#arpa-domain-abuse

[ follow ]
#cybersecurity #malware #phishing #ai-security #vulnerabilities #vulnerability #data-breach #data-privacy #privacy
#ai-security
fromTechzine Global
4 days ago
Information security

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.
fromTechzine Global
5 days ago
Information security

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.
Artificial intelligence
fromTechRepublic
2 hours ago

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.
Information security
fromTheregister
22 hours ago

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.
Information security
fromTechzine Global
4 days ago

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.
Information security
fromTechzine Global
5 days ago

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.
more#ai-security
#data-privacy
Privacy professionals
fromZDNET
8 hours ago

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.
EU data protection
fromThedrum
4 hours ago

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.
fromZDNET
5 days ago
Privacy professionals

A data removal service helped me reclaim my privacy - see if you need one, too

Privacy professionals
fromZDNET
8 hours ago

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.
EU data protection
fromThedrum
4 hours ago

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.
Privacy professionals
fromZDNET
5 days ago

A data removal service helped me reclaim my privacy - see if you need one, too

Personal data is collected and sold by brokers, making removal services essential for protecting sensitive information.
more#data-privacy
fromSecurityWeek
10 hours ago

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.
Information security
Fundraising
fromIndependent
6 hours ago

Company has more than 2m stolen from account following cyber attack

Future Energy Capital Limited lost over €2m due to a cyber attack last October.
#privacy
Privacy technologies
fromTechRepublic
3 hours ago

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.
fromComputerWeekly.com
3 days ago
Privacy technologies

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.
Privacy technologies
fromTechRepublic
3 hours ago

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.
Privacy technologies
fromTheregister
1 hour ago

Claude Desktop changes software permissions without consent

Claude Desktop installs files affecting other apps without consent, violating privacy laws and raising concerns about its classification as spyware.
Privacy technologies
fromComputerWeekly.com
3 days ago

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.
more#privacy
Mental health
fromSmashing Magazine
21 hours ago

Session Timeouts: The Overlooked Accessibility Barrier In Authentication Design - Smashing Magazine

Poor session timeouts create significant accessibility barriers for users with disabilities, impacting their online experiences and tasks.
Intellectual property law
fromAdExchanger
16 hours ago

Why A 1967 Privacy Law Is Powering A New Wave Of Ad Tech Lawsuits | AdExchanger

CIPA, a 1967 law, has become a significant challenge for ad tech due to its private right of action and potential for high damages.
fromThe Washington Post
2 days ago

Inside a growing movement warning AI could turn on humanity

"That requires a bunch of people to go take things that folks here are figuring out and [explain them] to the rest of the world," said Jeffrey Ladish, emphasizing the need for effective communication about AI risks.
US news
#generative-ai
Marketing tech
fromSFGATE
4 days ago

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.
Marketing tech
fromAP News
4 days ago

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.
Marketing tech
fromSFGATE
4 days ago

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.
Marketing tech
fromAP News
4 days ago

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.
more#generative-ai
fromwww.housingwire.com
3 days ago

Disconnected systems fueling title, wire fraud risks

Disconnected systems, inconsistent definitions of data, and the manual nature of data movement create ongoing challenges in the title industry, according to FundingShield President Adam Chaudhary.
Real estate
SF parents
fromThe Cipher Brief
4 days ago

Could Your Child Be a Member of the Most Dangerous Online Community? What Every Parent Needs to Watch Out For

The True Crime Community is a dangerous online subculture that idolizes mass shooters and has been linked to numerous violent attacks.
#ransomware
Healthcare
fromSecuritymagazine
4 days ago

What "The Pitt" Gets Right About Ransomware and What Hospitals Can't Afford to Ignore

Ransomware incidents in healthcare lead to significant operational fallout, requiring extensive recovery efforts beyond just paying the ransom.
EU data protection
fromTheregister
5 days ago

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.
Healthcare
fromSecuritymagazine
4 days ago

What "The Pitt" Gets Right About Ransomware and What Hospitals Can't Afford to Ignore

