WhatsApp's former security boss claims reporting infosec failings led to ousting
Thomas Claburn / theregister - Meta shrugs off allegations of improper dismissal, ignoring privacy and security WhatsApp's former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him for r…
Back to Top / Monday, September 8, 2025, 7:20 pm / permalink 14097 / 3 stories in 5 months
Signal rolls out new encrypted backup features
Signal is stepping up its security game by launching a pair of backup options – one free and one paid – that offer end‐to‐end encrypted storage for chats, media, and messages. This dual-pronged approach aims to ensure users can safely restore their communications even after mishaps.
Back to Top / Monday, September 8, 2025, 3:20 pm / permalink 14066 / 4 stories in 5 months
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
Sergiu Gatlan / bleepingcomputer - In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers' accounts in a phishing attack. [...]
Back to Top / Monday, September 8, 2025, 3:20 pm / permalink 14065 / 6 stories in 5 months
Salesloft says Drift customer data thefts linked to March GitHub account hack
Lorenzo Franceschi-Bicchierai / techcrunch - The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the breach.
Back to Top / Monday, September 8, 2025, 1:21 pm / permalink 14055 / 6 stories in 5 months
VirusTotal’s AI Uncovers Year-Long Malware Campaign Hidden in SVG Files
Markus Kasanmascheff / winbuzzer - VirusTotal has used its AI Code Insight tool to uncover a year-long malware campaign that hid within SVG files to evade antivirus software.The post VirusTotal’s AI Uncovers Year-Long Malware Campaign Hidden in SVG Files appeared first on WinBuzzer.
Back to Top / Sunday, September 7, 2025, 12:20 pm / permalink 13994 / 2 stories in 5 months
Attackers snooping around Sitecore, dropping malware via public sample keys
Jessica Lyons / theregister - You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping malware …
Back to Top / Thursday, September 4, 2025, 7:21 pm / permalink 13857 / 2 stories in 6 months
Windows 11 August 2025 security update is causing unintended UAC prompts to appear for non-admin users — some apps are crashing
tomshardware - Microsoft's latest Windows update for Windows 11, Windows 10 is causing unintended UAC prompts to appear in certain cases for non-admin users.
Back to Top / Thursday, September 4, 2025, 4:21 pm / permalink 13832 / 2 stories in 6 months
LinkedIn will require recruiters and executives to verify their identity to cut down on scams
Ian Carlos Campbell / engadget - LinkedIn will now require some users to verify their identity before they change job titles in an attempt to cut down on scams on the platform. The new identity verification rules will specifically apply to executives and recruiters who interact with job …
Back to Top / Thursday, September 4, 2025, 9:22 am / permalink 13779 / 2 stories in 6 months
Cloudflare Breach Exposes Customer Support Data in Major Salesloft Supply-Chain Attack
Markus Kasanmascheff / winbuzzer - Cloudflare confirms it was a victim of a major supply-chain attack via Salesloft, exposing customer support data and potential credentials from its Salesforce instance.The post Cloudflare Breach Exposes Customer Support Data in Major Salesloft Supply-Chai…
Back to Top / Wednesday, September 3, 2025, 8:21 am / permalink 13658 / 2 stories in 6 months
Cloudflare Says Support Case Data Compromised by Breach of Salesloft’s Drift
PYMNTS / pymnts - Cloudflare said Tuesday (Sept. 2) that information shared in its customer support system should be considered compromised. The company issued this warning in a Tuesday blog post in which it disclosed that it was affected by a breach of Salesloft’s Drift t…
Back to Top / Tuesday, September 2, 2025, 7:21 pm / permalink 13631 / 2 stories in 6 months
Stolen OAuth tokens expose Palo Alto customer data
Paul Kunert / theregister - Security firm's Salesforce instance accessed using credentials stolen from Salesloft's Drift platform breach Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lif…
Back to Top / Tuesday, September 2, 2025, 10:22 am / permalink 13546 / 6 stories in 6 months
WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware
Zack Whittaker / techcrunch - A spyware vendor was behind a recent campaign that abused a vulnerability in WhatsApp to deliver an exploit capable of hacking into iPhones and Macs.
Back to Top / Friday, August 29, 2025, 2:21 pm / permalink 13406 / 8 stories in 6 months
Microsoft to Enforce MFA for Azure Command-Line Tools Starting October 2025
Markus Kasanmascheff / winbuzzer - Microsoft will mandate Multi-Factor Authentication (MFA) for Azure CLI, PowerShell, and APIs starting Oct 1, 2025, to enhance security for developers.The post Microsoft to Enforce MFA for Azure Command-Line Tools Starting October 2025 appeared first on Wi…
Back to Top / Friday, August 29, 2025, 1:21 pm / permalink 13400 / 2 stories in 6 months
High-severity vulnerability in Passwordstate credential manager. Patch now.
Dan Goodin / arstechnica - Vulnerability can be exploited to gain access to customers' crown jewels.
Back to Top / Thursday, August 28, 2025, 2:21 pm / permalink 13317 / 2 stories in 6 months
New research shows passkeys can be hijacked through malicious extensions
Duncan Riley / siliconangle - A new report out today from browser security company SquareX Ltd. reveals a critical flaw in passkeys, the widely promoted alternative to passwords, that could allow attackers to hijack accounts across banking, e-commerce and enterprise software-as-a-serv…
Back to Top / Thursday, August 28, 2025, 9:20 am / permalink 13275 / 2 stories in 6 months
The first AI-powered ransomware has been discovered — "PromptLock" uses local AI to foil heuristic detection and evade API tracking
tomshardware - Security firm ESET has discovered a new type of ransomware that uses a local AI model to generate malicious scripts and perform other illicit activities. Because of the variance of LLM output, this malware is harder to track than traditional attacks.
Back to Top / Tuesday, August 26, 2025, 5:21 pm / permalink 13150 / 2 stories in 6 months
Nevada closes state offices as cyberattack disrupts IT systems
Lawrence Abrams / bleepingcomputer - Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday. [...]
Back to Top / Tuesday, August 26, 2025, 1:21 pm / permalink 13122 / 2 stories in 6 months
Arch Linux continues to feel the force of a DDoS attack after two brutal weeks — attackers yet to be identified as project struggles to restore full service
tomshardware - The Arch Linux project team are working to mitigate the impact, while keeping details of who, why and how close to its chest
Back to Top / Friday, August 22, 2025, 12:21 pm / permalink 12902 / 2 stories in 6 months
Dev plants kill switch in ex-employer's network that crashed servers and deleted files, gets four years in the slammer — kill switch triggered by dev's removal from Active Directory when fired
tomshardware - A software engineer called Davis Lu was sentenced to four years in prison for creating a kill switch in his former employer's network.
Back to Top / Friday, August 22, 2025, 11:21 am / permalink 12894 / 4 stories in 6 months
Inside the Underground Trade of ‘Flipper Zero’ Tech to Break into Cars
Joseph Cox / 404media - “Kia Boys will be Flipper Boys by 2026,” one person in the reverse engineering community said.
Back to Top / Thursday, August 21, 2025, 11:21 am / permalink 12803 / 3 stories in 6 months