#user-vulnerability
#user-vulnerability

Cryptocurrency

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

fromBoston.com

Healthcare

Signature Healthcare in Brockton hit by cybersecurity incident

Healthcare

Healthcare Executives Face a New Era of Personal Risk

Hacker stole 700,000 from U.K. energy company by redirecting payment | TechCrunch

Zephyr Energy lost £700,000 due to a hacker redirecting a payment meant for a contractor into a fraudulent account.

Google Warns of New Campaign Targeting BPOs to Steal Corporate Data

A financially motivated threat actor, UNC6783, targets BPO organizations to steal sensitive data from high-value companies using social engineering and phishing tactics.

fromTechSpot

2 hours ago

Hackers are turning home routers into tools to spy on Microsoft 365 users

Forest Blizzard hackers exploit insecure routers to compromise devices and intercept traffic, targeting Microsoft 365 domains for sensitive data.

Cryptocurrency

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

U.S. Treasury expands cybersecurity coordination with digital asset firms to enhance protections and integrate with traditional finance.

Healthcare

fromBoston.com

Signature Healthcare in Brockton hit by cybersecurity incident

Signature Healthcare is managing a cybersecurity incident, affecting some services while maintaining inpatient and emergency care.

Healthcare

Healthcare Executives Face a New Era of Personal Risk

Healthcare executives face heightened personal risks due to grievance-motivated cyber threats amid economic pressures and public accountability.

Hacker stole 700,000 from U.K. energy company by redirecting payment | TechCrunch

Zephyr Energy lost £700,000 due to a hacker redirecting a payment meant for a contractor into a fraudulent account.

Google Warns of New Campaign Targeting BPOs to Steal Corporate Data

A financially motivated threat actor, UNC6783, targets BPO organizations to steal sensitive data from high-value companies using social engineering and phishing tactics.

more#cybersecurity

#social-media

fromHer Campus

3 hours ago

They Knew, They Didn't Care, & We Are All Paying For It

Social media platforms like Instagram have been found liable for mental health damage to young users, with internal documents revealing harmful strategies targeting teens.

Psychology says people who never post on social media but check it every day aren't passive - they opted out of the performance while keeping the window, and keeping the window without paying the price is the most rational position available and the one the platform was specifically designed to make feel antisocial - Silicon Canals

Silent scrollers on social media actively choose to observe rather than post, demonstrating discipline and self-control contrary to common perceptions.

fromHer Campus

3 hours ago

They Knew, They Didn't Care, & We Are All Paying For It

Social media platforms like Instagram have been found liable for mental health damage to young users, with internal documents revealing harmful strategies targeting teens.

Psychology says people who never post on social media but check it every day aren't passive - they opted out of the performance while keeping the window, and keeping the window without paying the price is the most rational position available and the one the platform was specifically designed to make feel antisocial - Silicon Canals

Silent scrollers on social media actively choose to observe rather than post, demonstrating discipline and self-control contrary to common perceptions.

more#social-media

#data-breach

Capita's pension portal exposes civil servants' private data

Capita limited online functionality of the Civil Service Pensions Scheme member portal after a data breach exposed personal information of public sector workers.

12 hours ago

300,000 People Impacted by Eurail Data Breach

Eurail is notifying over 300,000 customers about a data breach that exposed personal information, including names and passport numbers.

1 hour ago

After data breach, $10B valued startup Mercor is having a month | TechCrunch

Mercor faces significant challenges after a data breach, with hackers claiming to have stolen 4TB of sensitive data.

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Capita's pension portal exposes civil servants' private data

Capita limited online functionality of the Civil Service Pensions Scheme member portal after a data breach exposed personal information of public sector workers.

12 hours ago

300,000 People Impacted by Eurail Data Breach

Eurail is notifying over 300,000 customers about a data breach that exposed personal information, including names and passport numbers.

