#spyware
#spyware

Privacy professionals

First they went after medtech, then Kash Patel. Iranian hackers' next target is likely 'low-hanging fruit' in water, energy, and tourism, experts say | Fortune

fromZDNET

Information security

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

fromnews.bitcoin.com

Cryptocurrency

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack

Cybersecurity developments include discussions on AI risks, new malware targeting crypto wallets, and collaboration among Japanese corporations to enhance security.

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

A new Zig dropper in the GlassWorm campaign stealthily infects all IDEs on a developer's machine through a malicious VS Code extension.

fromTechSpot

Hackers are turning home routers into tools to spy on Microsoft 365 users

Forest Blizzard hackers exploit insecure routers to compromise devices and intercept traffic, targeting Microsoft 365 domains for sensitive data.

First they went after medtech, then Kash Patel. Iranian hackers' next target is likely 'low-hanging fruit' in water, energy, and tourism, experts say | Fortune

Iran-linked hackers are targeting high-profile figures and critical infrastructure in the U.S. and Israel to sow disruption.

fromZDNET

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

FBI and NSA warn of Russian hackers targeting vulnerable routers, urging users to update firmware and strengthen passwords.

Cryptocurrency

fromnews.bitcoin.com

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

U.S. Treasury expands cybersecurity coordination with digital asset firms to enhance protections and integrate with traditional finance.

In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack

Cybersecurity developments include discussions on AI risks, new malware targeting crypto wallets, and collaboration among Japanese corporations to enhance security.

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

A new Zig dropper in the GlassWorm campaign stealthily infects all IDEs on a developer's machine through a malicious VS Code extension.

more#cybersecurity

fromPopular Science

15 hours ago

How to stop your smart TV from tracking you

Smart TVs are capable of tracking user data, including viewing habits and app usage, which can lead to personalized advertising and content recommendations. Users may prefer to limit this tracking to protect their privacy.

Privacy technologies

#ai

fromwww.npr.org

US news

How AI is getting better at finding security holes

fromFast Company

17 hours ago

Artificial intelligence

Is Mythos a blessing or a curse for cybersecurity? It depends on whom you ask

13 hours ago

Artificial intelligence

These niche AI startups are trying to protect the Pentagon's secrets | Fortune

fromIntelligencer

Is the AI Cybersecurity Apocalypse Already Here?

AI models are enhancing both software development and hacking capabilities, leading to a race for improved coding tools and security measures.

fromHarvard Business Review

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

fromwww.npr.org

US news

How AI is getting better at finding security holes

fromFast Company

17 hours ago

Is Mythos a blessing or a curse for cybersecurity? It depends on whom you ask

Claude Mythos AI model may enhance cybersecurity defenses but also poses risks for hackers due to its ability to identify vulnerabilities and create exploits.

13 hours ago

These niche AI startups are trying to protect the Pentagon's secrets | Fortune

AI companies face challenges in balancing technology use with government secrecy, highlighted by Anthropic's conflict with the Pentagon.

fromIntelligencer

fromHarvard Business Review

Is the AI Cybersecurity Apocalypse Already Here?

AI models are enhancing both software development and hacking capabilities, leading to a race for improved coding tools and security measures.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

Webloc is a global geolocation surveillance system used by various law enforcement agencies, providing access to data from millions of mobile devices.

Cryptocurrency

fromnews.bitcoin.com

1 hour ago

Scarcity, Surveillance, and the Return of Hard Power Week In Review

Bitcoin remains above $71,000, indicating institutional demand and potential for broader adoption amid macroeconomic developments and a 4-year cycle breakout test.

Software development

fromThe Verge

Little Snitch's software counter surveillance jumps from Mac to Linux

Little Snitch for Linux offers network monitoring but is not a security tool, revealing fewer connections than on macOS.

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

Apple

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

more#apple-intelligence

Law

fromIndependent

Computer engineer claims he was penalised for flagging Israeli links of firm given 'bananas' server access at top Irish cybersecurity company

A cyber-security firm reprimanded an engineer for discriminatory comments regarding an Israeli company's access to its servers amid concerns about Palestinian genocide.

Social media marketing

fromHer Campus

They Knew, They Didn't Care, & We Are All Paying For It

Social media platforms like Instagram have been found liable for mental health damage to young users, with internal documents revealing harmful strategies targeting teens.

US politics

fromwww.npr.org

ICE acknowledges it is using powerful spyware

ICE is using spyware tools to intercept encrypted messages to combat fentanyl trafficking.

SF politics

fromWIRED

Politicians Are Spending More Money on Security as They Increasingly Become Targets

Federal campaign spending on security for the 2024 election cycle exceeds five times that of the 2016 election due to rising threats against public servants.

#data-breach

Los Angeles

LAPD Records Hacked and Exposed

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.

Los Angeles

LAPD Records Hacked and Exposed

fromPrivacy International

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.

Google Rolls Out Cookie Theft Protections in Chrome

Google introduces Device Bound Session Credentials in Chrome to enhance security against session cookie theft.

US news

Dangerous data

US police misuse warrantless access to personal data, leading to wrongful arrests and life-altering consequences for innocent individuals.

fromFast Company

This iPhone trick lets you use ChatGPT without the privacy risks

Using AI chatbots poses risks to privacy and data security, but Siri can help mask identity when accessing ChatGPT on iPhones.

Privacy technologies

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google's Device Bound Session Credentials enhance security for Chrome users by tying authentication sessions to specific devices, combating session theft.

