Security
GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”
GitHub has terminated the account of “Nightmare-Eclipse,” an anonymous rogue security researcher known for dropping critical unpatched Windows vulnerabilities since Microsoft left them “homeless with nothing.” The vigilante has now moved to GitLab, releasing more threats.
Read more about GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”
AI voice bots hijacked by ‘hidden’ sounds in podcasts, MP3 files and YouTube clips
Security researchers have demonstrated a new type of attack that uses hidden audio signals to manipulate voice assistants into carrying out unauthorized actions without users noticing.
Read more about AI voice bots hijacked by ‘hidden’ sounds in podcasts, MP3 files and YouTube clips
44 million alleged healthcare records of French citizens surface on hacker forum
A hacker claims to have breached the data of France’s key healthcare payment operator, with millions of Social Security records on sale.
Read more about 44 million alleged healthcare records of French citizens surface on hacker forum
Megalodon stalks over 5,000 GitHub repos in new assault on open source
A new malware campaign that hijacks GitHub repositories through malicious automated workflows is threatening open-source projects with a further barrage of supply chain attacks.
Read more about Megalodon stalks over 5,000 GitHub repos in new assault on open source
German Football Association leaves open goal for hackers, who are claiming password theft
Threat actors are claiming access to Germany’s top governing body for football, with login credentials and passwords allegedly shared online.
Read more about German Football Association leaves open goal for hackers, who are claiming password theft
Trump Mobile security flaw: YouTubers who preordered the golden phone find their data leaking
YouTubers who pre-ordered the T1 mobile phone from Trump Mobile, a network operator and smartphone brand of The Trump Organization, are finding that their data is leaking. “Everything short of credit card numbers,” said Stephen Findeisen, better known as Coffeezilla.
Read more about Trump Mobile security flaw: YouTubers who preordered the golden phone find their data leaking
Las Vegas giant reveals hacking incident after system breach
Station Casinos has confirmed a cybersecurity breach in a regulatory filing, adding yet another major Las Vegas gaming operator to the growing list of casinos targeted by cybercriminals.
Read more about Las Vegas giant reveals hacking incident after system breach
Hackers claim Starbucks data breach, but researchers are not so sure
An attacker group claims to have snatched data from Starbucks AWS cloud storage and is demanding $500,000 from the company. However, our research team believes that the claims don’t carry much weight.
Read more about Hackers claim Starbucks data breach, but researchers are not so sure
Google API keys keep working for up to 23 minutes after you delete them
When Gemini users delete Google API keys, those keys remain active for up to 23 minutes, giving attackers time to abuse them to dump data, cache conversations, and make API calls. Google “won’t fix” the “known property of the system” and doesn’t see it as a security issue, Aikido Security researchers said.
Read more about Google API keys keep working for up to 23 minutes after you delete them
Meta, TikTok, X, and other platforms have 48 hours to remove deepfakes and revenge porn
The Federal Trade Commission (FTC) has sent warning letters to numerous companies, telling them they have to comply with the TAKE IT DOWN Act. If they don’t, generous fees will apply.
Read more about Meta, TikTok, X, and other platforms have 48 hours to remove deepfakes and revenge porn
Meta, TikTok, and Google left 73% of reported scam ads online despite numerous complaints
Meta, TikTok, and Google left hundreds of scam advertisements online despite nearly 900 complaints from European consumer groups, an action that could have left millions of users vulnerable to financial fraud.
Read more about Meta, TikTok, and Google left 73% of reported scam ads online despite numerous complaints
China-linked hackers deploy new "Showboat" malware against telecom firms
A newly discovered malware family – dubbed “Showboat” – is targeting telecom providers worldwide in what researchers describe as a stealth cyber espionage campaign likely linked to Chinese nation-state actors.
Read more about China-linked hackers deploy new "Showboat" malware against telecom firms
CISA launches new online KEV portal to speed exploited vulnerability tracking
The US Cybersecurity and Infrastructure Security Agency (CISA) is making it easier for organizations and defenders to report vulnerabilities that qualify for its Known Exploited Vulnerabilities (KEV) Catalog.
Read more about CISA launches new online KEV portal to speed exploited vulnerability tracking
Was NATO breached? Massive database leak claim triggers security concern
A threat actor has posted an alleged 3.5TB “NATO database” for sale on an underground cybercrime forum, triggering fears that sensitive defense-linked contact data across multiple allied institutions may have been exposed.
Read more about Was NATO breached? Massive database leak claim triggers security concern
TikTok and YouTube are still feeding harmful content to 73% of UK teens
TikTok and Alphabet's YouTube have failed to set out meaningful steps to protect British children from harmful online content, media regulator Ofcom said on Thursday, citing data showing widespread exposure on their platforms.
Read more about TikTok and YouTube are still feeding harmful content to 73% of UK teens
Cleveland emergency response drones accidentally added to ICE surveillance network
Cleveland has become further proof that when authorities can access society-monitoring tools, such as cameras and, now, drones, they can be abused, even "accidentally."
Read more about Cleveland emergency response drones accidentally added to ICE surveillance network
Europol dismantles First VPN, the go-to VPN service for cybercriminals
Europol law enforcement operation dismantled First VPN (1VPNS), a notorious VPN service promoted on Russian-language cybercrime forums as a tool to hide from law enforcement and conceal cyberattacks.
Read more about Europol dismantles First VPN, the go-to VPN service for cybercriminals
West Pharma back online after hackers stole data and locked systems
West Pharmaceutical Services (WST) said on Wednesday that it has restored operations across its sites after a cybersecurity attack earlier this month and expects the incident to have no material impact on its 2026 financial outlook.
Read more about West Pharma back online after hackers stole data and locked systems
Ukrainian police name 18-year-old infostealer operator who targeted California shoppers
In what could be called a truly international criminal op, an 18-year-old hacker from Odessa, a port city in Ukraine, ran an infostealer malware operation and conspired with other cyber crooks to target users of an online store in the US state of California.
Read more about Ukrainian police name 18-year-old infostealer operator who targeted California shoppers
Hackers stole fingerprints, medical records of 1.8M in massive NYC hospital breach
NYC Health + Hospitals is warning 1.8 million patients that hackers stole medical records, Social Security numbers, banking information, and even fingerprint data in a months-long breach of the nation’s largest public hospital system.
Read more about Hackers stole fingerprints, medical records of 1.8M in massive NYC hospital breach
