Security
Atlas Air attackers warn Boeing intellectual property at risk in suspected supply chain hack
One of the world’s largest cargo airlines, Atlas Air, has been claimed by a prominent ransomware cartel. The attackers’ post about the breach hints at a larger supply-chain attack targeting the American aerospace industry.
Read more about Atlas Air attackers warn Boeing intellectual property at risk in suspected supply chain hack
Anna’s Archive drops 6.4TB of music scraped from Spotify despite massive lawsuit
Despite an unfathomable $13 trillion lawsuit, Anna’s Archive has started quietly releasing millions of tracks scraped from Spotify.
Read more about Anna’s Archive drops 6.4TB of music scraped from Spotify despite massive lawsuit
No longer sitting ducks: why Japan shifted to offensive cyber defense
From the Asahi attack to Taiwan tensions, Tokyo has adopted a more offensive approach to national cybersecurity. The architect behind Japan’s new cyber laws explains why.
Read more about No longer sitting ducks: why Japan shifted to offensive cyber defense
After Poland cyberattacks, CISA warns US energy sector to change default passwords
The US energy sector has been advised to immediately change all their default passwords after a series of cyberattacks on the Polish energy suppliers.
Read more about After Poland cyberattacks, CISA warns US energy sector to change default passwords
Hacker reveals 6.8 billion emails online and warns victims “your data is public”
Several billion leaked, scraped, and stolen email addresses were shared in a single database, enabling a phishing spree on an unprecedented scale.
Read more about Hacker reveals 6.8 billion emails online and warns victims “your data is public”
It’s impossible for humans to delete an account on MoltBook, a social network for AI agents
Security researchers warn that it's impossible to delete a user account from MoltBook, a social media network for AI bots that has recently made headlines. While the site collects private information, it might not be the biggest worry for OpenClaw users, who left over 135,000 instances exposed online.
Read more about It’s impossible for humans to delete an account on MoltBook, a social network for AI agents
Signal founder roasts Telegram, says there’s nothing private about it
American cryptographer Moxie Marlinspike, creator of Signal, has railed against Telegram in a new interview, calling it the opposite of a private messenger and stating that if you use it, your data definitely isn’t safe.
Read more about Signal founder roasts Telegram, says there’s nothing private about it
Digital squatters are weaponizing your muscle memory to steal passwords
You don’t have to fall for an obvious phishing email to get burned anymore. A growing wave of “digital squatting” relies on routine tiny-domain lookalikes you barely notice, until you’ve already typed – or auto-filled – your login details into the wrong site.
Read more about Digital squatters are weaponizing your muscle memory to steal passwords
Travelers beware: thousands of customer IDs and full payment details leaked
OneFly, a business-to-business (B2B) travel consolidation service, has exposed thousands of sensitive records, including ID documents, flight numbers, and full credit card details.
Read more about Travelers beware: thousands of customer IDs and full payment details leaked
BeyondTrust critical vulnerability: thousands of hosts and nearly 200K web properties discovered
A critical flaw was found and patched in BeyondTrust remote management products. Censys, a cybersecurity platform that maps exposed internet assets, has identified 190,832 exposed web properties and is urging users to update ASAP.
Read more about BeyondTrust critical vulnerability: thousands of hosts and nearly 200K web properties discovered
Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI features
The Windows 11 Notepad app, recently upgraded with AI features, now carries a high-severity flaw that exposes users to dangerous attacks. Hackers can simply send boobytrapped text files and remotely compromise users with a single click.
Read more about Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI features
CISA flags six actively exploited Microsoft zero-days
Microsoft has released fixes for six new zero-days actively exploited in the wild, alongside more than 50 additional security updates in this month’s Patch Tuesday rollout.
Read more about CISA flags six actively exploited Microsoft zero-days
YouTube tutorials spread fake 7-zip downloads as brand impersonation and domain mix-ups put PCs at risk
A fake version of the popular 7-zip download is secretly hijacking home computers and using them to route criminal internet traffic, in a campaign that researchers say has been running undetected for some time.
Read more about YouTube tutorials spread fake 7-zip downloads as brand impersonation and domain mix-ups put PCs at risk
Archive.today is hiding a script that turns visitors into DDoS attackers
Webpage capture site Archive.today (also known as archive.ph, archive.is, and other mirrors), direct visitors to participate in a distributed denial of service (DDoS) attack targeted at a Finnish blogger. The malicious activity appears to be a bizarre personal vendetta rather than a large-scale operation.
Read more about Archive.today is hiding a script that turns visitors into DDoS attackers
India shortens social media takedown timeline to 3 hours
India's government said social media companies would have to take down unlawful content within three hours of being notified about it, tightening on Tuesday an earlier 36-hour timeline in what could be a compliance challenge for Meta, YouTube and X.
Read more about India shortens social media takedown timeline to 3 hours
200M+ Telegram user records shared on a data leak forum
Telegram, one of the world’s largest messaging apps, had millions of its users' records shared on a data leak forum, exposing email addresses and phone numbers. Telegram denies private user data was exposed.
Read more about 200M+ Telegram user records shared on a data leak forum
Expect “relentless barrage” of cyberattacks on defense industry, Google says
A new report from Google says that Western defense firms, their hiring processes, and their employees have become a key target of state-sponsored cyber-espionage campaigns. In fact, there’s now a “relentless barrage of cyber operations.”
Read more about Expect “relentless barrage” of cyberattacks on defense industry, Google says
Hackers siege Ivanti EPMM with thousands of IPs, dozens of organizations compromised
Hackers have launched an unprecedented scanning operation, employing tens of thousands of IP addresses to hunt for vulnerable Ivanti Endpoint Manager Mobile (EPMM) instances. Dozens of organizations have already been compromised.
Read more about Hackers siege Ivanti EPMM with thousands of IPs, dozens of organizations compromised
Security measures helpless against critical Xiaomi Redmi Buds vulnerability
The Korea Internet & Security Agency (KISA) has issued an urgent advisory following the discovery of critical security flaws in several generations of Xiaomi wireless earbuds. In a recent notice, the agency warned that because no official security patch is yet available, users should "disable Bluetooth in public places when not using earphones."
Read more about Security measures helpless against critical Xiaomi Redmi Buds vulnerability
Just 11% of UK healthcare breaches account for 65% of data exposed
Mitigating just a fraction of all healthcare data security incidents could protect the data of millions of individuals, according to cybersecurity experts.
Read more about Just 11% of UK healthcare breaches account for 65% of data exposed
