Yes, they can. A flaw discovered by cyber researchers last year allowed hackers to eavesdrop. And it also allowed them to track people using regular… The post Can hackers eavesdrop and track people via Bluetooth audio devices? appeared first on…
Tag: EN
Researchers Hijack Hacker Domain Using Name Server Delegation
Security researchers from Infoblox have successfully intercepted millions of malicious push notification advertisements by exploiting a DNS misconfiguration technique known as “lame nameserver delegation,” gaining complete visibility into a large-scale affiliate advertising operation without directly compromising any systems. The researchers…
New “BodySnatcher” Flaw Allows Full ServiceNow User Impersonation
Security researcher has disclosed a critical vulnerability in ServiceNow’s Virtual Agent API and Now Assist AI Agents application, tracked as CVE-2025-12420. Dubbed “BodySnatcher,” this flaw enables unauthenticated attackers to impersonate any ServiceNow user using only their email address, bypassing multi-factor…
Bytebase: Open-source database DevOps tool
Bytebase is a DevOps platform for managing database schema and data changes through a structured workflow. It provides a central place for teams to submit change requests, run reviews, and track executions across environments. The open-source edition is designed for…
Microsoft January 2026 Security Update Triggers Credential Prompt Failures in Remote Desktop
Microsoft’s January 2026 security update has disrupted enterprise Remote Desktop infrastructure, triggering widespread credential prompt failures that prevent users from accessing Azure Virtual Desktop and Windows 365 environments. The problematic patch KB5074109, released January 13, 2026, introduced an authentication regression affecting Windows 11 versions…
Threat Actors Abuse Browser Extensions to Deliver Fake Warning Messages
Threat intelligence researchers at Huntress have uncovered a sophisticated browser extension campaign orchestrated by the KongTuke threat actor group, featuring a malicious ad blocker impersonating the legitimate uBlock Origin Lite extension. The campaign weaponizes fake browser crash warnings to trick…
A new European standard outlines security requirements for AI
The European Telecommunications Standards Institute (ETSI) has released a new European Standard that addresses a growing concern for security teams working with AI. The standard, ETSI EN 304 223, sets baseline cybersecurity requirements for AI models and systems intended for…
New Kerberos Relay Technique Exploits DNS CNAMEs to Bypass Existing Defenses
A critical vulnerability in Windows Kerberos authentication that enables attackers to conduct credential-relay attacks by exploiting DNS CNAME records. Tracked as CVE-2026-20929, this flaw allows threat actors to force victims into requesting Kerberos service tickets for attacker-controlled systems, facilitating lateral…
When the Olympics connect everything, attackers pay attention
Global sporting events bring a surge of network traffic, new systems, and short term partnerships. That mix draws attention from cyber threat actors who see opportunity in scale and distraction. A new Palo Alto Networks threat study on the Milan…
Cisco Patches Async OS Bug
Critical Security Flaws Patched by Cisco and Fortinet Amidst Recent Cyber Threats In this episode of Cybersecurity Today, host David Chipley covers several pressing cybersecurity issues. Cisco has patched a maximum severity zero-day vulnerability in its Async OS software, which…
GhostPoster Malware Targets Chrome Users via 17 Rogue Extensions
A sophisticated malware campaign has compromised users of Chrome, Firefox, and Edge by deploying 17 malicious extensions that employ advanced steganography techniques to evade detection. Collectively downloaded more than 840,000 times, the GhostPoster operation represents one of the most technically…
Cyber risk keeps winning, even as AI takes over
Cyber risk continues to dominate global business concerns, with AI rising quickly alongside it. According to a new risk survey from Allianz, both are influencing how organizations plan for disruption, resilience, and recovery across regions and industries. Cyber incidents stay…
Hardware Security Module Integration for Quantum-Safe Model Contexts
Learn how to integrate Quantum-Safe HSMs with Model Context Protocol (MCP) to secure AI infrastructure against Shor’s algorithm and context injection. The post Hardware Security Module Integration for Quantum-Safe Model Contexts appeared first on Security Boulevard. This article has been…
AI Can Answer You, But Should You Trust It to Guide You?
Artificial intelligence tools are expanding faster than any digital product seen before, reaching hundreds of millions of users in a short period. Leading technology companies are investing heavily in making these systems sound approachable and emotionally responsive. The goal is…
Microsoft hiring energy strategists to power its Asian datacenters
PLUS: ASUS gets into healthcare gadgets; Vietnam’s first fab; Australia’s child social ban takes out 4.7 million accounts; And more! Asia In Brief Microsoft is hiring senior managers to ensure its datacenters in Asia can access the energy they need.……
Mandiant releases quick credential cracker, to hasten the death of a bad protocol
PLUS: Navy spy sent to brig for 200 months in brig; Black Axe busted again; Bill aims to crimp ICE apps; and more Infosec In Brief PLUS: Google’s security outfit Mandiant last week released tools that can crack credentials in…
Hacktivists hijacked Iran ’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi
Activists hacked Iran ’s Badr satellite, briefly broadcasting Reza Pahlavi’s anti-regime protest messages on state TV channels. Anti-regime activists briefly took control of Iran ’s Badr satellite, hijacking state TV to broadcast Crown Prince Reza Pahlavi’s calls for protests against…
Who’s Stalking Whom? ICE Uses Social Media and Phone Surveillance System to Track Protesters
ICE protests surveillance yet uses tech to track citizens’ devices, possibly violating privacy laws and the Fourth Amendment, revealed through ICE’s data tools. The post Who’s Stalking Whom? ICE Uses Social Media and Phone Surveillance System to Track Protesters appeared…
GootLoader uses malformed ZIP files to bypass security controls
GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. Built to evade detection, it accounted for 11% of bypassing malware…
Pass’Sport – 6,366,133 breached accounts
In December 2025, data from France’s Pass’Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households. The data also included names, phone…