Security
Huntress CEO defends threat researcher at the heart of firm's “insider threat” allegations
"Keep your friends close, but your enemies closer," as that oft-quoted line from Godfather II goes. But should a threat hunter employed by a major US security firm really have informed a criminal gang that the FBI was onto them?
Read more about Huntress CEO defends threat researcher at the heart of firm's “insider threat” allegations
Hackers threaten to leak data from NATO contractor Indra, as company investigates
One of Europe's biggest defense contractors is racing against a ransomware countdown after hackers threatened to publish allegedly stolen data.
Read more about Hackers threaten to leak data from NATO contractor Indra, as company investigates
Apple “Hide My Email” leaks email addresses, researcher claims
The company seems not to have fixed the issue.
Read more about Apple “Hide My Email” leaks email addresses, researcher claims
Hackers spray passwords at Azure accounts using a legacy login method, and the doors are still open
Millions of login attempts are compromising dozens of Microsoft accounts across 64 organizations, with attacks rising sharply in recent weeks. The massive password-spraying attack opens doors by exploiting a legacy authentication method without multi-factor authentication (MFA).
Read more about Hackers spray passwords at Azure accounts using a legacy login method, and the doors are still open
"Phantom squatting” uses AI hallucinated domains for cyber attacks
If you still feel like there aren't enough AI-enabled attack vectors online, here's another: phantom squatting. It takes typosquatting to another level, giving cybercriminals yet another way to trick people into visiting malicious websites.
Read more about "Phantom squatting” uses AI hallucinated domains for cyber attacks
219,000 documents exposed: US retirement firm exposes deeply personal financial records
Retirement accounts are supposed to secure US citizens' future, but one exposed cloud bucket may have just handed fraudsters thousands of people's identities.
Read more about 219,000 documents exposed: US retirement firm exposes deeply personal financial records
NPM receiving major security overhaul in July, but some security pros say it’s not enough
Installing a piece of code from NPM will no longer auto-run malware on the system, and won’t quietly pull malicious code from external repos unless the developer explicitly allows it. But this won’t be enough to stop supply chain attacks where they matter most, as compromised accounts can still ship malicious code.
Read more about NPM receiving major security overhaul in July, but some security pros say it’s not enough
Witty users defeat Google's hi-tech CAPTCHA with this low-tech hack
Security researchers claim to have already found a loophole in Google's experimental hand gesture CAPTCHA system. According to a video shared on X, the human verification system can be tricked using nothing more than a photograph of a hand.
Read more about Witty users defeat Google's hi-tech CAPTCHA with this low-tech hack
Boeing confirms unplanned IT outage affecting computer systems and applications
Boeing said on Tuesday that an unplanned IT outage affected some of its computer systems and applications.
Read more about Boeing confirms unplanned IT outage affecting computer systems and applications
Trump’s grip on the FTC puts EU-US data transfer at risk
Billions of data transfers occur every day between the US and Europe, but the agreement governing them might be at risk. The US Supreme Court has issued a landmark ruling that is throwing the status quo into doubt, and privacy activists have now called for a suspension of the arrangement.
Read more about Trump’s grip on the FTC puts EU-US data transfer at risk
US restores access to Anthropic's powerful Mythos, Fable AI models
In a dramatic turnaround, Anthropic says the US government has rolled back weeks-long export restrictions that had blocked the AI startup from exporting its über-powerful Claude Mythos 5 and Fable 5 models over national security concerns.
Read more about US restores access to Anthropic's powerful Mythos, Fable AI models
Nissan the latest victim in Oracle’s PeopleSoft attack: sensitive data stolen
Nissan North America has begun notifying employees after a cyberattack targeted Oracle's PeopleSoft software. Reportedly, attackers exfiltrated sensitive information belonging to Nissan’s current and former workers across multiple countries.
Read more about Nissan the latest victim in Oracle’s PeopleSoft attack: sensitive data stolen
Hackers say they have GameStop customers' personal data
GameStop customers are implicated in an alleged data leak, with hackers claiming to have breached the video game giant on an illicit marketplace.
Read more about Hackers say they have GameStop customers' personal data
Another Claude Code attack allows full takeover of developers’ systems
A proof-of-concept (PoC) attack shows that a completely clean-seeming GitHub repository can trick AI-powered coding agents such as Claude Code into silently opening a reverse shell on a developer’s machine.
Read more about Another Claude Code attack allows full takeover of developers’ systems
Apple’s AirDrop and Android’s Quick Share vulnerable: nearby hackers initiate connection, crash devices, or worse
Five billion iPhones and Android phones are listening for potential file drops via AirDrop and Quick Share, leaving users exposed to nearby hackers who can cause crashes, tamper with active transfers, or, potentially, even run code. Researchers have probed the protocols and disclosed six security flaws.
Read more about Apple’s AirDrop and Android’s Quick Share vulnerable: nearby hackers initiate connection, crash devices, or worse
GitHub overwhelmed as flood of vulnerability reports slows security fixes
While GitHub, the world's most popular proprietary developer platform, is experiencing a record-high surge in vulnerability reports, you can help yourself by following several suggestions as the platform adjusts to the new reality.
Read more about GitHub overwhelmed as flood of vulnerability reports slows security fixes
Hackers claiming leak of 310 million Temu accounts: here's what we know
An alleged 310 million Temu user records have been put up for sale on a cybercrime forum. While the leaked samples appear recent, Temu denies that the data originated from their systems.
Read more about Hackers claiming leak of 310 million Temu accounts: here's what we know
Website owners report surge in malicious bots impersonating Googlebot, sparking call to check IPs
Administrators are noticing an influx of malicious bot requests impersonating Googlebot and other legitimate crawlers, attempting to slip past website defenses. Google offers IP verification tools to help its crawlers be identified.
Read more about Website owners report surge in malicious bots impersonating Googlebot, sparking call to check IPs
Hackers claim 110M Notion records exposed, but the company’s AI assistant is not concerned
A hacker has claimed responsibility for a massive breach of Notion – a productivity platform used by Nvidia and OpenAI – exposing 110 million user records. Meanwhile the company says that no unauthorized access was identified.
Read more about Hackers claim 110M Notion records exposed, but the company’s AI assistant is not concerned
Russian state hackers stealing new Signal accounts with old backup keys, FBI warns
Signal’s Secure Backup key, once stolen, can unlock new accounts, and Russian state hackers are already abusing it in a global wave of phishing attacks, the US cyber authorities warn.
Read more about Russian state hackers stealing new Signal accounts with old backup keys, FBI warns