Security
Discord message-scraping service claims access to 1.8 billion messages
Discord-focused online tool makers claim they have access to billions of user messages and a trove of voice sessions, files, and user profiles.
Read more about Discord message-scraping service claims access to 1.8 billion messages
Google ends anonymous sideloading on Android: developers will have to register
Google is closing the door on unrestricted sideloading on Android. Starting September 2026, only apps from verified developers will be allowed on Google-certified Android devices.
Read more about Google ends anonymous sideloading on Android: developers will have to register
FTC warns US tech companies: “Be aware of weakening data security by foreign powers”
The Federal Trade Commission (FTC) has reminded American tech companies of their obligations to protect the privacy of American consumers despite pressure from foreign governments to weaken security safeguards.
Read more about FTC warns US tech companies: “Be aware of weakening data security by foreign powers”
Hack of Michigan health system exposes patients’ lab results
Cybercriminals penetrated Aspire Rural Health Systems’ network and infected it for months. The exposed patient details range from payment card details to medical records, with over 100,000 individuals impacted.
Read more about Hack of Michigan health system exposes patients’ lab results
Why Palantir's success story is also a warning about government surveillance
Palantir Technologies is having a moment. Its stock has surged over 2,500% since early 2021. It recently posted its first $1 billion quarter. It's being talked about in the same breath as Nvidia and Microsoft.
Read more about Why Palantir's success story is also a warning about government surveillance
Phishing is out of control: Microsoft recommends disabling Run dialog box and PowerShell
Microsoft is urging system admins to disable the Run dialog box and restrict command-line tools in response to waves of ClickFix phishing attacks. The technique relies on users copy pasting malware themselves as part of fake CATCHA checks or other social engineering.
Read more about Phishing is out of control: Microsoft recommends disabling Run dialog box and PowerShell
Coinbase CEO reveals how firm sniffs out North Korean “IT workers”
By now, it’s no secret that North Korean hackers pretending to be IT workers run rampant in the crypto world. Brian Armstrong, CEO of cryptocurrency exchange Coinbase, says the firm has been finding ways to deal with the issue effectively.
Read more about Coinbase CEO reveals how firm sniffs out North Korean “IT workers”
FTC warns big tech: don’t cave to EU and UK pressure on encryption and privacy
The Federal Trade Commission (FTC) has warned big tech companies to resist pressure “to censor and weaken data security protections for Americans” from foreign laws such as the EU’s Digital Services Act and the UK’s Online Safety Act.
Read more about FTC warns big tech: don’t cave to EU and UK pressure on encryption and privacy
Mexico City is in the race to become the most surveilled city in the Americas
Mexico City is about to launch the "Eyes That Look After You" plan – a government’s attempt to decrease crime rates by expanding the city's surveillance camera network.
Read more about Mexico City is in the race to become the most surveilled city in the Americas
Windows lets anyone on your WiFi hijack your connection with IPv6
A dormant IPv6 feature is a backdoor for Windows attackers, security researchers warn. Enabled by default, if unused and left unchecked, it can lead to a complete domain compromise.
Read more about Windows lets anyone on your WiFi hijack your connection with IPv6
Major flaw affecting password managers: they autofill credentials for attackers
A major flaw is affecting major password managers – attackers can steal credit card details and credentials from tens of millions of users with just “a single click anywhere.” 1Password, Bitwarden, Dashlane, Enpass, iCloud Passwords, Keeper, LastPass, LogMeOnce, NordPass, ProtonPass, and RoboForm – all failed, and many remain vulnerable.
Read more about Major flaw affecting password managers: they autofill credentials for attackers
Russian state hackers using unsecured Cisco devices for cyber espionage
Static Tundra, a Russian state-sponsored cyber espionage gang, has been actively exploiting a seven-year-old security flaw in Cisco software. Both the company and the FBI have now disclosed details of malicious activity.
Read more about Russian state hackers using unsecured Cisco devices for cyber espionage
Google updates terms for Play Store following EU pressure
Good news for app developers: Google will make it easier to direct users outside of its Android ecosystem to make purchases and transactions.
Read more about Google updates terms for Play Store following EU pressure
FBI, Cisco warn Russia’s FSB hackers exploited old software flaw
Hackers associated with some of Russia’s most prolific cyber espionage units have over the last year been leveraging a vulnerability in older Cisco software to target thousands of networking devices associated with critical infrastructure IT systems, the FBI and Cisco said on Wednesday.
Read more about FBI, Cisco warn Russia’s FSB hackers exploited old software flaw
Microsoft restricts Chinese firms’ access after SharePoint hacks
Microsoft said on Wednesday it has scaled back some Chinese companies' access to its early warning system for cybersecurity vulnerabilities following speculation that Beijing was involved in a hacking campaign against the company's widely used SharePoint servers.
Read more about Microsoft restricts Chinese firms’ access after SharePoint hacks
Quantum insiders warn PQC changeover could take 12 years: "This is not Y2K all over again"
Warning: the upcoming post-quantum encryption (PQC) changeover (to prevent a dreaded Q-Day apocalypse) could take as long as twelve years, say those who witnessed Y2K from the IT trenches. Should we be frightened? Probably, quantum insiders tell Cybernews.
Read more about Quantum insiders warn PQC changeover could take 12 years: "This is not Y2K all over again"
Cybersecurity training doesn’t work: time wasted with no impact, study finds
One employee out of 19,500 fell for a simulated phishing email every time during an eight-month research period, despite all the cybersecurity training efforts.
Read more about Cybersecurity training doesn’t work: time wasted with no impact, study finds
Millions at risk after Turkey’s top finance apps spill sensitive data
Millions of Turks using popular finance apps may have had their private data leaked.
Read more about Millions at risk after Turkey’s top finance apps spill sensitive data
Free Chrome VPN extension capturing screenshots of all 100K users
FreeVPN.One, a featured Chrome extension with a verified badge and over 100,000 installs, which was previously considered “safe,” is secretly spying on its users by grabbing their screens and sending data to a remote server, security researchers warn.
Read more about Free Chrome VPN extension capturing screenshots of all 100K users
Court rules that “Pay or Okay” model by Austrian newspaper violates GDPR
The Austrian Federal Administrative Court (BVwG) has ruled that the “Pay or Okay” model that was implemented by Austrian newspaper Der Standard violates the GDPR, confirming an earlier decision by the Austrian data protection authority, the DSB.
Read more about Court rules that “Pay or Okay” model by Austrian newspaper violates GDPR
