News
'Impersonation as a service' the next big thing in cybercrime
English speakers adept at social engineering are a hot commodity in the cybercrime job market.…
Honey, I shrunk the image and now I'm pwned
Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge for machine learning systems.…
Congressman proposes bringing back letters of marque for cyber privateers
It's been more than 200 years since the United States issued a letter of marque allowing privateers to attack the vessels of foreign nations, but those letters may return to empower cyber operators if a bill introduced in Congress actually manages to pass. …
Orange Belgium mega-breach exposes 850K customers to serious fraud
A significant data theft at Orange Belgium has opened hundreds of thousands of its customers to serious cybersecurity risks.…
US cops wrap up RapperBot, one of world's biggest DDoS-for-hire rackets
RapperBot, a botnet-for-hire blamed for hundreds of thousands of DDoS attacks, has been yanked offline by the Feds, who also hauled in its alleged Oregon-based mastermind.…
Apple rushes out fix for active zero-day in iOS and macOS
Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.…
Colt changes tune, admits data theft as Warlock gang begins auction
A week after its services were disrupted by a cyberattack, UK telco Colt Technology Services has gone back on its initial statement to confirm that data has indeed been stolen.…
Google yet to take down 'screenshot-grabbing' Chrome VPN extension
Security boffins at Koi Security have warned of a shift in behavior of a popular Chrome VPN extension, FreeVPN.One, which recently appears to have begun snaffling screenshots of users' page activity and transmitting them to a remote server without their knowledge – and Google has yet to take it down.…
AI crawlers and fetchers are blowing up websites, with Meta and OpenAI the worst offenders
Cloud services giant Fastly has released a report claiming AI crawlers are putting a heavy load on the open web, slurping up sites at a rate that accounts for 80 percent of all AI bot traffic, with the remaining 20 percent used by AI fetchers. Bots and fetchers can hit websites hard, demanding data from a single site in thousands of requests per minute.…
China cut itself off from the global internet for an hour on Wednesday
China cut itself off from much of the global internet for just over an hour on Wednesday.…
Microsoft stays mum about M365 Copilot on-demand security bypass
UPDATED Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.…
Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE
Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.…
FBI: Russian spies exploiting a 7-year-old Cisco bug to slurp configs from critical infrastructure
The FBI and security researchers today warned that Russian government spies exploited a seven-year-old bug in end-of-life Cisco networking devices to snoop around in American critical infrastructure networks and collect information on industrial systems.…
Commvault releases patches for two nasty bug chains after exploits proven
Researchers at watchTowr just published working proof-of-concept exploits for two unauthenticated remote code execution bug chains in backup giant Commvault.…
'Limited' data leak at Aussie telco turns out to be 280K customer details
Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.…
McDonald's not lovin' it when hacker exposes nuggets of rotten security
A white-hat hacker has discovered a series of critical flaws in McDonald's staff and partner portals that allowed anyone to order free food online, get admin rights to the burger slinger's marketing materials, and could allow an attacker to get a corporate email account with which to conduct a little filet-o-phishing.…
Don't want drive-by Ollama attackers snooping on your local chats? Patch now
A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people's personal computers, spy on their local chats, and even control the models the victim's app talks to, in extreme cases by serving poisoned models.…
Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in
Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers.…
Casino tech outfit Bragg cops to intrusion but says data jackpot untouched
Canadian casino software slinger Bragg Gaming Group has disclosed a "cybersecurity incident," though it's adamant the intruders never got their hands on customer data.…
US spy chief claims UK backed down over Apple backdoor demand
The UK government has reportedly abandoned its attempt to strong-arm Apple into weakening iPhone encryption after the White House forced Blighty into a quiet climb-down.…
Pages
