#Trump administration takes aim at #Biden and #Obama #cybersecurity rules

https://techcrunch.com/2025/06/07/trump-administration-takes-aim-at-biden-and-obama-cybersecurity-rules/

#politics

#Malware found in #NPM packages with 1 million weekly downloads

https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/

#cybersecurity

Malicious #npm packages posing as utilities delete project directories

https://www.bleepingcomputer.com/news/security/malicious-npm-packages-posing-as-utilities-delete-project-directories/

#cybersecurity

#Apple warns #Australia against joining #EU in mandating #iPhone app #sideloading

https://www.neowin.net/news/apple-warns-australia-against-joining-eu-in-mandating-iphone-app-sideloading/

#cybersecurity #privacy

After its data was wiped, #KiranaPro’s co-founder cannot rule out an external hack

https://techcrunch.com/2025/06/06/after-its-data-was-wiped-kiranapros-co-founder-cannot-rule-out-an-external-hack/

#cybersecurity #India #groceries

A cybersecurity issue left phone numbers linked to Google accounts completely vulnerable, according to a researcher. It would take an hour to obtain a U.S. number, eight minutes for a U.K. one and less than a minute for some other countries.

"Phone numbers are a goldmine for SIM swappers. A researcher found how to get this precious piece of information from any Google account," writes @josephcox@infosec.exchange for @404media.

https://flip.it/zBdlAw

#Google #Cybersecurity #OnlinePrivacy #Tech #TechNews

New laws. More hacks. Rising global tension.

Open source is under pressure — from regulators, enterprises, and geopolitics.

💡 How do we protect trust in open source and AI?

#OpenSource #CyberSecurity #AI #CNAI #OSS #TechPolicy

Hackers continue to hijack online brokerage accounts in Japan to manipulate share prices to their advantage https://www.japantimes.co.jp/business/2025/06/09/markets/trading-hijack-continues/?utm_medium=Social&utm_source=mastodon #business #markets #cybersecurity #brokerages #hacking #stocks #fraud #fsa

#Citibank emailed me an alert. The same bank that constantly warns me about email scams. And, yet, they misconfigured their email so it comes as a spoofed email. My email provider delivered it anyway because Citi has a "relaxed" policy in their DNS that says that EMAIL FROM A SPOOFING SERVER CAN BE DELIVERED so long as the signature passes. Yep, servers spoofing them are not a major red flag and the email should be delivered to the inbox anyway. The email provider is not to blame here.

A major bank should not do it this way.

The spoofing SMTP server check failed because the sending IP address is not authorized by Citibank's SPF record for info6.citi.com to send their email. This has been going on for years. Do you want Citibank email from a server not authorized by them to send it?

This relaxed attitude by corporations is why people get scammed.

Authentication-Results: mail.protonmail.ch; spf=fail smtp.mailfrom=info6.citi.com
Authentication-Results: mail.protonmail.ch; arc=none smtp.remote-ip=173.213.5.122

#citi #CyberSecurity #EmailSecurity

#NewYork state lawmakers vote to stop #NYPD’s attempt to block radio communications from public

https://nypost.com/2025/06/05/us-news/new-york-state-lawmakers-vote-to-stop-nypds-attempt-to-block-radio-communications-from-public/

#cybersecurity

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

https://www.wired.com/story/cybercriminals-are-hiding-malicious-web-traffic-in-plain-sight/

#cybercrime #cybersecurity

Report on the Malicious Uses of #AI

https://www.schneier.com/blog/archives/2025/06/report-on-the-malicious-uses-of-ai.html

#OpenAI #ChatGPT #cybersecurity

New #PathWiper data wiper #malware hits critical infrastructure in #Ukraine

https://www.bleepingcomputer.com/news/security/new-pathwiper-data-wiper-malware-hits-critical-infrastructure-in-ukraine/

#cybersecurity

Critical #Fortinet flaws now exploited in #Qilin #ransomware attacks

https://www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-exploited-in-qilin-ransomware-attacks/

#cybersecurity

"We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users’ web activity."

https://localmess.github.io/

#CyberSecurity #Android #Meta #Yandex #Surveillance #Privacy #DataProtection #GDPR #MobileApps

"On Thursday, the findings of the parliamentary committee investigating Italy's usage of the spyware were published, in a rare incident of a Western state shedding light into a usually secretive world of intelligence agencies and covert surveillance.
The committee confirmed that Paragon provided Graphite to two Italian agencies, including the country's external intelligence service, starting in 2023. The version of Graphite provided did not include the ability to activate the phone's microphone or camera, the report said.

Instead, it only enabled its operators access to encrypted communications on the hacked devices. The report also confirmed that Graphite exploited a vulnerability in WhatsApp that Meta identified and patched in December 2024, one month before the spyware's activity was publicly disclosed.

The vulnerability's discovery also caused "panic" at Israel's military intelligence Unit 8200, according to the recent Israeli television report.

The Italian committee also confirmed Meta's claim that several activists involved in migrant rights in Italy had their phones hacked, including Luca Casarini, Giuseppe Caccia, and David Yambio – though in Yambio's case, the hack was carried out not by Graphite but by another unnamed spyware."

https://www.haaretz.com/israel-news/security-aviation/2025-06-05/ty-article/.premium/italy-admits-activists-were-hacked-with-israeli-spyware-but-not-journalists/00000197-3ff4-d079-ab97-7ff5bd8a0000

#EU #Italy #CyberSecurity #Surveillance #Privacy #Spyware #Paragon #Graphite #Israel

#Proxy Services Feast on #Ukraine’s IP Address Exodus

https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/

#cybercrime #cybersecurity #Russia #politics

#Italy Admits Hacking Activists With Israeli #Spyware #Paragon

https://archive.ph/Ocm8S

#cybersecurity #privacy #politics

Hacker selling critical #Roundcube #webmail exploit as tech info disclosed

https://www.bleepingcomputer.com/news/security/hacker-selling-critical-roundcube-webmail-exploit-as-tech-info-disclosed/

#cybersecurity

What Really Happened in the Aftermath of the #LizardSquad Hacks

https://www.wired.com/story/ctrl-alt-chaos-joe-tidy-book-excerpt/

#cybercrime #cybersecurity #gaming #PSN #PlayStation #PlayStationNetwork

#ViLE gang members sentenced for #DEA portal breach, extortion

https://www.bleepingcomputer.com/news/security/vile-gang-members-sentenced-for-breaching-law-enforcement-portal/

#cybercrime #cybersecurity

#Interlock #ransomware claims #KetteringHealth breach, leaks stolen data

https://www.bleepingcomputer.com/news/security/interlock-ransomware-claims-kettering-health-breach-leaks-stolen-data/

#cybersecurity #privacy #DataBreach #healthcare

US offers $10M for tips on state hackers tied to #RedLine #malware

https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-state-hackers-tied-to-redline-malware/

#cybersecurity

#Microsoft unveils free #EU #cybersecurity program for governments

https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-free-eu-cybersecurity-program-for-governments/

FBI: #Play #ransomware breached 900 victims, including critical orgs

https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-900-victims-including-critical-orgs/

#cybercrime #cybersecurity