1 hour ago

After data breach, $10B valued startup Mercor is having a month | TechCrunch

Mercor faces significant challenges after a data breach, with hackers claiming to have stolen 4TB of sensitive data.

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple

7 hours ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

Apple

8 hours ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple

Intellectual property law

7 hours ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

more#apple-intelligence

fromElectronic Frontier Foundation

Comparison Shopping Is Not a (Computer) Crime

AI tools can help consumers find better prices, but Amazon is attempting to block them using legal claims.

How our digital devices are putting our right to privacy at risk

Digital convenience comes at the cost of personal data privacy, raising concerns about its potential use against individuals by law enforcement.

fromAdExchanger

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

fromZDNET

My personal data has been leaked several times - this service helped clean it all up

Data removal services like DeleteMe help protect personal information from being sold online after data breaches.

How our digital devices are putting our right to privacy at risk

Digital convenience comes at the cost of personal data privacy, raising concerns about its potential use against individuals by law enforcement.

fromAdExchanger

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

fromZDNET

My personal data has been leaked several times - this service helped clean it all up

Data removal services like DeleteMe help protect personal information from being sold online after data breaches.

Law

Meta Is Pulling Down Ads That Seek to Recruit Clients for Social Media Addiction Litigation

fromNew York Post

Social media marketing

Meta boots law firm ads seeking clients to sue over alleged Facebook, Instagram addiction

fromEngadget

EU data protection

UK Meta employee reportedly downloaded 30,000 private photos from Facebook users

fromTNW | Apps

Former Meta engineer probed over 30,000 private Facebook photos

A former Meta engineer is under investigation for extracting 30,000 private Facebook photos by bypassing security checks.

Meta employee in London accused of downloading 30,000 private Facebook images

A former Meta employee is under investigation for downloading 30,000 private Facebook images using a program to bypass security checks.

fromwww.bbc.com

Privacy professionals

Ex-Meta worker investigated for downloading 30,000 private Facebook photos

Law

fromgizmodo.com

3 hours ago

Meta Is Pulling Down Ads That Seek to Recruit Clients for Social Media Addiction Litigation

Meta is removing ads from attorneys recruiting clients for social media addiction lawsuits after recent legal defeats.

fromNew York Post

Meta boots law firm ads seeking clients to sue over alleged Facebook, Instagram addiction

Meta is removing ads aimed at recruiting plaintiffs for lawsuits related to mental health effects of its platforms.

fromEngadget

UK Meta employee reportedly downloaded 30,000 private photos from Facebook users

A former Meta employee is under investigation for illicitly downloading 30,000 private photos from Facebook using software to bypass security.

fromTNW | Apps

Former Meta engineer probed over 30,000 private Facebook photos

A former Meta engineer is under investigation for extracting 30,000 private Facebook photos by bypassing security checks.

Meta employee in London accused of downloading 30,000 private Facebook images

A former Meta employee is under investigation for downloading 30,000 private Facebook images using a program to bypass security checks.

fromwww.bbc.com

Ex-Meta worker investigated for downloading 30,000 private Facebook photos

A former Meta employee is under investigation for downloading 30,000 private Facebook images using a program to bypass security checks.

more#meta

#ai

fromwww.businessinsider.com

Why Anthropic's new AI model has some cybersecurity pros worried about its hacking abilities

Anthropic's Claude Mythos Preview is withheld from public release due to concerns over its potential to exploit software vulnerabilities autonomously.

fromThe Atlantic

Claude Mythos Is Everyone's Problem

Anthropic has developed a powerful AI tool, Claude Mythos Preview, capable of exploiting major cybersecurity vulnerabilities.

fromIntelligencer

Is the AI Cybersecurity Apocalypse Already Here?

