Security
Nissan leak affects 21,000 customers
Hackers have managed to exfiltrate personal information of approximately 21,000 Nissan customers by accessing a third-party’s digital environment.
Read more about Nissan leak affects 21,000 customers
OpenAI says prompt injection attacks “long-term security challenge”
Artificial intelligence (AI) prompt injection attacks will remain one of the most challenging security threats, with no guaranteed complete fix. The best way to protect ourselves is to continuously strengthen our defenses against it, according to OpenAI.
Read more about OpenAI says prompt injection attacks “long-term security challenge”
Vincent AI phishing vulnerability found, 200K+ law firms at risk of credential and data theft
Vincent, the vLex AI assistant used by tens of thousands of legal teams and law firms worldwide, contains an AI-phishing vulnerability that attackers could exploit via hidden HTML code – all to steal users’ login credentials and potentially expose sensitive client files.
Read more about Vincent AI phishing vulnerability found, 200K+ law firms at risk of credential and data theft
France’s postal and banking systems attacked as Christmas rush peaks
France’s postal service was knocked down after a suspected cyberattack, with frustrated clients lining up to deliver Christmas parcels.
Read more about France’s postal and banking systems attacked as Christmas rush peaks
Code that works can also be malware: this WhatsApp API is stealing messages
A popular WhatsApp library trusted by tens of thousands of developers was quietly spying on messages, contacts, and credentials, maintaining access even after being uninstalled.
Read more about Code that works can also be malware: this WhatsApp API is stealing messages
Hospitals exposed as medical devices create massive cyber risks
Even a doctor’s Bluetooth music speaker can compromise a hospital’s cybersecurity network, and chief information security officers won't be among the first to know.
Read more about Hospitals exposed as medical devices create massive cyber risks
Scammers exploit official Google domain to send phishing emails undetected
Scammers have found a way to send fraudulent emails using Google’s official @google.com domain by abusing Google Cloud automation tools. Thousands of organizations received phishing emails that evaded security detection.
Read more about Scammers exploit official Google domain to send phishing emails undetected
Hackers attack WatchGuard Firebox firewalls: 120K IPs exposed and vulnerable
With hackers already knocking at the gates, around 120,000 WatchGuard Firebox firewalls, which protect thousands of companies, remain unpatched and vulnerable to a critical flaw, according to the latest research by the ShadowServer Foundation.
Read more about Hackers attack WatchGuard Firebox firewalls: 120K IPs exposed and vulnerable
Prince of Persia ran a covert Iranian spy campaign for over a decade
For nearly two decades, an Iran-backed hacking group, once thought to have faded away, has quietly evolved, research reveals.
Read more about Prince of Persia ran a covert Iranian spy campaign for over a decade
“We backed up Spotify:” pirates claim to have scraped 300TB of music
Spotify’s entire music catalog has allegedly been scraped by Anna’s Archive, a major shadow digital library best known for its collection of books and academic papers. It plans to release 300TB of music torrents, described as the “world’s first preservation archive,” containing 86 million of the most popular tracks.
Read more about “We backed up Spotify:” pirates claim to have scraped 300TB of music
Acting CISA boss fails polygraph test organized by career staff, seeks revenge
At least six career staffers and the US Cybersecurity and Infrastructure Security Agency (CISA) allegedly organized a polygraph test for the agency’s acting director, Madhu Gottumukkala, this summer. He failed and then began suspending employees left and right.
Read more about Acting CISA boss fails polygraph test organized by career staff, seeks revenge
Cybercriminals flock to a new unrestricted AI tool: 10,000 prompts on the first day
Cybercriminals are using a new and highly capable uncensored AI tool called DIG AI, which appeared on the Darknet. The “not good” AI is actively misused for fraud, malware creation, terrorism, child sexual abuse material (CSAM), and other criminal activities, security firm Resecurity warns.
Read more about Cybercriminals flock to a new unrestricted AI tool: 10,000 prompts on the first day
Adblockers save an average user 2 days of loading time per year, AdGuard claims
Adblockers reduce network requests by more than half, save a third of bandwidth usage, and spare every user two days of loading time per year, according to a new report by AdGuard. These benefits come in addition to adblockers’ primary purpose: defeating intrusive ads, malvertising, tracking, and other annoyances.
Read more about Adblockers save an average user 2 days of loading time per year, AdGuard claims
Denmark fingers Russia as culprit in two “destructive” cyberattacks
The Danish government has formally accused Russia of carrying out two “destructive and disruptive” cyberattacks and described them as “very clear evidence” of a hybrid warfare, whatever it actually is.
Read more about Denmark fingers Russia as culprit in two “destructive” cyberattacks
Hackers find a simple trick to access WhatsApp accounts: linking a new device
WhatsApp users are sharing their accounts with hackers, who trick them into completing what appears to be a routine verification process. Victims silently approve attacker-controlled devices, granting nearly full access, Gen Digital researchers warn.
Read more about Hackers find a simple trick to access WhatsApp accounts: linking a new device
Hacker arrested over ties to France Interior Ministry data breach
French authorities have apprehended a 22-year-old hacker, allegedly linked to the recent data breach of the France’s Ministry of the Interior (Beauvau).
Read more about Hacker arrested over ties to France Interior Ministry data breach
A critical Cisco vulnerability is letting China spy on email systems
A critical Cisco vulnerability with no patch is being actively exploited by suspected China-aligned hackers to quietly seize control of exposed email security appliances.
Read more about A critical Cisco vulnerability is letting China spy on email systems
Google sues another Chinese scam group over large phishing scheme
Google has sued a Chinese cybercriminal group, which the tech giant claims is responsible for millions of scam text messages sent to Americans this year. This is the company’s second similar complaint in a month.
Read more about Google sues another Chinese scam group over large phishing scheme
GhostPoster malware campaign exploits live Firefox extensions
A live malware campaign called GhostPoster is hiding malicious JavaScript inside Firefox extension logo files, resulting in over 50,000 unsuspecting users to download more than a dozen compromised add-ons so far.
Read more about GhostPoster malware campaign exploits live Firefox extensions
8M VPN users just got their AI chats wiped and sold
Widely used Chrome browser extensions have been quietly wiping users’ conversations with AI chatbots and selling the sensitive data to third parties.
Read more about 8M VPN users just got their AI chats wiped and sold
