Grab a large sweet tea or a cup of coffee and read the 2024 Product Security Risk Report from Red Hat Product Security. As someone striving to stay informed about the open source ecosystem and its security challenges, I found…
Category: EN
Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source
Over 4 billion user records were found exposed online in a massive breach, possibly linked to the surveillance of Chinese citizens. Cybersecurity researcher Bob Dyachenko and the Cybernews team discovered a massive data leak in China that exposed billions of…
OffensiveCon25 – No Signal, No Security: Dynamic Baseband Vulnerability Research
Authors/Presenters: Daniel Klischies and David Hirsch Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube…
Unimed AI Chatbot Exposes Millions of Patient Messages in Major Data Leak
iA significant data exposure involving Unimed, one of the world’s largest healthcare cooperatives, has come to light after cybersecurity researchers discovered an unsecured database containing millions of sensitive patient-doctor communications. The discovery was made by cybersecurity experts at Cybernews,…
Critical Bug in E-commerce Website, Over 10000 Customers Impacted
WordPress plugin exploit Cybersecurity experts have found a critical unpatched security vulnerability impacting the TI WooCommerce Wishlist plugin for WordPress that unauthorized threat actors could abuse to upload arbitrary files. TI WooCommerce Wishlist has more than 100,000 active installations. It…
Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux
Kali GPT, a specialized AI model built on GPT-4 architecture, has been specifically developed to integrate seamlessly with Kali Linux, offering unprecedented support for offensive security professionals and students alike. Kali GPT represents a significant breakthrough in the integration of…
TSA Advises Against Using Airport USB Ports to Charge Your Phone
So-called juice jacking is the most controversial topic in cybersecurity circles. In most years, when a new alert is issued by a government agency before the holidays, it creates new headlines. Stories are written and cyber eyebrows are raised…
MCP (Model Context Protocol) and Its Critical Vulnerabilities
Model Context Protocol connects AI assistants to external tools and data. Think of it as a bridge between Claude, ChatGPT, or Cursor and your Gmail, databases, or file systems. Released… The post MCP (Model Context Protocol) and Its Critical Vulnerabilities…
US Sanctions Philippines-Based Web Host Tied to $200 Million Crypto Scam Network
In a significant move against online fraud, the US Treasury Department has sanctioned a Philippines-based web hosting company accused of enabling massive cryptocurrency scams. The sanctions, announced Thursday, target Funnull Technology and its administrator, Chinese national Liu Lizhi, for…
AI Agents Raise Cybersecurity Concerns Amid Rapid Enterprise Adoption
A growing number of organizations are adopting autonomous AI agents despite widespread concerns about the cybersecurity risks they pose. According to a new global report released by identity security firm SailPoint, this accelerated deployment is happening in a largely…
The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking
Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more. This article has been indexed from Security Latest Read the original article: The…
AI Fraud Emerges as a Growing Threat to Consumer Technology
With the advent of generative AI, a paradigm shift has been ushered in the field of cybersecurity, transforming the tactics, techniques, and procedures that malicious actors have been using for a very long time. As threat actors no longer…
Cybersecurity Month in Review: Uncovering Digital and Physical Threats
In this episode of the ‘Cybersecurity Today: The Month in Review’ show, host Jim welcomes regular guests Laura Payne and David Shipley, along with newcomer Anton Levaja. The trio dives deep into various cybersecurity stories, analyzing trends, threats, and…
Disk Union – 690,667 breached accounts
In June 2022, the Japanese record chain store Disk Union suffered a data breach. The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords. This article has been indexed from Have I…
New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers
A sophisticated new information-stealing malware written in the Rust programming language has emerged, demonstrating advanced capabilities to extract sensitive data from both Chromium-based and Gecko-based web browsers. The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics,…
Hackers Using New ClickFix Technique To Exploits Human Error Via Fake Prompts
Cybersecurity researchers have identified a sophisticated new social engineering campaign that exploits fundamental human trust in everyday computer interactions. The ClickFix technique, which has been actively deployed since March 2024, represents a dangerous evolution in cybercriminal tactics that bypasses traditional…
5 SaaS Blind Spots that Undermine HIPAA Security Safeguards
Hidden SaaS risks can quietly undermine HIPAA security safeguards. Discover how SaaS visibility and control help protect ePHI and ensure HIPAA compliance. The post 5 SaaS Blind Spots that Undermine HIPAA Security Safeguards appeared first on Security Boulevard. This article…
After its data was wiped, KiranaPro’s co-founder cannot rule out an external hack
Exclusive: The company’s co-founder and CTO blame a former employee for a breach, but cannot rule out that it wasn’t. This article has been indexed from Security News | TechCrunch Read the original article: After its data was wiped, KiranaPro’s…
APT41 Exploits Google Calendar in Stealthy Cyberattack; Google Shuts It Down
Chinese state-backed threat actor APT41 has been discovered leveraging Google Calendar as a command-and-control (C2) channel in a sophisticated cyber campaign, according to Google’s Threat Intelligence Group (TIG). The team has since dismantled the infrastructure and implemented defenses to…
How Biometric Data Collection Affects Workers
Modern workplaces are beginning to track more than just employee hours or tasks. Today, many employers are collecting very personal information about workers’ bodies and behaviors. This includes data like fingerprints, eye scans, heart rates, sleeping patterns, and even…