AI models are enhancing both software development and hacking capabilities, leading to a race for improved coding tools and security measures.

fromHarvard Business Review

Information security

Anthropic says its latest AI model can expose weaknesses in software security

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

fromFortune

Anthropic is giving some firms access to Claude Mythos to bolster cybersecurity defenses | Fortune

Anthropic is providing access to its advanced AI model, Claude Mythos, to enhance cybersecurity defenses among major tech firms.

fromwww.businessinsider.com

Why Anthropic's new AI model has some cybersecurity pros worried about its hacking abilities

Anthropic's Claude Mythos Preview is withheld from public release due to concerns over its potential to exploit software vulnerabilities autonomously.

fromThe Atlantic

Claude Mythos Is Everyone's Problem

Anthropic has developed a powerful AI tool, Claude Mythos Preview, capable of exploiting major cybersecurity vulnerabilities.

fromIntelligencer

Is the AI Cybersecurity Apocalypse Already Here?

AI models are enhancing both software development and hacking capabilities, leading to a race for improved coding tools and security measures.

fromHarvard Business Review

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

fromFortune

Anthropic is giving some firms access to Claude Mythos to bolster cybersecurity defenses | Fortune

Anthropic is providing access to its advanced AI model, Claude Mythos, to enhance cybersecurity defenses among major tech firms.

Behind The Unbelievable True Story Of A Forgotten Phone Hacker

Rachael Morrison created a documentary about Joybubbles, a pioneering phone hacker, to highlight his forgotten contributions to technology and culture.

DevOps

fromFortune

The digital sovereignty dilemma is a false choice - here's how enterprises can have both | Fortune

Organizations must ensure digital sovereignty by balancing local control with global technology access to remain resilient and competitive.

UX design

fromEntrepreneur

The Hidden Risk Behind Every 'Frictionless' Digital Experience

Digital experiences should prioritize human agency over pressure tactics to foster trust and informed decision-making.

Digital life

fromEarth911

Guest Idea: Why Sustainable Home Tech Choices Also Need Cybersecurity Awareness

Sustainable technology adoption is rising, but security risks of connected devices are often overlooked, impacting both environmental and digital safety.

Mental health

I felt ashamed and scared': how an online friendship became a sextortion nightmare

Online friendships can lead to severe risks, including sextortion, which can have devastating emotional consequences.

Parenting

fromComputerWeekly.com

Tech can't wait for regulation to protect children online | Computer Weekly

Harmful online content for children results from profit-driven algorithms, not parenting or education failures.

US politics

fromwww.npr.org

ICE acknowledges it is using powerful spyware

ICE is using spyware tools to intercept encrypted messages to combat fentanyl trafficking.

Canada news

fromThe Walrus

Why Your Credit Card Is a National Security Threat | The Walrus

Canada needs to develop its own digital payment infrastructure to ensure financial autonomy and protect against foreign control.

#security

10 hours ago

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.

13 hours ago

Sticky-note security turned gym into hall of '80s horrors

Leaving default security credentials exposed can lead to unauthorized access and potential security risks.

10 hours ago

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.

13 hours ago

Sticky-note security turned gym into hall of '80s horrors

Leaving default security credentials exposed can lead to unauthorized access and potential security risks.

New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts

Apple warns iPhone users about a surge in social engineering scams targeting bank accounts through panic-inducing messages.

LinkedIn scanning users' browser extensions sparks controversy and two lawsuits

LinkedIn faces lawsuits alleging lack of user consent for data collection practices.

fromTNW | Insights

4 days ago

LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device

LinkedIn's hidden JavaScript routine collects extensive user data without disclosure, raising concerns about covert surveillance practices.

fromComputerworld

19 hours ago

Questions raised about how LinkedIn uses the petabytes of data it collects

LinkedIn users should limit identifiable data exposure and treat the platform as potentially hostile until BrowserGate allegations are verified.

