Spies hack high-value mail servers using an exploit from yesteryear

https://arstechnica.com/security/2025/05/spies-hack-high-value-mail-servers-using-an-exploit-from-yesteryear/

#cybersecurity #XSS #Roundcube #MDaemon #Horde #Zimbra

#Google fixes high severity #Chrome flaw with public exploit

https://www.bleepingcomputer.com/news/security/google-fixes-high-severity-chrome-flaw-with-public-exploit/

#cybersecurity

"When launching privacy-critical apps and services, developers want to make sure that every packet really only goes through Tor. One mistyped proxy setting–or a single system-call outside the SOCKS wrapper–and your data is suddenly on the line.

That's why today, we are excited to introduce oniux: a small command-line utility providing Tor network isolation for third-party applications using Linux namespaces. Built on Arti, and onionmasq, oniux drop-ships any Linux program into its own network namespace to route it through Tor and strips away the potential for data leaks. If your work, activism, or research demands rock-solid traffic isolation, oniux delivers it."

https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/

#Tor #CyberSecurity #Linux #Privacy #Anonymity #Oniux

#Google #Chrome to block admin-level browser launches for better security

https://www.bleepingcomputer.com/news/google/google-chrome-to-block-admin-level-browser-launches-for-better-security/

#cybersecurity

"Meta did have more work to do on “child grooming,” as we saw in a June 2019 deck titled, “Inappropriate Interactions with Children on Instagram.” An early page called out that “IG recommended a minor through top suggested to an account engaged in groomer-esque behavior.” Grooming refers generally to the tactics a child predator might use to gain trust with potential victims to sexually abuse them. Subsequent pages gave some broader data: “27% of all follow recommendations to groomers were minors.” There’s a lot we don’t know about this statement: how did Meta track accounts that were “groomers” or “engaged in groomer-esque behavior”? And why were those accounts allowed at all? How did they generate that statistic? And it’s important to caveat as well that perhaps Meta didn’t know that any potential groomers were actual criminals. But by any measure, the headline is troubling.

There was more data than that. 33% of Instagram comments reported to Meta as inappropriate were reported by minors, the deck said of a three-month period. Of the comments reported by minors, more than half were left by an adult. “Overall IG: 7% of all follow recommendations to adults were minors,” the deck concluded.

The presentation also noted that during a “3-month period”—presumably in 2019—2 million minors were recommended by Instagram’s algorithm for groomers to follow. 22% of those recommendations resulted in a follow request from a groomer to a minor. Doing some back of the envelope math, that’s approximately 440,000 minors over just a three-month period who received a follow request from someone Meta labeled as a “groomer.” That number is shocking even before being annualized."

https://www.bigtechontrial.com/p/instagrams-algorithm-recommended

#SocialMedia #USA #Meta #Facebook #Instagram #CyberSecurity #WhatsApp #Antitrust #Monopolies #Oligopolies #Competition

Hackers behind #UK #retail attacks now targeting #US companies

https://www.bleepingcomputer.com/news/security/google-scattered-spider-switches-targets-to-us-retail-chains/

#cybersecurity

Cybercriminals tried to blackmail Coinbase into paying $20 million in Bitcoin over stolen customer data. Instead of paying up, the crypto exchange is offering the same amount as a bounty to help bring the perpetrators to justice. Read more at @DecryptMedia. #Coinbase #Crypto #Cybersecurity #Cybercrime #Tech #Technology https://flip.it/g9cixC

#Ransomware gangs join ongoing #SAP #NetWeaver attacks

https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-ongoing-sap-netweaver-attacks/

#cybersecurity

#Steel giant #Nucor Corporation facing disruptions after cyberattack

https://www.bleepingcomputer.com/news/security/steel-giant-nucor-corporation-facing-disruptions-after-cyberattack/

#cybersecurity

North Korean #IT Workers Are Being Exposed on a Massive Scale

https://www.wired.com/story/north-korean-it-worker-scams-exposed/

#NorthKorea #cybersecurity #scam

#Qatar’s $400M jet for #Trump is a gold-plated security nightmare

https://www.theregister.com/2025/05/13/presidents_trump_747_qatar/

#cybersecurity #politics

#SAP patches second zero-day flaw exploited in recent attacks

https://www.bleepingcomputer.com/news/security/sap-patches-second-zero-day-flaw-exploited-in-recent-attacks/

#cybersecurity

#NorthKorea ramps up cyberspying in #Ukraine to assess war risk

https://www.bleepingcomputer.com/news/security/north-korea-ramps-up-cyberspying-in-ukraine-to-assess-war-risk/

#cybersecurity

#Ivanti fixes #EPMM zero-days chained in code execution attacks

https://www.bleepingcomputer.com/news/security/ivanti-fixes-epmm-zero-days-chained-in-code-execution-attacks/

#cybersecurity

#Fortinet fixes critical zero-day exploited in #FortiVoice attacks

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/

#cybersecurity

#GovDelivery, an email alert system used by governments, abused to send #scam messages

https://techcrunch.com/2025/05/13/government-email-alert-system-govdelivery-used-to-send-scam-messages/

#cybersecurity

#Ivanti warns of critical #NeuronsForITSM auth bypass flaw

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-neurons-for-itsm-auth-bypass-flaw/

#cybersecurity

New #Intel #CPU flaws leak sensitive data from privileged memory

https://www.bleepingcomputer.com/news/security/new-intel-cpu-flaws-leak-sensitive-data-from-privileged-memory/

#cybersecurity

New attack can steal #cryptocurrency by planting false memories in #AI chatbots

https://arstechnica.com/security/2025/05/ai-agents-that-autonomously-trade-cryptocurrency-arent-ready-for-prime-time/

#cybersecurity #LLM #chatbot #crypto

M&S says customer data stolen in cyberattack, forces password resets

https://www.bleepingcomputer.com/news/security/mands-says-customer-data-stolen-in-cyberattack-forces-password-resets/

#MarksAndSpencer #retail #UK #cybersecurity #privacy #DataBreach

Hackers now testing #ClickFix attacks against #Linux targets

https://www.bleepingcomputer.com/news/security/hackers-now-testing-clickfix-attacks-against-linux-targets/

#cybersecurity #FOSS

#OutputMessenger flaw exploited as zero-day in espionage attacks

https://www.bleepingcomputer.com/news/security/output-messenger-flaw-exploited-as-zero-day-in-espionage-attacks/

#cybersecurity

#Moldova arrests suspect linked to #DoppelPaymer #ransomware attacks

https://www.bleepingcomputer.com/news/security/moldova-arrests-suspect-linked-to-doppelpaymer-ransomware-attacks/

#cybersecurity

What a decade of data tells us about the state of open source security, via @TechRadar. #OpenSource #CyberSecurity #OSSRA #Tech #Technology https://flip.it/ITrry9

Malicious #npm Packages Infect 3,200+ #Cursor Users With Backdoor, Steal Credentials

https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

#cybersecurity #malware #AI #Apple #Mac #macOS