Ransomware incidents in healthcare lead to significant operational fallout, requiring extensive recovery efforts beyond just paying the ransom.
EU data protection
fromTheregister
5 days ago

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.
more#ransomware
Deliverability
fromZDNET
5 days ago

This simple email trick saves me from annoying marketing spam (and it's free to do)

Using a dedicated shopping email can effectively reduce spam and clutter in your primary inbox.
Social media marketing
fromWIRED
5 days ago

X's Big Bot Purge Wiped Out a Lot of People's Secret Porn Feeds

X's crackdown on bots has led to the suspension of many human accounts, including those used for private content curation.
Digital life
fromwww.dw.com
6 days ago

Dangerous Apps In the Web of Data Brokers

Smartphone apps collect detailed location data, often shared with data brokers, posing security risks to users, including soldiers and government officials.
fromNature
6 days ago

Researchers: here's how to audit your fragmented digital identity

A search for 'Guo Wei' in ORCID returned 616 profiles, none affiliated with the Jiangsu University of Science and Technology, highlighting the difficulty in verifying academic identities.
Higher education
fromSecurityWeek
11 hours ago

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, exposing enterprises and end users to avoidable risks.
Privacy professionals
#ddos
EU data protection
fromSecurityWeek
3 days ago

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.
Information security
fromThe Hacker News
3 days ago

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

Operation PowerOFF disrupted DDoS-for-hire services, taking down 53 domains and arresting four individuals linked to over 75,000 cybercriminals.
EU data protection
fromSecurityWeek
3 days ago

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.
Information security
fromThe Hacker News
3 days ago

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

Operation PowerOFF disrupted DDoS-for-hire services, taking down 53 domains and arresting four individuals linked to over 75,000 cybercriminals.
more#ddos
Software development
fromZDNET
5 days ago

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.
Deliverability
fromenglish.elpais.com
5 days ago

Only 13% of emails are written by people, and more than half end up in the spam folder: This isn't a technical detail; it's a structural change'

Email is increasingly dominated by automated systems, with 87% of traffic generated by them, leading to declining effectiveness and user engagement.
#cybersecurity
Information security
fromThe Hacker News
7 hours ago

Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Third-party tools are exploited to gain internal access, highlighting a shift in attack strategies that bend trust rather than break systems.
fromTechCrunch
3 days ago
Information security

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Information security
fromSecurityWeek
3 days ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.
Information security
fromThe Hacker News
10 hours ago

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

A critical vulnerability in the Model Context Protocol allows remote code execution, affecting over 7,000 servers and compromising sensitive data.
Information security
fromSecurityWeek
13 hours ago

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

Hackers have targeted a vulnerability in discontinued TP-Link routers for a year without successful exploitation, according to Palo Alto Networks.
Information security
fromThe Hacker News
7 hours ago

Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Third-party tools are exploited to gain internal access, highlighting a shift in attack strategies that bend trust rather than break systems.
Information security
fromTechCrunch
3 days ago

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.
Information security
fromSecurityWeek
3 days ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.
more#cybersecurity
Social media marketing
fromAxios
6 days ago

The first AI-era war is a "slopaganda" battle to control memes

AI-generated content is rapidly spreading propaganda, making it easier for influencers to adopt conspiracy theories.
Privacy technologies
fromBGR
1 day ago

Should You Accept Or Reject Cookies From A Website? - BGR

Reject non-essential cookies to avoid data tracking and targeted ads while accepting essential cookies for website functionality.
Artificial intelligence
fromThe Verge
3 days ago

Anthropic's new cybersecurity model could get it back in the government's good graces

Anthropic's relationship with the Trump administration has improved due to its new cybersecurity model, Claude Mythos Preview.
#data-breach
more#data-breach
Marketing tech
fromSan Diego Union-Tribune
3 days ago

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies to enhance their defenses against these threats.
EU data protection
fromComputerWeekly.com
4 days ago

