501
3

New #Intel #CPU flaws leak sensitive data from privileged memory

https://www.bleepingcomputer.com/news/security/new-intel-cpu-flaws-leak-sensitive-data-from-privileged-memory/

#cybersecurity

502
2

New attack can steal #cryptocurrency by planting false memories in #AI chatbots

https://arstechnica.com/security/2025/05/ai-agents-that-autonomously-trade-cryptocurrency-arent-ready-for-prime-time/

#cybersecurity #LLM #chatbot #crypto

503
4

M&S says customer data stolen in cyberattack, forces password resets

https://www.bleepingcomputer.com/news/security/mands-says-customer-data-stolen-in-cyberattack-forces-password-resets/

#MarksAndSpencer #retail #UK #cybersecurity #privacy #DataBreach

504
3

Hackers now testing #ClickFix attacks against #Linux targets

https://www.bleepingcomputer.com/news/security/hackers-now-testing-clickfix-attacks-against-linux-targets/

#cybersecurity #FOSS

505
2

#OutputMessenger flaw exploited as zero-day in espionage attacks

https://www.bleepingcomputer.com/news/security/output-messenger-flaw-exploited-as-zero-day-in-espionage-attacks/

#cybersecurity

506
1

#Moldova arrests suspect linked to #DoppelPaymer #ransomware attacks

https://www.bleepingcomputer.com/news/security/moldova-arrests-suspect-linked-to-doppelpaymer-ransomware-attacks/

#cybersecurity

507
1

What a decade of data tells us about the state of open source security, via @TechRadar. #OpenSource #CyberSecurity #OSSRA #Tech #Technology https://flip.it/ITrry9

508
5

Malicious #npm Packages Infect 3,200+ #Cursor Users With Backdoor, Steal Credentials

https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

#cybersecurity #malware #AI #Apple #Mac #macOS

509
2

#iClicker site hack targeted students with #malware via fake #CAPTCHA

https://www.bleepingcomputer.com/news/security/iclicker-hack-targeted-students-with-malware-via-fake-captcha/

#cybersecurity #education

510
2

Can an #MCP-Powered #AI Client Automatically Hack a Web Server?

https://it.slashdot.org/story/25/05/11/0027236/can-an-mcp-powered-ai-client-automatically-hack-a-web-server

#cybersecurity

511
16

Yours truly just popped up on ITV News, offering some advice on the latest from Marks & Spencer on its cyberattack. Nina Hossein told me that she could read the titles on the books behind me - eek!

https://youtube.com/watch?v=6y-X9nKs9Ac&feature=shared

#cybersecurity #ransomware #databreach

512
1

Fake #AI video generators drop new #Noodlophile #infostealer #malware

https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-drop-new-noodlophile-infostealer-malware/

#cybersecurity

513
21

If you're creating an application that displays URLs to users (chat app for example), please make sure to apply spoof checks to avoid use of UTF-8 confusables in IDN homograph attacks. You may want to block URLs with hostnames that get flagged, or display them in #punycode instead.

As an example, see https://github.com/chromium/chromium/tree/main/components/url_formatter/spoof_checks

In particular https://github.com/chromium/chromium/blob/8e070073d47861b8bfc7548dce8fcfc708a356fb/components/url_formatter/spoof_checks/idn_spoof_checker.cc#L177 is quite interesting read.

#cybersecurity #infosec

514
4

"Encrypted chat apps like Signal and WhatsApp are one of the best ways to keep your digital conversations as private as possible. But if you’re not careful with how those conversations are backed up, you can accidentally undermine your privacy.

When a conversation is properly encrypted end-to-end, it means that the contents of those messages are only viewable by the sender and the recipient. The organization that runs the messaging platform—such as Meta or Signal—does not have access to the contents of the messages. But it does have access to some metadata, like the who, where, and when of a message. Companies have different retention policies around whether they hold onto that information after the message is sent.

What happens after the messages are sent and received is entirely up to the sender and receiver. If you’re having a conversation with someone, you may choose to screenshot that conversation and save that screenshot to your computer’s desktop or phone’s camera roll. You might choose to back up your chat history, either to your personal computer or maybe even to cloud storage (services like Google Drive or iCloud, or to servers run by the application developer)."

https://www.eff.org/deeplinks/2025/05/back-it-back-it-let-us-begin-explain-encrypted-chat-backups

#CyberSecurity #Privacy #Encryption #Messaging #Signal #WhatsApp

515
4

There are security protections, and then there are strong security protections. How to turn on Lockdown Mode for your iPhone and Mac, from @TheVerege@flipboard.com:

https://flip.it/xzuEi5

#Tech #iPhone #Mac #CyberSecurity #Privacy

516
3

How #Signal, #WhatsApp, #Apple, and #Google Handle Encrypted Chat Backups

https://www.eff.org/deeplinks/2025/05/back-it-back-it-let-us-begin-explain-encrypted-chat-backups

#cybersecurity #privacy

517
9

Police dismantles #botnet selling hacked routers as residential proxies

https://www.bleepingcomputer.com/news/security/police-dismantles-botnet-selling-hacked-routers-as-residential-proxies/

#cybersecurity #cybercrime #proxy

518
9

#Florida bill requiring #encryption backdoors for #SocialMedia accounts has failed

https://techcrunch.com/2025/05/09/florida-bill-requiring-encryption-backdoors-for-social-media-accounts-has-failed/

#cybersecurity #politics

519
5

#InvisibleThingsLab is hiring a #Linux graphics stack developer to work on #Qubes OS

https://www.qubes-os.org/news/2025/05/08/invisible-things-lab-hiring-linux-graphics-stack-developer/

#FOSS #cybersecurity #FediHire #GetFediHired

520
34

"Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years.

Kyle Schutt is a 30-something-year-old software engineer who, according to Dropsite News, gained access in February to a “core financial management system” belonging to the Federal Emergency Management Agency. As an employee of DOGE, Schutt accessed FEMA’s proprietary software for managing both disaster and non-disaster funding grants. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the US."

https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/

#CyberSecurity #DOGE #USA #Musk #CISA #FEMA #Malware

521
5

#Microsoft employees are banned from using #DeepSeek app, president says

https://techcrunch.com/2025/05/08/microsoft-employees-are-banned-from-using-deepseek-app-president-says/

#AI #cybersecurity

522
2

#FBI: End-of-life routers hacked for #cybercrime proxy networks

https://www.bleepingcomputer.com/news/security/fbi-end-of-life-routers-hacked-for-cybercrime-proxy-networks/

#cybersecurity #router

523
1

#Delta Air Lines class action cleared for takeoff over #CrowdStrike chaos

https://www.theregister.com/2025/05/07/delta_crowdstrike_class_action/

#cybersecurity

524
1

#Cisco fixes max severity #IOSXE flaw letting attackers hijack devices

https://www.bleepingcomputer.com/news/security/cisco-fixes-max-severity-ios-xe-flaw-letting-attackers-hijack-devices/

#cybersecurity #iOS

525
3

#Education giant #Pearson hit by cyberattack exposing customer data

https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/

#cybersecurity #privacy #DataBreach

view more: ‹ prev next ›

Cybersecurity

2 readers
17 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS