Security
Big Brother vibes spotted on popular AI web browser assistants
Medical records, Social Security numbers, online banking details. It turns out that even the most popular and least shady AI web browser assistants are very good at collecting and sharing sensitive user data. Greater transparency seems a must.
Read more about Big Brother vibes spotted on popular AI web browser assistants
Data leak at Mexico’s power giant threatens to leave the entire country in the dark
A Mexican state-owned power company that serves over 99% of the country has been leaking data online for more than three years.
Read more about Data leak at Mexico’s power giant threatens to leave the entire country in the dark
24M websites vulnerable to complete takeover due to backend reliance on flawed HTTP/1.1
Millions of websites appear to use modern secure protocols, but under the hood, they’re actually downgrading requests to the old HTTP/1.1 somewhere in the proxy chain. Hackers can completely take over these websites due to inherent technology flaws, security researchers warn.
Read more about 24M websites vulnerable to complete takeover due to backend reliance on flawed HTTP/1.1
Created a passkey? Hackers can bypass it using a simple downgrade attack
Passkeys are touted as a phishing-resistant and secure way to access accounts without entering usernames and passwords. However, Proofpoint security researchers warn that phishers can bypass this authentication method altogether and downgrade it to the older password-based authentication.
Read more about Created a passkey? Hackers can bypass it using a simple downgrade attack
Tesla Optimus robot preorders go live for $250 deposit – but it's all a sophisticated scam
Tesla is ramping up the hype for its Optimus robot, but scammers are stealing the momentum and targeting early adopters’ money with a sophisticated scam campaign. Fraudsters are running ad campaigns and collecting credit card information on fraudulent preorder sites. Beware: Tesla hasn’t officially opened any preorders.
Read more about Tesla Optimus robot preorders go live for $250 deposit – but it's all a sophisticated scam
Google clarifies data breach: business contacts of potential Ads customers affected
Google, which recently became a victim of ShinyHunters’ Salesforce CRM data heist, reports that the cybersecurity incident did not affect any of its own systems and that the data contained in Google products remains safe. However, hackers have obtained data of “prospective Ads customers.”
Read more about Google clarifies data breach: business contacts of potential Ads customers affected
172K Connex members affected by data breach
Connex Credit Union has suffered a data breach affecting tens of thousands of its customers.
Read more about 172K Connex members affected by data breach
Wikipedia operator loses court challenge to regulations under UK Online Safety Act
The operator of Wikipedia on Monday lost a legal challenge to parts of Britain's Online Safety Act, which sets tough new requirements for online platforms but has been criticised for potentially curtailing free speech.
Read more about Wikipedia operator loses court challenge to regulations under UK Online Safety Act
29K IPs still unpatched as CISA’s deadline nears: US and Germany most affected
As of Monday, a staggering 29,000 Microsoft Exchange servers remain unpatched, just hours before CISA’s deadline ends. Hackers can exploit severe flaws and use these servers as springboards to gain access to cloud resources and compromise the entire stack of Microsoft 365 services.
Read more about 29K IPs still unpatched as CISA’s deadline nears: US and Germany most affected
US Federal Judiciary beefs up security after cyberattack
The United States Federal Judiciary is taking additional steps to strengthen the protection of sensitive documents after a recent cyberattack on its case management system.
Read more about US Federal Judiciary beefs up security after cyberattack
GPT-5 demonstrates “shockingly low” safety: researchers jailbreak it in under 24 hours
The latest OpenAI large language model, GPT-5, has demonstrated “shockingly low” safety, with the raw model without a system prompt “nearly unusable for enterprise out of the box.” Several security teams managed to jailbreak GPT-5 in less than 24 hours after its release.
Read more about GPT-5 demonstrates “shockingly low” safety: researchers jailbreak it in under 24 hours
AI therapy might be convenient, but it isn’t confidential
A quick swipe on your TikTok feed will reveal users describing ChatGPT as their "unpaid therapist." There is also no shortage of Subreddits of users sharing how the chatbot helped them process emotions, manage panic attacks, or work through relationship issues. It's fast, always available, and it never judges you. But is it ChatGPT that’s listening?
Read more about AI therapy might be convenient, but it isn’t confidential
The number of seniors losing life savings to impersonation fraudsters has quadrupled
The rate at which scammers are draining retirees’ life savings is escalating at an alarming rate. Cybercrooks made off with $700 million last year alone, with most of the losses affecting victims who parted with $100K or more, according to the Federal Trade Commission (FTC).
Read more about The number of seniors losing life savings to impersonation fraudsters has quadrupled
Norman Reedus and a 1,800% VPN surge lead the rebellion against the UK’s online safety act
When the UK government pitched its Online Safety Act (OSA), citizens were told the new rules would protect children from accessing pornography. But is there more to this act than meets the eye?
Read more about Norman Reedus and a 1,800% VPN surge lead the rebellion against the UK’s online safety act
Google warns of cloud storage bucket hijacking attacks
Hackers are targeting forgotten or misconfigured cloud storage buckets, seeking sensitive data or resources to serve malware to others. Google has shared its best practices to prevent dangling bucket takeovers and is urging developers to secure their cloud environments.
Read more about Google warns of cloud storage bucket hijacking attacks
Nearly 900K exposed in Ivy League university hack
A recent Columbia University data breach has exposed the personal details of hundreds of thousands of people who either attempted to enroll at the university or studied there.
Read more about Nearly 900K exposed in Ivy League university hack
Exchange Server flaw puts entire Microsoft 365 in danger: CISA warns about “grave risk”
All organizations operating out-of-date Microsoft Exchange hybrid-joined configurations are at grave risk and should act immediately, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned. The agency is urging federal agencies to apply critical mitigations before Monday.
Read more about Exchange Server flaw puts entire Microsoft 365 in danger: CISA warns about “grave risk”
Where cheap game keys come from, and should you buy them in 2026?
You’ve probably seen the ads and the flashy discount banners of brand-new games selling for a fraction of their official...
Read more about Where cheap game keys come from, and should you buy them in 2026?
Your smart home can now be hacked by a Google Calendar event
A new class of AI attack uses poisoned invites to control your lights, boiler, and even your Zoom app – and Google’s Gemini is just the beginning.
Read more about Your smart home can now be hacked by a Google Calendar event
Cyber platforms replacing cyber pros’ jobs: subscriptions might backfire
Despite uncertainties, major cybersecurity companies are doing great. At the same time, cyber pros on social media are frustrated over hiring freezes or even layoffs, unrealistic requirements, and a lack of opportunities. What’s going on?
Read more about Cyber platforms replacing cyber pros’ jobs: subscriptions might backfire
