Security
Texas police accused of using surveillance data to hunt woman over abortion
Authorities in Texas used surveillance data to track down a woman who performed a self-managed abortion. Deputies and the surveillance companies then tried to cover their tracks.
Read more about Texas police accused of using surveillance data to hunt woman over abortion
All SonicWall firewall cloud backups stolen, admins urged to act immediately
A threat actor has accessed all firewall cloud backups belonging to customers of SonicWall, a major VPN, firewall, and other network security solutions provider. The firm has updated its advisory, which previously claimed the data breach affected less than 5% of its firewall install base.
Read more about All SonicWall firewall cloud backups stolen, admins urged to act immediately
Cl0p found exploiting Oracle EBS zero-day months before critical patch release
Google threat researchers have revealed that the Cl0p ransom gang, which is said to have compromised hundreds of companies in a zero-day spree targeting Oracle E Business Suite (EBS), likely began its exploit campaign back in July.
Read more about Cl0p found exploiting Oracle EBS zero-day months before critical patch release
Casino giant sued by employee over data breach that exposed Social Security numbers
Boyd Gaming, a Las Vegas Casino chain, is being sued for a previous data breach that exposed the sensitive data of its employees.
Read more about Casino giant sued by employee over data breach that exposed Social Security numbers
Quebec schools app leaks kids' data, sparking outrage
Hundreds of schools and daycares in Quebec used an app that exposed children's data, putting them at risk. And while fingers pointed in multiple directions, looking for someone to blame, schools continued to use the application despite the dangerous data leak.
Read more about Quebec schools app leaks kids' data, sparking outrage
Microsoft Windows 10 approached its expiration date. What should you do?
Users who still use the operating system that was first launched in 2015 are encouraged to take action to ensure that their devices continue to receive technical assistance, features, and security updates from Windows.
Read more about Microsoft Windows 10 approached its expiration date. What should you do?
AI girlfriend can’t keep a secret: app leaks intimate conversations of 400K+ users
Two AI character apps by the same developer, “Chattee Chat” and “GiMe Chat,” have exposed millions of intimate conversations, over 600K images, and other private data. Leaked purchase logs reveal that some users spend thousands of dollars on their AI girlfriends.
Read more about AI girlfriend can’t keep a secret: app leaks intimate conversations of 400K+ users
Hackers leveraging Teams to drop malware, steal data, Microsoft warns
Microsoft has warned about hackers taking advantage of its collaboration platform, Teams. Attackers use Teams to gather information, trick users into sharing sensitive data, impersonate trusted sources, deliver malware through messages and calls, and even steal credentials, exfiltrate data, and maintain persistence.
Read more about Hackers leveraging Teams to drop malware, steal data, Microsoft warns
Foreign threat actors adopting ChatGPT to bolster “old playbook” of attacks, OpenAI finds
Foreign adversaries are now building AI into their existing workflows – from crafting phishing campaigns, tweaking malware, and generating propaganda, to researching ways to automate their cyber kill chain, according to a new report by OpenAI.
Read more about Foreign threat actors adopting ChatGPT to bolster “old playbook” of attacks, OpenAI finds
Attacker says they breached Huawei, source code sold online
A hacker claims to have stolen Huawei’s internal source code and sold it on an underground cybercriminal forum.
Read more about Attacker says they breached Huawei, source code sold online
Millions of shoppers exposed ahead of the Black Friday
Global e-commerce giant VTEX has leaked the data of six million people, exposing everything from their home addresses to their purchases.
Read more about Millions of shoppers exposed ahead of the Black Friday
From “death by a thousand AI slops” to fixing 50 bugs in just three months
Nearly three months ago, Daniel Stenberg, creator of the widely used curl utility, complained about the overwhelming flood of low-quality AI-generated vulnerability reports, calling them “AI slop.” However, the lead maintainer now says that AI-generated reports led to 50 bug fixes.
Read more about From “death by a thousand AI slops” to fixing 50 bugs in just three months
You’re owning less: protect yourself from vague digital ownership terms
Imagine finding an old game you bought years ago to relive memories or show a kid, only to discover it...
Read more about You’re owning less: protect yourself from vague digital ownership terms
Steam, Riot Games hit by disruptions: massive DDoS attack suspected
Multiplayer gamers on different platforms have experienced service outages and disruptions simultaneously. The cybersecurity community suspects a major distributed denial of service attack (DDoS) from Aisuru, a massive botnet pushing out record-breaking traffic.
Read more about Steam, Riot Games hit by disruptions: massive DDoS attack suspected
Cyber authorities ring alarm bell over actively exploited Oracle E-Business Suite bug
Cybersecurity authorities are urging organizations to patch a critical zero-day bug in Oracle’s E-Business Suite (EBS) that’s already being actively exploited. The flaw enables unauthenticated attackers to run code remotely.
Read more about Cyber authorities ring alarm bell over actively exploited Oracle E-Business Suite bug
Your gaming mouse can easily eavesdrop: here's how
Researchers at the University of California, Irvine, have turned a humble computer mouse into an unlikely spy.
Read more about Your gaming mouse can easily eavesdrop: here's how
Signal is asking Germany not to “capitulate” for client-side scanning
Meredith Whittaker, CEO of the chat app Signal, has called on Germany to vote against the introduction of chat control.
Read more about Signal is asking Germany not to “capitulate” for client-side scanning
DeepSeek popularity raises concerns: NIST warns of flawed security, CCP narratives, and hidden costs
Rapid adoption of DeepSeek models from China is unnerving to US policymakers. A new study from NIST highlights significant security vulnerabilities, alignment with the Chinese Communist Party (CCP), and a notable performance gap compared to superior US models, while also being more expensive to use.
Read more about DeepSeek popularity raises concerns: NIST warns of flawed security, CCP narratives, and hidden costs
Hackers threaten Salesforce: pay up or over 700 companies’ data will be exposed
The hacking conglomerate, which is believed to be responsible for attacks against Salesforce instances via Salesloft integrations, has posted ransom demands. It’s threatening to release data from over 700 major companies, including Google, FedEx, UPS, Toyota, Stellantis, Adidas, Disney, Home Depot, and many others, unless it gets paid. Salesforce is aware of the extortion attempts and says they relate to past or unsubstantiated incidents.
Read more about Hackers threaten Salesforce: pay up or over 700 companies’ data will be exposed
Henry Schein subsidiary confirms ransomware attack
A Russia-linked cyber gang has claimed that it has cracked open the systems of healthcare giant Henry Schein’s TriMed, leaking sensitive data onto the dark web. The company confirms a cybersecurity incident.
Read more about Henry Schein subsidiary confirms ransomware attack