Law

LinkedIn scanning users' browser extensions sparks controversy and two lawsuits

LinkedIn faces lawsuits alleging lack of user consent for data collection practices.

fromTNW | Insights

4 days ago

LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device

LinkedIn's hidden JavaScript routine collects extensive user data without disclosure, raising concerns about covert surveillance practices.

fromComputerworld

19 hours ago

Questions raised about how LinkedIn uses the petabytes of data it collects

LinkedIn users should limit identifiable data exposure and treat the platform as potentially hostile until BrowserGate allegations are verified.

more#linkedin

fromElectronic Frontier Foundation

Selling Mass Surveillance | EFFector 38.7

Police surveillance technology often expands beyond its original purpose, leading to concerns about privacy and civil liberties.

fromThe Verge

The case for banning cookie banners

Cookie banners have become bloated and useless, creating a new kind of interaction that means trouble all over the web. The only solution is to get rid of them, and do it now.

Digital life

US politics

4 days ago

CBP facility codes sure seem to have leaked via online flashcards

Immigration offenses and internal systems of CBP are detailed in flashcards, highlighting procedures and responsibilities of agents.

Cryptocurrency

5 days ago

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

9 hours ago

The Hidden Security Risks of Shadow AI in Enterprises

Shadow AI poses significant risks by allowing unregulated use of AI tools that can expose sensitive data and weaken security controls.

fromwww.nytimes.com

1 month ago

A.I. Is Giving You a Personalized Internet, but You Have No Say in It

Google and Meta are implementing AI tools without user consent, leading to a personalized internet experience with limited user control.

fromWIRED

Europe Gets Serious About Age Verification Online

Five EU countries are testing a digital wallet for age verification, but progress varies significantly among them.

fromFast Company

It's way too easy to cheat now

Generative AI enables undetectable scams, including fake X-rays that deceive even experienced radiologists.

It started with a tip-off': how a Guardian investigation exposed child sex trafficking on Facebook and Instagram

Child sexual abuse trafficking surged during the pandemic, with platforms like Facebook and Instagram being exploited for these crimes.

fromWIRED

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

1 hour ago

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

A security vulnerability in EngageLab SDK could have exposed millions of cryptocurrency wallet users to unauthorized data access.

Hack-for-hire group caught targeting Android devices and iCloud backups | TechCrunch

A hack-for-hire group is targeting journalists and officials in the Middle East and North Africa using phishing and spyware tactics.

7 hours ago

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

2 hours ago

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit a zero-day vulnerability in Adobe Acrobat Reader to steal data and potentially take over systems using malicious PDF files.

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

fromTechzine Global

12 hours ago

Is 46% of your AI-generated code vulnerable?

46% of AI-generated code contains security vulnerabilities, necessitating integrated governance throughout the software delivery lifecycle.

#identity-management

Information security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

more#identity-management

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.

Information security

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

more#phishing

fromZDNET

I turned to PrivacyBee to clean up my data - here's how it made me disappear

PrivacyBee is preferred for its comprehensive data removal services and user-friendly management tools.

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.

Information security

German Police Unmask REvil Ransomware Leader

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.

Information security

German Police Unmask REvil Ransomware Leader

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.

fromMedCity News

3 weeks ago

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing

Cybercriminals are using QR codes in traffic-violation scams to deceive victims into providing sensitive information.

fromThe Cipher Brief

New Presidential Executive Order Targets Transnational Cybercrime

Transnational cybercrime is escalating, with significant financial losses and a need for enhanced national security measures.

fromthenextweb.com

1 month ago

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.

New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing

Cybercriminals are using QR codes in traffic-violation scams to deceive victims into providing sensitive information.

fromThe Cipher Brief

New Presidential Executive Order Targets Transnational Cybercrime

Transnational cybercrime is escalating, with significant financial losses and a need for enhanced national security measures.

fromthenextweb.com

1 month ago

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.

more#ai-security

World Cloud Security Day: Breaking Down the State of the Cloud Cybersecurity and Physical Security

"World Cloud Security Day is a useful reminder to recognize how much cloud risk now comes down to everyday access decisions and overlooked misconfigurations," says James Maude, Field CTO at BeyondTrust.

Information security

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

fromTechzine Global

3 weeks ago

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.