Security
Android apps with millions of downloads stealing ad money right under Google’s nose
Security researchers have uncovered a huge ad fraud scheme involving 224 apps on the Google Play Store, downloaded more than 38 million times. The apps generated fake ad views in the background, stealing money from advertisers.
Read more about Android apps with millions of downloads stealing ad money right under Google’s nose
Scattered Spider not dark after all: researchers see signs of life in new attacks
Scattered Spider and a bunch of other hacking groups recently announced that they were closing up shop. However, it seems they haven’t actually ceased activity.
Read more about Scattered Spider not dark after all: researchers see signs of life in new attacks
Data breach at Tiffany’s exposes gift card numbers
The American luxury jewelry behemoth, Tiffany & Co., has suffered a data breach that exposed thousands of clients, revealing their identities and gift card numbers.
Read more about Data breach at Tiffany’s exposes gift card numbers
Hundreds of NPM packages compromised as ongoing supply chain attack snowballs out of control
Hundreds of compromised NPM packages have already been found, and the list continues to grow as a major supply chain attack spreads malware. Developers are urged to be extremely cautious after hackers planted malicious scripts in CrowdStrike’s NPM packages and other widely used libraries.
Read more about Hundreds of NPM packages compromised as ongoing supply chain attack snowballs out of control
Does Nothing Phone pass our cybersecurity test? Here’s what we found
Nothing Phone 3a smartphone is one of the best value-for-money propositions on the market, but how secure is it? Our researchers analyzed the device and found some exposed weaknesses that could be abused to deny services, and the same privacy concerns as with all Android phones.
Read more about Does Nothing Phone pass our cybersecurity test? Here’s what we found
Vibe coders lose crypto after installing extensions on popular marketplaces
Dozens of malicious extensions have infiltrated the major IDE (integrated development environment) marketplaces favored by vibe coders over the past month. Major crypto figures have reported falling victim to this fraud campaign.
Read more about Vibe coders lose crypto after installing extensions on popular marketplaces
Russian gang claims breach of US broadcaster, executive exposed
A Russia-linked ransomware gang has claimed an attack on an American broadcaster. The owner's passport was allegedly exposed.
Read more about Russian gang claims breach of US broadcaster, executive exposed
Hackers setting traps for vibe coders: AI assistants can deliver malware
AI code assistants have already transformed most workflows, but they’ve also brought hidden dangers. Unit 42 security researchers warn that hackers can compromise these tools when they pull data from external sources.
Read more about Hackers setting traps for vibe coders: AI assistants can deliver malware
Finance apps are much more interested in you than you think
Most people download finance apps to check their balances, transfer money, and maybe pay a bill. But it turns out these apps are interested in much more than just finance-related activities.
Read more about Finance apps are much more interested in you than you think
Cybercriminals steal 160 million records from Vietnamese financial system, exposing entire population
Cybercriminals attacked Vietnam’s financial system and are selling over 160 million records of sensitive financial data.
Read more about Cybercriminals steal 160 million records from Vietnamese financial system, exposing entire population
Hackers stuffed malware into fake Signal, WhatsApp, and Chrome apps
Hackers are tricking Google search results, luring users into downloading malicious apps pretending to be Signal, WhatsApp, and Chrome.
Read more about Hackers stuffed malware into fake Signal, WhatsApp, and Chrome apps
Flaw at major enterprise chatbot maker leads to cookie theft
Researchers believe the flaw also made users vulnerable to account-hijacking, highlighting why users must be wary of breakneck LLM implementation.
Read more about Flaw at major enterprise chatbot maker leads to cookie theft
Massive “Great Firewall of China” data leak reveals surveillance tech Silk Road
The Chinese internet censorship program, known as the Great Firewall of China, has suffered a major data leak. Over 500GB of internal documents, including the source code, work logs, internal communications, and others, revealed exports of surveillance tech to Myanmar, Pakistan, Ethiopia, and Kazakhstan.
Read more about Massive “Great Firewall of China” data leak reveals surveillance tech Silk Road
Data breach exposes 600K luxury skincare firm users, hackers claim
A notorious ransomware cartel has claimed the French luxury skincare behemoth Clarins Group after the company’s data was allegedly uploaded to the gang’s dark web blog.
Read more about Data breach exposes 600K luxury skincare firm users, hackers claim
Threat notification campaign by Apple should be taken seriously, CERT-FR says
France’s Computer Emergency Response Team (CERT-FR) has issued a press release stating that Apple’s threat notification campaign regarding spyware should not be taken lightly.
Read more about Threat notification campaign by Apple should be taken seriously, CERT-FR says
FTC launches probe to see whether AI companies are protecting children from harmful chats
The Federal Trade Commission (FTC) has launched an investigation to see how tech companies measure, test, and monitor the potentially negative impacts of AI-powered chatbots on children. The antitrust agency has issued orders to seven companies, including Alphabet, Meta, and OpenAI.
Read more about FTC launches probe to see whether AI companies are protecting children from harmful chats
US credit union reveals shocking two-year-old PIN number breach to customers
Fairmont Federal Credit Union (FFCU) has informed hundreds of thousands of people about a devastating breach that exposed everything from names to PIN numbers and healthcare data.
Read more about US credit union reveals shocking two-year-old PIN number breach to customers
Will the EU start scanning your private messages?
Social media users are spreading panic online as the European Commission meets to discuss a new proposed framework for combating child sexual abuse material.
Read more about Will the EU start scanning your private messages?
Gym bros exposed by Hello Gym phone service: 1.6 million audio recordings leaked
No encryption, no password – a giant stash with over 1.6 million calls and voicemails, including gym members’ names, phone numbers, and other sensitive information, was found to be publicly exposed.
Read more about Gym bros exposed by Hello Gym phone service: 1.6 million audio recordings leaked
Insider threats haunt schools: most cyberattacks are carried out from within
Schools are facing a massive problem. At least half of inside threats are pupils hacking their schools for sport.
Read more about Insider threats haunt schools: most cyberattacks are carried out from within