US news

Top Secret Clearance Holder Charged With Leaking Classified National Defense Information

Courtney Williams was arrested for allegedly sharing classified national defense information with unauthorized individuals, including a journalist, from 2022 to 2025.

fromWIRED

fromElectronic Frontier Foundation

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.

Privacy technologies

Selling Mass Surveillance | EFFector 38.7

Police surveillance technology often expands beyond its original purpose, leading to concerns about privacy and civil liberties.

16 hours ago

Two different attackers poisoned popular open source tools

Two major supply chain attacks in March compromised open source tools, stealing data from numerous organizations.

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.

Privacy technologies

fromArs Technica

How our digital devices are putting our right to privacy at risk

Digital convenience comes at the cost of personal data privacy, raising concerns about its potential use against individuals by law enforcement.

Android trojan linked to Cambodia following anomalous DNS spike

A banking Trojan operating from Cambodia registers 35 new domains monthly, targeting users in 21 countries and exploiting fake apps for fraud.

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A critical flaw in the EngageLab SDK allowed malicious apps to exploit trusted permissions, affecting over 50 million Android users.

fromTechzine Global

Android trojan linked to Cambodia following anomalous DNS spike

A banking Trojan operating from Cambodia registers 35 new domains monthly, targeting users in 21 countries and exploiting fake apps for fraud.

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A critical flaw in the EngageLab SDK allowed malicious apps to exploit trusted permissions, affecting over 50 million Android users.

more#android

Hack-for-hire group caught targeting Android devices and iCloud backups | TechCrunch

A hack-for-hire group is targeting journalists and officials in the Middle East and North Africa using phishing and spyware tactics.

Hungary officials used weak passwords exposed in breach dump

An investigation by Bellingcat has uncovered close to 800 Hungarian government email and password pairings circulating in breach dumps, cutting across nearly every major ministry, from defense and foreign affairs to finance.

Information security

fromInfoWorld

2 weeks ago

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

#fbi

Privacy professionals

Breach of FBI Surveillance System Considered a "Major Incident," Security Experts Weigh In

New FBI Warning: Chinese Apps Could Expose User Data

FBI warns Americans about potential data risks from foreign apps, especially those developed in China.

Privacy professionals

FBI Declares Surveillance System Breach a 'Major Incident'

Breach of FBI Surveillance System Considered a "Major Incident," Security Experts Weigh In

FBI confirms major breach of surveillance system, exposing sensitive data and potentially revealing criminal probes and surveillance targets.

New FBI Warning: Chinese Apps Could Expose User Data

FBI warns Americans about potential data risks from foreign apps, especially those developed in China.

FBI Declares Surveillance System Breach a 'Major Incident'

A China-linked breach of an FBI surveillance system has been classified as a major incident, posing significant risks to US national security.

more#fbi

fromElectronic Frontier Foundation

MITRE Releases Fight Fraud Framework

"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."

Information security

Yikes, Encryption's Y2K Moment is Coming Years Early

Google has moved its quantum preparedness deadline for cryptography to 2029 due to advancements in technology.

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions pose significant security risks, often overlooked, with vulnerabilities and access that can compromise enterprise networks.

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Nine vulnerabilities in the Orthanc DICOM server allow attackers to crash servers, leak data, and execute arbitrary code remotely.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit a zero-day vulnerability in Adobe Acrobat Reader to steal data and potentially take over systems using malicious PDF files.

The Hidden Security Risks of Shadow AI in Enterprises

Shadow AI poses significant risks by allowing unregulated use of AI tools that can expose sensitive data and weaken security controls.

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.

2 weeks ago

Information security

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.

2 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Data Leakage Vulnerability Patched in OpenSSL

Seven vulnerabilities in OpenSSL have been patched, including a moderate severity flaw that can lead to sensitive data leakage.

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.

Russian government hackers broke into thousands of home routers to steal passwords | TechCrunch

Russian hackers hijacked thousands of routers globally to redirect internet traffic and steal passwords and access tokens.

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Contagious Interview campaign targets Go, Rust, and PHP ecosystems with malicious packages that function as malware loaders.

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.

5 days ago

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Multi-OS attacks complicate SOC operations, leading to delays, fragmented evidence, and increased escalation volume, ultimately allowing attackers more time to operate.

#cybercrime

Information security

Don't glamorize cybercrims, roast them instead

Cybercrime groups should not be glamorized; they are ordinary individuals using computers for theft, not mythical entities.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

Don't glamorize cybercrims, roast them instead

Cybercrime groups should not be glamorized; they are ordinary individuals using computers for theft, not mythical entities.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

1 month ago

A suite of government hacking tools targeting iPhones is now being used by cybercriminals | TechCrunch

Government-designed iPhone exploit kit Coruna leaked from surveillance vendor to cybercriminals, Russian espionage groups, and Chinese hackers, demonstrating how state-sponsored tools proliferate into criminal markets.

fromZDNET

1 month ago

This new 'sleeperware' doesn't set off alarms or crash your system - it sneaks in and waits

In its annual Red Report, a body of research that analyzes real-world attacker techniques using large-scale attack simulation data, Picus Labs warns cybersecurity professionals that threat actors are rapidly shifting away from ransomware encryption to parasitic "sleeperware" extortion as their means to loot organizations for millions of dollars per attack. Released today and now in its sixth year, the 278-page Red Report gets its name from Picus-organized cybersecurity exercises that take the perspective of the attacker's team, otherwise known as the "red team."

Information security