#remote-access-abuse
#remote-access-abuse

France news

Warning over cyber-attack on French government's ANTS platform

Privacy professionals

Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims | TechCrunch

Privacy professionals

Crook claims to leak 'video surveillance footage' of firms

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

France news

fromThe Local France

Warning over cyber-attack on French government's ANTS platform

Hackers accessed personal details of users on the French government's ANTS platform, prompting warnings about potential phishing scams.

Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims | TechCrunch

Unauthorized users accessed Mythos, a cybersecurity tool by Anthropic, through a third-party vendor, raising concerns about its potential misuse.

Crook claims to leak 'video surveillance footage' of firms

Be Prime confirmed a cybersecurity incident involving alleged access to its surveillance footage and client data by a criminal hacker.

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

more#cybersecurity

fromTechzine Global

15 hours ago

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

9 hours ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

Healthcare

fromNextgov.com

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

9 hours ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

more#ransomware

#meta

Meta to track workers' clicks and keystrokes to train AI

Meta will track employee keystrokes and mouse clicks to train AI models, raising concerns among workers about privacy and job security.

fromFortune

5 hours ago

Meta will start tracking employees' screens and keystrokes to train AI tools | Fortune

Meta is implementing tracking software on employee computers to gather data for AI training.

6 hours ago

Meta will use employee-tracking software to help train AI agents: Report

Meta will track US employees' mouse movements and clicks to improve AI training data.

Meta to track workers' clicks and keystrokes to train AI

Meta will track employee keystrokes and mouse clicks to train AI models, raising concerns among workers about privacy and job security.

fromFortune

5 hours ago

Meta will start tracking employees' screens and keystrokes to train AI tools | Fortune

Meta is implementing tracking software on employee computers to gather data for AI training.

fromwww.independent.co.uk

6 hours ago

Meta will use employee-tracking software to help train AI agents: Report

Meta will track US employees' mouse movements and clicks to improve AI training data.

more#meta

UK politics

4 hours ago

Iran, Russia and China behind most major cyberattacks on UK, security chief warns

The Independent provides critical journalism on key issues without paywalls, emphasizing the importance of accessible reporting.

Apple

fromwww.theguardian.com

Apple's Tim Cook leaves behind complicated legacy on privacy

Tim Cook's legacy as a privacy advocate is complicated by his concessions to government demands, particularly in China.

#privacy

Privacy technologies

Claude Desktop changes software permissions without consent

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.

Privacy technologies

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Claude Desktop changes software permissions without consent

Claude Desktop installs files affecting other apps without consent, violating privacy laws and raising concerns about its classification as spyware.

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

AI backlash is coming for elections

Americans express concerns about AI, but it is not a top priority in midterm campaigns.

3 hours ago

AI hacking tools like Mythos can be 'net positive' says top cyber official

AI tools can enhance cyber-security if secured properly, according to the UK's top cyber official.

fromEngadget

Mozilla says it patched 271 Firefox vulnerabilities thanks to Anthropic's Claude Mythos

Mozilla's use of Anthropic's Claude Mythos model successfully identified and patched 271 vulnerabilities in Firefox, showcasing AI's potential in cybersecurity.

US politics

fromThe Verge

6 hours ago

AI backlash is coming for elections

Americans express concerns about AI, but it is not a top priority in midterm campaigns.

3 hours ago

AI hacking tools like Mythos can be 'net positive' says top cyber official

AI tools can enhance cyber-security if secured properly, according to the UK's top cyber official.

fromEngadget

Mozilla says it patched 271 Firefox vulnerabilities thanks to Anthropic's Claude Mythos

Mozilla's use of Anthropic's Claude Mythos model successfully identified and patched 271 vulnerabilities in Firefox, showcasing AI's potential in cybersecurity.

Lazarus Group Suspected of Moving $175M in ETH After Arbitrum Freezes $71M From KelpDAO Exploit

Lazarus Group drained 116,500 rsETH from KelpDAO, with significant funds frozen and laundered through various protocols.

Ex-parliamentary employee arrested under anti-hacking law

We are aware of the arrest of an individual under the Computer Misuse Act 1990, but as this is a live police investigation we are unable to comment further.

EU data protection

Fundraising

fromIndependent

Company has more than 2m stolen from account following cyber attack

Future Energy Capital Limited lost over €2m due to a cyber attack last October.

Careers

fromwww.theguardian.com

21 hours ago

AI job scams are booming and I was fooled by one. Here is how to avoid them

A seemingly perfect job opportunity turned out to be a scam, revealing red flags throughout the recruitment process.