CYBERUK '26: UK lagging on legal protections for cyber pros | Computer Weekly

The outdated Computer Misuse Act hinders UK cyber security innovation and needs urgent reform to protect cyber professionals.
Information security
fromTechCrunch
4 hours ago

Mastodon says its flagship server was hit by a DDoS attack | TechCrunch

Mastodon's flagship server experienced a DDoS attack, causing significant outages and instability, but countermeasures were implemented to restore access.
Artificial intelligence
fromFortune
3 days ago

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.
#age-verification
fromAbove the Law
3 days ago
Privacy technologies

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification mandates for the internet are technically flawed, threaten privacy, and may cause more harm than good, according to 438 researchers from 32 countries.
Privacy technologies
fromThe Verge
4 days ago

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.
Privacy technologies
fromAbove the Law
3 days ago

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification mandates for the internet are technically flawed, threaten privacy, and may cause more harm than good, according to 438 researchers from 32 countries.
Privacy technologies
fromThe Verge
4 days ago

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.
more#age-verification
Artificial intelligence
fromTechRepublic
3 days ago

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.
DevOps
fromTheregister
3 weeks ago

Documentation can contain malicious instructions for agents

Context Hub may enhance API usage but poses risks of software supply chain attacks through unverified documentation.
fromArs Technica
1 week ago

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect processed fraudulent charges using real customer data, including names and addresses, to make the charges appear legitimate and maintain a low chargeback ratio.
Privacy professionals
Privacy technologies
fromPCWorld
5 days ago

Google will soon penalize sites that hijack your browser's back button

Google will penalize websites that hijack the browser's back button to improve user experience and eliminate frustrating redirects.
Information security
fromTechzine Global
9 hours ago

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.
#phishing
Information security
fromSecurityWeek
2 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.
Information security
fromTechzine Global
6 days ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.
Information security
fromSecurityWeek
2 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.
Information security
fromTechzine Global
6 days ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.
more#phishing
#malware
Information security
fromTechRepublic
3 days ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.
fromSecurityWeek
5 days ago
Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Information security
fromTechRepublic
3 days ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.
Information security
fromSecurityWeek
5 days ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.
Information security
fromThe Hacker News
4 days ago

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.
more#malware
Information security
fromHarvard Gazette
3 days ago

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.
#north-korea
Information security
fromComputerWeekly.com
3 days ago

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.
more#north-korea
#cybercrime
fromTechCrunch
4 days ago
Information security

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

Privacy professionals
fromthenextweb.com
1 month ago

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.
Information security
fromTechCrunch
4 days ago

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.
Privacy professionals
fromthenextweb.com
1 month ago

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.
more#cybercrime
Privacy professionals
fromSecurityWeek
1 month ago

Internet Infrastructure TLD .arpa Abused in Phishing Attacks

Threat actors abuse the .arpa TLD infrastructure to host phishing content by exploiting DNS provider controls to add IP address records where only reverse DNS records should exist.
Information security
fromSecurityWeek
3 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.
Information security
fromTechRepublic
4 days ago

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.
Information security
fromSecurityWeek
5 days ago

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.
Information security
fromSecurityWeek
5 days ago

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.
Information security
fromSecurityWeek
6 days ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
Information security
fromTechzine Global
1 week ago

Android trojan linked to Cambodia following anomalous DNS spike

A banking Trojan operating from Cambodia registers 35 new domains monthly, targeting users in 21 countries and exploiting fake apps for fraud.
Information security
fromThe Hacker News
1 week ago

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.
Information security
fromThe Hacker News
1 week ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.
fromZDNET
1 month ago

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

Web browsers are among the top targets for today's cybercriminals, playing a role in nearly half of all security incidents, new research reveals. According to Palo Alto Networks' 2026 Global Incident Response report, an analysis of 750 major cyber incidents recorded last year across 50 countries found that, in total, 48% of cybercrime events involved browser activity. Individuals trying to connect to the web, including business employees, are exposed to cyberthreats on a daily basis.
Information security
[ Load more ]