Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Google blocked 2.36 million risky Android apps from Play Store in 2024
Google blocked 2.3 million Android app submissions to the Play Store in 2024 due to violations of its policies that made them potentially risky for users. In addition, 158,000 developer accounts were banned for attempting to publish harmful apps like malware and spyware on Android’s official app store. In comparison, Google blocked 2,280,000 risky apps in 2023 and 1,500,000 […]
Ransomware attack disrupts New York blood donation giant
The New York Blood Center (NYBC), one of the world’s largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments. NYBC collects almost 4,000 units of blood products every day and serves more than 75 million people in more than a dozen states. It also provides transfusion-related […]
DeepSeek exposes database with over 1 million chat records
DeepSeek, the Chinese AI startup known for its DeepSeek-R1 LLM model, has publicly exposed two databases containing sensitive user and operational information. The unsecured ClickHouse instances reportedly held over a million log entries containing user chat history in plaintext form, API keys, backend details, and operational metadata. Wiz Research discovered this exposure during a security […]
New Syncjacking attack hijacks devices using Chrome extensions
A new attack called ‘Browser Syncjacking’ demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim’s device. The new attack method, discovered by security researchers at SquareX, involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover. Despite the multi-stage process, the attack is stealthy, requires minimal permissions, […]
Police seizes Cracked and Nulled hacking forum servers, arrests suspects
Europol and German law enforcement confirmed the arrest of two suspects and the seizure of 17 servers in Operation Talent, which took down Cracked and Nulled, two of the largest hacking forums with over 10 million users. Even though some of their members are also engaged in ethical hacking discussions, these hacking forums are best […]
Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics
A ChatGPT jailbreak flaw, dubbed “Time Bandit,” allows you to bypass OpenAI’s safety guidelines when asking for detailed instructions on sensitive topics, including the creation of weapons, information on nuclear topics, and malware creation. The vulnerability was discovered by cybersecurity and AI researcher David Kuszmar, who found that ChatGPT suffered from “temporal confusion,” making it […]
New Aquabotv3 botnet malware targets Mitel command injection flaw
A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. The activity was discovered by Akamai’s Security Intelligence and Response Team (SIRT), who reports that this is the third variant of Aquabot that falls under their radar. The malware family was introduced […]
Solana Pump.fun tool DogWifTool compromised to drain wallets
Hackers have compromised the Windows version of the DogWifTools software for promoting meme coins on the Solana blockchain in a supply-chain attack that drained users’ wallets. The developers claim that a malicious threat actor compromised the project’s private GitHub repository after reverse engineering the software to extract a GitHub token. The maintainers of the platform said […]
Laravel admin package Voyager vulnerable to one-click RCE flaw
Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. The issues remain unfixed and can be exploited against an authenticated Voyager user that clicks on a malicious link. Vulnerability researchers at SonarSource, a code quality and security company, say that they tried to report the […]
FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent
Update January 29, 14:15 EST: Seizure banners were added to the cracked[.] io, nulled [.] to, starkrdp [.] io, mysellix [.] io, and sellix [.] io, confirming that the domains had been seized in a joint law enforcement action dubbed “Operation Talent” that included authorities from the United States, Italy, Spain, Europe, France, Greece, Australia, and […]