OnlyFans mega leak reveals 340M user records, hackers claim
GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”
GitHub has terminated the account of “Nightmare-Eclipse,” an anonymous rogue security researcher known for dropping critical unpatched Windows vulnerabilities since Microsoft left them “homeless with nothing.” The vigilante has now moved to GitLab, releasing more threats.
Read more about GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”
AI voice bots hijacked by ‘hidden’ sounds in podcasts, MP3 files and YouTube clips
Security researchers have demonstrated a new type of attack that uses hidden audio signals to manipulate voice assistants into carrying out unauthorized actions without users noticing.
Read more about AI voice bots hijacked by ‘hidden’ sounds in podcasts, MP3 files and YouTube clips
44 million alleged healthcare records of French citizens surface on hacker forum
A hacker claims to have breached the data of France’s key healthcare payment operator, with millions of Social Security records on sale.
Read more about 44 million alleged healthcare records of French citizens surface on hacker forum
Megalodon stalks over 5,000 GitHub repos in new assault on open source
A new malware campaign that hijacks GitHub repositories through malicious automated workflows is threatening open-source projects with a further barrage of supply chain attacks.
Read more about Megalodon stalks over 5,000 GitHub repos in new assault on open source
German Football Association leaves open goal for hackers, who are claiming password theft
Threat actors are claiming access to Germany’s top governing body for football, with login credentials and passwords allegedly shared online.
Read more about German Football Association leaves open goal for hackers, who are claiming password theft
Trump Mobile security flaw: YouTubers who preordered the golden phone find their data leaking
YouTubers who pre-ordered the T1 mobile phone from Trump Mobile, a network operator and smartphone brand of The Trump Organization, are finding that their data is leaking. “Everything short of credit card numbers,” said Stephen Findeisen, better known as Coffeezilla.
Read more about Trump Mobile security flaw: YouTubers who preordered the golden phone find their data leaking
Las Vegas giant reveals hacking incident after system breach
Station Casinos has confirmed a cybersecurity breach in a regulatory filing, adding yet another major Las Vegas gaming operator to the growing list of casinos targeted by cybercriminals.
Read more about Las Vegas giant reveals hacking incident after system breach
Hackers claim Starbucks data breach, but researchers are not so sure
An attacker group claims to have snatched data from Starbucks AWS cloud storage and is demanding $500,000 from the company. However, our research team believes that the claims don’t carry much weight.
Read more about Hackers claim Starbucks data breach, but researchers are not so sure
Google API keys keep working for up to 23 minutes after you delete them
When Gemini users delete Google API keys, those keys remain active for up to 23 minutes, giving attackers time to abuse them to dump data, cache conversations, and make API calls. Google “won’t fix” the “known property of the system” and doesn’t see it as a security issue, Aikido Security researchers said.
Read more about Google API keys keep working for up to 23 minutes after you delete them
Meta, TikTok, X, and other platforms have 48 hours to remove deepfakes and revenge porn
The Federal Trade Commission (FTC) has sent warning letters to numerous companies, telling them they have to comply with the TAKE IT DOWN Act. If they don’t, generous fees will apply.
Read more about Meta, TikTok, X, and other platforms have 48 hours to remove deepfakes and revenge porn
Meta, TikTok, and Google left 73% of reported scam ads online despite numerous complaints
Meta, TikTok, and Google left hundreds of scam advertisements online despite nearly 900 complaints from European consumer groups, an action that could have left millions of users vulnerable to financial fraud.
Read more about Meta, TikTok, and Google left 73% of reported scam ads online despite numerous complaints
China-linked hackers deploy new "Showboat" malware against telecom firms
A newly discovered malware family – dubbed “Showboat” – is targeting telecom providers worldwide in what researchers describe as a stealth cyber espionage campaign likely linked to Chinese nation-state actors.
Read more about China-linked hackers deploy new "Showboat" malware against telecom firms
CISA launches new online KEV portal to speed exploited vulnerability tracking
The US Cybersecurity and Infrastructure Security Agency (CISA) is making it easier for organizations and defenders to report vulnerabilities that qualify for its Known Exploited Vulnerabilities (KEV) Catalog.
Read more about CISA launches new online KEV portal to speed exploited vulnerability tracking
Was NATO breached? Massive database leak claim triggers security concern
A threat actor has posted an alleged 3.5TB “NATO database” for sale on an underground cybercrime forum, triggering fears that sensitive defense-linked contact data across multiple allied institutions may have been exposed.
Read more about Was NATO breached? Massive database leak claim triggers security concern
