Security
Meta, Yandex caught using tracking tech that de-anonymizes Android users
Security researchers have unveiled a novel tracking method used by Meta and Yandex that effectively de-anonymizes billions of Android users when they browse the web, even using Incognito mode. The tech giants’ apps secretly listen for data from websites through “localhost” connections.
Read more about Meta, Yandex caught using tracking tech that de-anonymizes Android users
Cyber pros sound alarm bells: this vibe coding app is seriously flawed
Lovable, a popular example of the so-called vibe-coding platforms, allowed unauthorized users to access sensitive user information.
Read more about Cyber pros sound alarm bells: this vibe coding app is seriously flawed
Hackers milking fake Booking.com sites to plant malware
In a new campaign, cybercriminals disseminate malicious links on gaming sites and social media and even buy sponsored ads on search engines to trick users into opening fraudulent websites impersonating Booking.com.
Read more about Hackers milking fake Booking.com sites to plant malware
Luxury brand Cartier confirms it was hacked, customer data stolen
The French luxury house, known for putting diamonds on the wrists of royalty and billionaires, has been breached. The company warned customers to stay vigilant.
Read more about Luxury brand Cartier confirms it was hacked, customer data stolen
Over 8M records with US patient medical data have been spilled online
The records of 2.7 million patients and 8.8 million appointments have been left publicly accessible online.
Read more about Over 8M records with US patient medical data have been spilled online
Critical Chrome update: hackers are exploiting a dangerous zero-day
Google has issued an emergency Chrome update and warned that hackers are already exploiting a dangerous zero-day vulnerability. Attackers can craft malicious websites that compromise users just by visiting.
Read more about Critical Chrome update: hackers are exploiting a dangerous zero-day
Volkswagen Group investigates hacker data breach claims
So far, the company has not spotted any breached systems or exposed customer data.
Read more about Volkswagen Group investigates hacker data breach claims
These Androids come preloaded with apps that are very easy to hack
Ulefone and Krüger&Matz smartphones are sold preloaded with apps that attackers can abuse to factory reset the devices, steal PIN codes, and even gain some system-level access, according to CERT Polska’s disclosure.
Read more about These Androids come preloaded with apps that are very easy to hack
Your passwords run a secret economy in the Russian crime scene
Your passwords, logged by infostealers, are being traded on a thriving Russian underground marketplace, sometimes for as little as $2.
Read more about Your passwords run a secret economy in the Russian crime scene
GitHub MCP vulnerability has far-reaching consequences
On May 26th, a new prompt injection security weakness was reported in GitHub's official Model Context Protocol (MCP) server – the infrastructure that allows artificial intelligence (AI) coding assistants to read from and write to your GitHub repositories.
Read more about GitHub MCP vulnerability has far-reaching consequences
Hackers make Sonos Era 300 speakers play unwanted tunes: severe RCE flaw discovered
Sonos Era 300 smart speakers contain a severe flaw that enables unauthenticated hackers to take complete control of the device and run arbitrary code, Trend Micro’s Zero Day Initiative (ZDI) researchers warn.
Read more about Hackers make Sonos Era 300 speakers play unwanted tunes: severe RCE flaw discovered
Australia launches mandatory ransomware payment reporting rules
If you’re a business owner, work for a critical infrastructure entity, or are employed at a government department or agency that has fallen victim to a ransomware attack and has paid the ransom, you’re required to report to the Australian authorities.
Read more about Australia launches mandatory ransomware payment reporting rules
Hacker claims Volkswagen breach, fails to provide evidence
Volkswagen Group, the German automaker behemoth, has appeared on a ransomware cartel’s dark web leak site. However, researchers can’t confirm that any data was taken from the company.
Read more about Hacker claims Volkswagen breach, fails to provide evidence
Cybercriminals lose key tool for malware development: police shut down AVCheck
Police have taken down AVCheck, a major cybercrime infrastructure used by hackers to test if security tools could detect their malware. The authorities also seized plenty of information about threat actors who were using it.
Read more about Cybercriminals lose key tool for malware development: police shut down AVCheck
AI cracks your 4-digit PIN in less than a second – so why are we still using them?
AI can crack 4-digit PINs like “1234” or “0000” in under a second. Learn how pattern-based PINs, legacy banking systems, and weak verification flows put data at risk.
Read more about AI cracks your 4-digit PIN in less than a second – so why are we still using them?
Check before you click: ransomware gangs are disguising their tools as popular AI apps
Multiple ransomware gangs are disguising their malicious software as AI tools: fake ChatGPT, InVideo, and other installers plant destructive malware, a new report by Cisco Talos has warned.
Read more about Check before you click: ransomware gangs are disguising their tools as popular AI apps
AI predicts the exact date of a global blackout
Get ready: artificial intelligence (AI) has predicted the day of a worldwide power shutdown, when multiple continents will go dark.
Read more about AI predicts the exact date of a global blackout
Two foreigners tried to export sensitive US defense technology to China in a blender, DOJ says
The US indicted two foreign nationals on Friday for attempting to smuggle US military technology to China, including missiles, air defense radar, drones, and cryptographic devices – at one point even plotting to ship the sensitive tech in a blender.
Read more about Two foreigners tried to export sensitive US defense technology to China in a blender, DOJ says
No more user scripts in Chrome extensions by default: Google tightens security
Google has announced a significant change in how Chrome extensions gain permission to use the User Scripts API, which allows injecting custom JavaScript code on web pages. This will be the first permission that users need to enable individually for each extension.
Read more about No more user scripts in Chrome extensions by default: Google tightens security
Cyberattacks on M&S and Co-op trigger shift in UK online shopping habits
Major UK retailers like M&S, Co-op, and Harrods have faced cyberattacks recently. Two-thirds of UK shoppers are now changing how they shop online, a new survey shows
Read more about Cyberattacks on M&S and Co-op trigger shift in UK online shopping habits
