Former WhatsApp Security Head Sues Meta Over Alleged Security Flaws On Messaging App
Prabhanu Kumar Das / medianama - The ex-Security Head for WhatsApp has alleged blatant security flaws on the messaging app in a lawsuit that he filed against parent company Meta.The post Former WhatsApp Security Head Sues Meta Over Alleged Security Flaws On Messaging App appeared first o…
Back to Top / Wednesday, September 10, 2025, 5:20 am / permalink 14221 / 2 stories in 5 months
JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it took to undermine npm packages
tomshardware - JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Back to Top / Tuesday, September 9, 2025, 10:21 am / permalink 14143 / 3 stories in 5 months
Plex suffers data breach, warns customers to change passwords
Sofia Elizabella Wyciślik-Wilson / betanews - History appears to be repeating. Plex has announced that it has suffered a security breach, exposing user data. The last time this happened was in 2022, and users are being advised to change passwords as soon as possible. The company is referring to it as…
Back to Top / Tuesday, September 9, 2025, 4:20 am / permalink 14116 / 9 stories in 5 months
WhatsApp's former security boss claims reporting infosec failings led to ousting
Thomas Claburn / theregister - Meta shrugs off allegations of improper dismissal, ignoring privacy and security WhatsApp's former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him for r…
Back to Top / Monday, September 8, 2025, 7:20 pm / permalink 14097 / 3 stories in 5 months
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
Sergiu Gatlan / bleepingcomputer - In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers' accounts in a phishing attack. [...]
Back to Top / Monday, September 8, 2025, 3:20 pm / permalink 14065 / 6 stories in 5 months
Salesloft says Drift customer data thefts linked to March GitHub account hack
Lorenzo Franceschi-Bicchierai / techcrunch - The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the breach.
Back to Top / Monday, September 8, 2025, 1:21 pm / permalink 14055 / 6 stories in 5 months
VirusTotal’s AI Uncovers Year-Long Malware Campaign Hidden in SVG Files
Markus Kasanmascheff / winbuzzer - VirusTotal has used its AI Code Insight tool to uncover a year-long malware campaign that hid within SVG files to evade antivirus software.The post VirusTotal’s AI Uncovers Year-Long Malware Campaign Hidden in SVG Files appeared first on WinBuzzer.
Back to Top / Sunday, September 7, 2025, 12:20 pm / permalink 13994 / 2 stories in 5 months
Wealthsimple Confirms Security Breach—Here’s What Happened
John Quintet / iphoneincanada - Toronto-based fintech Wealthsimple says a data breach on August 30 allowed unauthorized access to personal information from fewer than 1% of its clients. The company confirmed on Friday that no funds were stolen, no accounts were accessed, and no password…
Back to Top / Friday, September 5, 2025, 2:21 pm / permalink 13923 / 3 stories in 6 months
Sola Security Secures $35M Series A Funding
Cybersecurity startup Sola Security has closed a $35 million Series A round—complete with backing from major players like Microsoft—marking a key milestone in its growth journey. This new capital is set to drive innovative advancements in its cybersecurity technology and expand the company’s market presence.
Back to Top / Thursday, September 4, 2025, 10:20 pm / permalink 13863 / 1 stories in 6 months
Attackers snooping around Sitecore, dropping malware via public sample keys
Jessica Lyons / theregister - You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping malware …
Back to Top / Thursday, September 4, 2025, 7:21 pm / permalink 13857 / 2 stories in 6 months
New sextortion spyware snaps webcam pics of adult content viewers
Authorities are raising alarms over a newly discovered sextortion spyware that secretly snaps webcam images when users view explicit content online. The malware exploits browsers to capture covert photos, turning private moments into extortion material in a disturbingly modern twist on digital surveillance.
Back to Top / Thursday, September 4, 2025, 5:20 pm / permalink 13842 / 3 stories in 6 months
Crypto Sector Beset by Hackers Posing as Recruiters
PYMNTS / pymnts - Hackers from North Korea are reportedly flooding the cryptocurrency sector with seemingly legitimate job offers. As Reuters reported Thursday (Sept. 4), it’s part of a scam to steal digital assets, and a problem so widespread that job applicants have begu…
Back to Top / Thursday, September 4, 2025, 11:21 am / permalink 13794 / 2 stories in 6 months
Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws
Bill Toulas / bleepingcomputer - Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. [...]
Back to Top / Wednesday, September 3, 2025, 5:21 pm / permalink 13727 / 2 stories in 6 months
Cloudflare Breach Exposes Customer Support Data in Major Salesloft Supply-Chain Attack
Markus Kasanmascheff / winbuzzer - Cloudflare confirms it was a victim of a major supply-chain attack via Salesloft, exposing customer support data and potential credentials from its Salesforce instance.The post Cloudflare Breach Exposes Customer Support Data in Major Salesloft Supply-Chai…
Back to Top / Wednesday, September 3, 2025, 8:21 am / permalink 13658 / 2 stories in 6 months
Cloudflare Says Support Case Data Compromised by Breach of Salesloft’s Drift
PYMNTS / pymnts - Cloudflare said Tuesday (Sept. 2) that information shared in its customer support system should be considered compromised. The company issued this warning in a Tuesday blog post in which it disclosed that it was affected by a breach of Salesloft’s Drift t…
Back to Top / Tuesday, September 2, 2025, 7:21 pm / permalink 13631 / 2 stories in 6 months
WhatsApp, Apple warn of highly targeted attacks with zero-day vulnerability
therecord - WhatsApp believes the vulnerability could have been combined with a separate OS-level vulnerability on Apple devices to potentially launch sophisticated attacks against “specific targeted users."
Back to Top / Tuesday, September 2, 2025, 11:21 am / permalink 13558 / 2 stories in 6 months
Jaguar Land Rover says cyberattack ‘severely disrupted’ production
Bill Toulas / bleepingcomputer - Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort. [...]
Back to Top / Tuesday, September 2, 2025, 10:22 am / permalink 13548 / 3 stories in 6 months
Stolen OAuth tokens expose Palo Alto customer data
Paul Kunert / theregister - Security firm's Salesforce instance accessed using credentials stolen from Salesloft's Drift platform breach Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lif…
Back to Top / Tuesday, September 2, 2025, 10:22 am / permalink 13546 / 6 stories in 6 months
Google says Gmail breach reports were false, stresses protections remain strong
techspot - Google has moved swiftly to refute widespread claims suggesting a critical security flaw in Gmail, stressing that its email protections remain robust and effective. In a direct statement issued this week, the tech giant addressed confusion sparked by repo…
Back to Top / Tuesday, September 2, 2025, 9:21 am / permalink 13541 / 9 stories in 6 months
xAI sues ex-employee over alleged OpenAI secrets leak
Elon Musk’s xAI has initiated legal action against a former employee, accusing them of misappropriating confidential information related to OpenAI. The lawsuit highlights the growing tensions and high stakes in the competitive AI landscape, where internal discord has spilled into a very public legal conflict.
Back to Top / Friday, August 29, 2025, 5:20 pm / permalink 13420 / 0 stories in 6 months