Security
Was Nike hacked? Attackers threaten to leak apparel giants’ data
Nike, the American apparel behemoth, may have suffered a data breach. A prominent cybercriminal gang claims it has hacked the company and is threatening to release stolen data to the public.
Read more about Was Nike hacked? Attackers threaten to leak apparel giants’ data
Spyware disguised as ChatGPT is harvesting data from 1.5M VS Code developers
A massive file harvesting campaign is ongoing, targeting VS Code developers. Over 1.5 million users have downloaded knock-off extensions that function like AI coding assistants but are also bristling with spyware.
Read more about Spyware disguised as ChatGPT is harvesting data from 1.5M VS Code developers
This will get you hacked: trusting AI deepfakes, pop-ups, fake security alerts, and evolving malware
While not everyone can be conned into thinking Aquaman has fallen in love with them via Facebook, our research round-up this week highlights just how convincing some of these scams can be, thanks to AI.
Read more about This will get you hacked: trusting AI deepfakes, pop-ups, fake security alerts, and evolving malware
Europe wants "sovereign cloud" - but can it really protect data from US?
The sovereign cloud is Europe’s answer to digital independence, protecting data, AI, and critical systems from foreign control, regulatory conflicts, and geopolitical risks.
Read more about Europe wants "sovereign cloud" - but can it really protect data from US?
From consumer auto to police vehicles: hackers showed how little data enables car tracking
The Cybernews team, together with security researcher Sam Curry and automotive hacker BusesCanFly, did an eye-opening experiment and revealed just how simple it can be for cybercriminals to remotely access, track, unlock, even start and stop, not only today’s connected cars, but ambulances, police vehicles, and large commercial fleets. The filmed experiment shows what modern vehicle hacking really looks like.
Read more about From consumer auto to police vehicles: hackers showed how little data enables car tracking
Security expert explains why he’s reluctant to drive an older Tesla (or any car made before 2014)
An exclusive Cybernews video experiment, in collaboration with security researcher Sam Curry and automotive hacker BusesCanFly, reveals an unsettling truth about how easy it is for criminals to remotely access, track, and even control your vehicle.
Read more about Security expert explains why he’s reluctant to drive an older Tesla (or any car made before 2014)
Linux users targeted: hackers invade Snap packages with crypto-stealing malware
Hackers are invading Snapcraft, the central app store for Ubuntu and a major software repository for other Linux distributions. Security experts warn of cybercriminals impersonating popular cryptocurrency wallets and taking over dormant SNAP packages.
Read more about Linux users targeted: hackers invade Snap packages with crypto-stealing malware
Greek police bust car‑trunk cell tower scamming phones across Athens
Greek authorities have arrested two scammers who drove around with a makeshift cell tower in the trunk of their car. The gear allowed cybercrooks to crack user devices and send convincing phishing messages.
Read more about Greek police bust car‑trunk cell tower scamming phones across Athens
Pentest tools left online are allowing hackers to exploit Fortune 500 firms
Hackers are exploiting intentionally vulnerable penetration testing and security training apps that have been mistakenly exposed to the public internet, giving them access to cloud environments including CloudFlare, F5, and Palo Alto Networks.
Read more about Pentest tools left online are allowing hackers to exploit Fortune 500 firms
How a hacker turned AI slop into VoidLink, a powerful new Linux malware
Security researchers are warning about the rise of a powerful, sophisticated Linux malware framework known as VoidLink. It turns out that a solo developer with a team of AI agents is likely behind it.
Read more about How a hacker turned AI slop into VoidLink, a powerful new Linux malware
LastPass “create backup” email is a scam, the company warns
Scammers are targeting LastPass clients with phishing emails that claim the password manager is about to conduct maintenance and that users should back up their vaults.
Read more about LastPass “create backup” email is a scam, the company warns
Ka-ching! Tesla infotainment system quickly hacked at security conference
Tesla arguably invented the touchscreen infotainment system as we know it, but researchers have just proven that it can be hacked.
Read more about Ka-ching! Tesla infotainment system quickly hacked at security conference
When people get scammed, they trust Reddit for advice, Google says
When dealing with cybersecurity issues, millions of internet users turn to Reddit first, seeking advice from strangers on what just went wrong.
Read more about When people get scammed, they trust Reddit for advice, Google says
Evelyn Stealer campaign weaponizes Microsoft’s Visual Studio Code ecosystem
A new malware campaign is targeting software developers with a new information stealer called Evelyn Stealer, which weaponizes the Microsoft Visual Studio Code (VS Code) extension ecosystem.
Read more about Evelyn Stealer campaign weaponizes Microsoft’s Visual Studio Code ecosystem
Under Armour customers exposed: hackers post 72.7 million emails with purchase histories
Cybercriminals have released data allegedly stolen from Under Armour, the global activewear and footwear brand, exposing 72.7 million accounts. Leaked emails with purchase histories are likely to be used in spear-phishing campaigns.
Read more about Under Armour customers exposed: hackers post 72.7 million emails with purchase histories
Pharma corporation leaks 8M+ messages, employee records
Boryung Corporation, one of the largest healthcare and pharmaceutical firms in South Korea, leaked millions of internal messages, along with thousands of employee records.
Read more about Pharma corporation leaks 8M+ messages, employee records
Critical Cloudflare flaw allowed hackers to reach web servers directly
A massive blind spot in Cloudflare’s security recently left millions of servers exposed to a critical zero-day exploit. White-hat hackers found a way to bypass the Web Application Firewall (WAF) and access private data by exploiting HTTPS certificate renewals.
Read more about Critical Cloudflare flaw allowed hackers to reach web servers directly
NY union breach: 47K members’ SSNs exposed in May 2025 hack
The Civil Service Employees Association (CSEA) had malicious actors roaming its systems for nearly a month, possibly accessing personal details of tens of thousands of its members.
Read more about NY union breach: 47K members’ SSNs exposed in May 2025 hack
LinkedIn DM phishing campaign targets high-value execs with weaponized file downloads
A phishing campaign targeting carefully selected “high-value” corporate employees has been using LinkedIn direct messages to deliver weaponized downloads, highlighting how criminals are shifting away from email-based lures as inbox security improves.
Read more about LinkedIn DM phishing campaign targets high-value execs with weaponized file downloads
European rights groups push for full EU ban on commercial spyware
European digital rights movement EDRi is calling on the political leaders of EU Member States to implement a full ban on spyware in the European Union.
Read more about European rights groups push for full EU ban on commercial spyware
