Security
TikTok and YouTube are still feeding harmful content to 73% of UK teens
TikTok and Alphabet's YouTube have failed to set out meaningful steps to protect British children from harmful online content, media regulator Ofcom said on Thursday, citing data showing widespread exposure on their platforms.
Read more about TikTok and YouTube are still feeding harmful content to 73% of UK teens
Cleveland emergency response drones accidentally added to ICE surveillance network
Cleveland has become further proof that when authorities can access society-monitoring tools, such as cameras and, now, drones, they can be abused, even "accidentally."
Read more about Cleveland emergency response drones accidentally added to ICE surveillance network
Europol dismantles First VPN, the go-to VPN service for cybercriminals
Europol law enforcement operation dismantled First VPN (1VPNS), a notorious VPN service promoted on Russian-language cybercrime forums as a tool to hide from law enforcement and conceal cyberattacks.
Read more about Europol dismantles First VPN, the go-to VPN service for cybercriminals
West Pharma back online after hackers stole data and locked systems
West Pharmaceutical Services (WST) said on Wednesday that it has restored operations across its sites after a cybersecurity attack earlier this month and expects the incident to have no material impact on its 2026 financial outlook.
Read more about West Pharma back online after hackers stole data and locked systems
Ukrainian police name 18-year-old infostealer operator who targeted California shoppers
In what could be called a truly international criminal op, an 18-year-old hacker from Odessa, a port city in Ukraine, ran an infostealer malware operation and conspired with other cyber crooks to target users of an online store in the US state of California.
Read more about Ukrainian police name 18-year-old infostealer operator who targeted California shoppers
Hackers stole fingerprints, medical records of 1.8M in massive NYC hospital breach
NYC Health + Hospitals is warning 1.8 million patients that hackers stole medical records, Social Security numbers, banking information, and even fingerprint data in a months-long breach of the nation’s largest public hospital system.
Read more about Hackers stole fingerprints, medical records of 1.8M in massive NYC hospital breach
Surveillance pros slam snoop tactics behind Southampton FC’s £200m losses
Southampton Football Club have been booted out of the Championship playoffs after damning evidence forced them into admitting spying on their semi-final league opponents Middlesbrough in a drama dubbed “Spygate” by the British press.
Read more about Surveillance pros slam snoop tactics behind Southampton FC’s £200m losses
AI platform Dify, with 10 million installs, exposes users to one-click account takeover
Dify, a popular low-code AI application development platform with over 142,000 stars on GitHub, was found to contain critical vulnerabilities that allowed a one-click account takeover. Imperva researchers warn that AI tools are racing to add features without ensuring security.
Read more about AI platform Dify, with 10 million installs, exposes users to one-click account takeover
Millions hit in “scareware” attack that blasts out warning noises and frightens users into calling fake helpdesks
Security researchers have uncovered a new social engineering scam that uses deceptive pop-ups and fake warnings to trick users into believing their device has been compromised, prompting them to use fraudulent IT helpdesks.
Read more about Millions hit in “scareware” attack that blasts out warning noises and frightens users into calling fake helpdesks
Morgan Stanley issues China-only iPhones and iPads to Hong Kong bankers
Morgan Stanley has asked its Hong Kong-based bankers to carry new mobile devices issued exclusively for business travel to mainland China, as international firms with a cross-border workforce tighten data security.
Read more about Morgan Stanley issues China-only iPhones and iPads to Hong Kong bankers
Major arcade game maker leaks millions of records via WeChat mini app
Wahlap, one of the world’s top arcade makers, leaked nearly 19 million user records, ranging from full names to unique IDs. Our researchers believe the Wahlap data leak also includes data related to the WeChat ecosystem.
Read more about Major arcade game maker leaks millions of records via WeChat mini app
GitHub confirms breach after hackers put stolen source code up for sale
GitHub, the world’s largest code hosting platform used by over 100 million developers, has confirmed a data breach, and the attackers are selling the stolen data online.
Read more about GitHub confirms breach after hackers put stolen source code up for sale
Steam’s lazy vetting allowed free game to drain users’ data, researcher claims
Valve approved a free-to-play game on Steam that ended up stealing passwords and browser data and emptied accounts. The malware slipped through the security cracks because Steam only checked games when they were first submitted and not their updates.
Read more about Steam’s lazy vetting allowed free game to drain users’ data, researcher claims
Massive supply chain attacks prompt NPM to force platform-wide token reset
Following massive supply chain attacks, NPM has forced a platform-wide token reset – all tokens bypassing 2FA must be updated. However, it doesn’t solve the underlying problem.
Read more about Massive supply chain attacks prompt NPM to force platform-wide token reset
CISA left 844 MB of plaintext passwords and AWS tokens on public GitHub for six months
Security researchers at GitGuardian have discovered login credentials for the US Cybersecurity and Infrastructure Security Agency (CISA).
Read more about CISA left 844 MB of plaintext passwords and AWS tokens on public GitHub for six months
Europe has just approved mandatory screenings on foreign investments to protect critical sectors
The European Parliament has approved a new set of rules that will tighten the screening of foreign investments in critical sectors to prevent security risks.
Read more about Europe has just approved mandatory screenings on foreign investments to protect critical sectors
Social media algorithms are “weapons to manipulate public opinion:” Dutch regulators call for safeguards
The Dutch Media Authority (CvdM) is calling on the government to implement measures against “anti-democratic algorithms.”
Read more about Social media algorithms are “weapons to manipulate public opinion:” Dutch regulators call for safeguards
Smart glasses pose “widespread surveillance” threat, French DPA warns
The CNIL, France’s data protection authority (DPA), has raised concerns about the growing privacy risks linked to smart glasses and other AI-powered wearable devices. With smart glasses, unlike smartphones, people are unable to tell when they’re being filmed, thus turning everyday interactions into criminal recordings without consent.
Read more about Smart glasses pose “widespread surveillance” threat, French DPA warns
Iran-linked hackers target “low-hanging fruit” at US gas stations
A possible hack of gas station fuel tank systems in several US states has raised concerns about industrial devices that experts say have been exposed online for years, despite repeated federal warnings.
Read more about Iran-linked hackers target “low-hanging fruit” at US gas stations
Attackers turn ancient Windows utility MSHTA into Swiss Army knife of hacking
An ancient Windows utility is giving hackers an almost embarrassingly easy ride once they’re inside a system. It’s called MSHTA, and it is increasingly abused to deliver data-siphoning malware, Bitdefender warns.
Read more about Attackers turn ancient Windows utility MSHTA into Swiss Army knife of hacking