Silicon Valley

fromwww.nytimes.com

Video: The Resistance to New Technologies

Public skepticism towards A.I. technologies stems from a lack of control and fear of job loss.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

#data-breach

Healthcare

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

Privacy professionals

Lovable denies data leak, cites 'intentional behavior'

fromFast Company

8 hours ago

Privacy professionals

Lovable left AI prompts and user data exposed, one researcher found

fromSecuritymagazine

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak

Amtrak customers face data exposure due to a breach affecting millions of records, including personal and travel-related information.

Privacy professionals

Clothing Retailer Patches Website Flaw Exposing Customer Data

Healthcare

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

Three US healthcare organizations reported data breaches affecting nearly 600,000 individuals, with significant incidents in Texas and Illinois.

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

fromFast Company

8 hours ago

Lovable left AI prompts and user data exposed, one researcher found

Lovable's platform exposed users' private data, including chat histories and source code, to other users due to a significant data breach.

fromSecuritymagazine

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak

Amtrak customers face data exposure due to a breach affecting millions of records, including personal and travel-related information.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

more#data-breach

1 hour ago

Meta will record employees' keystrokes and use it to train its AI models | TechCrunch

Meta is using employee data, including mouse movements and keystrokes, to train its AI models for improved efficiency.

fromTNW | Next-Featured

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.

fromKotaku

MindsEye Developer Under Fire From Employees For Surveillance Software

Employees of Build a Rocket Boy are suing for installing invasive surveillance software without consent and mishandling redundancy processes.

fromWIRED

15 hours ago

They Built a Legendary Privacy Tool. Now They're Sworn Enemies

GrapheneOS is highly regarded for mobile security, but its creator, Daniel Micay, has a controversial and enigmatic reputation within the cybersecurity community.

fromZDNET

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.

12 hours ago

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Many internet-facing Perforce P4 servers are misconfigured, exposing sensitive information and allowing unauthorized access.

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, exposing enterprises and end users to avoidable risks.

Privacy professionals

fromMail Online

8 hours ago

Urgent warning to all 1.8b Gmail users over new account takeover scam

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

3 hours ago

Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150

Computers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience picking apart the work of the world's best security researchers, and Mythos Preview is every bit as capable.

Information security

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect processed fraudulent charges using real customer data, including names and addresses, to make the charges appear legitimate and maintain a low chargeback ratio.

Privacy professionals

7 hours ago

Anthropic's Mythos raises the stakes for security validation | Computer Weekly

The rise of autonomous AI in security introduces unpredictability, complicating the validation of defenses against evolving threats.

fromWIRED

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.

17 hours ago

Adaptavist Group breach: Ransomware crew claims mega-haul

Adaptavist Group is investigating a security breach involving stolen credentials, while a ransomware group claims to have accessed extensive data.

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

fromSitePoint Forums | Web Development & Design Community

45 minutes ago

What tools are you relying on besides Burp for web app testing?

OpenClaw's capabilities pose significant security risks, revealing vulnerabilities that can be exploited by malicious insiders.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.

9 hours ago

macOS ClickFix attacks deliver AppleScript stealers

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

19 hours ago

Iran claims US used backdoors in networking equipment

Iran claims the US sabotaged its networking equipment during the war using backdoors or botnets.

fromSecuritymagazine

2 days ago

Top 3 Cyber Insurance Incident Claims

Cyber incidents are increasing claims in the insurance industry despite decreasing premiums, indicating a more active risk environment.

Anthropic's Mythos AI model sparks fears of turbocharged hacking

AI-enabled cyber attacks surged 89% in 2025, with attackers acting within 29 minutes of gaining access.

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.

Information security

Hackers exploit Vercel's trust in AI integration

Sensitive secrets should be treated as potentially exposed and rotated as a priority.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

Next.js developer Vercel warns customer creds compromised

Vercel experienced a data leak due to a compromise of Context.ai, affecting customer credentials and prompting immediate action.

fromThe Verge

2 days ago

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

fromInfoWorld

Hackers exploit Vercel's trust in AI integration

Sensitive secrets should be treated as potentially exposed and rotated as a priority.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

Next.js developer Vercel warns customer creds compromised

Vercel experienced a data leak due to a compromise of Context.ai, affecting customer credentials and prompting immediate action.

fromThe Verge

2 days ago

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

more#vercel

fromComputerworld

1 month ago

Cyber criminals too are working from home... your home

The FBI warns that cybercriminals use residential proxies to mask illegal activities by hijacking IoT devices, smartphones, and routers, threatening both consumers and enterprises, particularly older devices.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

3 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

6 days ago

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

6 days ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

more#malware

#north-korea

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked

Unauthorized access to limited internal data at McGraw-Hill was linked to a Salesforce misconfiguration, raising concerns about potential identity fraud and harassment.

6 days ago

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.

2 weeks ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

fromTechzine Global

1 month ago

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.