Items tagged with security
A new variant of the BADBOX malware campaign has taken root in over a million Android-based devices worldwide, and if you’ve picked up a cheap smart TV box or projector off Amazon or AliExpress lately, you might be part of the problem. BADBOX 2.0 is a sprawling botnet targeting Android Open Source Project (AOSP)...
Read more...
The FBI has announced that the Play ransomware gang has masterminded several sophisticated cyberattacks, which have compromised key security infrastructures in about 900 organizations in Europe, North America, and South America.
The Play ransomware gang, which became infamous for compromising the security...
Read more...
Crocodilus, a relatively new banking trojan targeting Android devices, is continuing to evolve since it was first spotted back in March by the Mobile Threat Intelligence team at Threat Fabric. The improvements aim to make the malware harder to detect alongside adding new features. Additionally, the threat actors that...
Read more...
Meta has responded to allegations that it violated Android users' rights to privacy by secretly using its apps to track browsing histories.
In case you're unfamiliar with this allegations, a group of security researchers reported that Meta is secretly monitoring the browsing activities of billions of Android...
Read more...
Microsoft has swiftly deployed an emergency patch to address a critical issue that has been preventing some Windows 11 systems from properly installing the May 2025 security update (KB5058405). The problem, which primarily impacts enterprise environments, has been causing machines to enter recovery mode and fail to...
Read more...
As tempting as it might be, avoid using 0000 as your four-digit PIN code. Same goes for 1010, 1111, 1122, and 1212, which comprises the top five worst PIN codes, according to a list compiled by security experts. Just like a password, you should avoid using PIN codes that are commonly used. Yes, they can be easier to...
Read more...
It might surprise you to learn this, but cybercriminals are usually fairly protective of the data they steal, because things like credentials and login details have value, and can be sold to the right buyer. That's why it's so unusual that this latest discovery was apparently found completely unencrypted and visible...
Read more...
A recent campaign by 3AM ransomware actors found the team using more proactive techniques rather than simple opportunistic hacks by pretending to be IT support. Using a combination of email bombing and spoof IT support calls, unwitting employees dropped their guards, giving the attackers access to their terminals (and...
Read more...
Microsoft has sounded the alarm on a pervasive piece of malware that has already infected hundreds of thousands of PCs. A few weeks ago, we reported on the Clop gang's involvement in the large-scale data leaks at Hertz. This time, Microsoft reports that the Lumma info stealer created by the notorious Russian malware...
Read more...
Yet another user info database has been leaked, which has unfortunately become a common occurrence in this day and age, no matter how much tech users and security professionals curse the cloud. This time around, it was the well-known and generally trusted crypto exchange. Coinbase. Unlike most breaches, though, this...
Read more...
If you're a Chrome user, take note that the Cybersecurity and Infrastructure Security Agency (CISA) has identified and reported three zero-day vulnerabilities, and one of these flaws could affect you.
The CISA reported that CVE-2025-4664 is already being exploited in the wild and that it impacts the Google Chromium...
Read more...
Valve has responded to reports of a major data breach in which Underdark.ai, a cyber threat intelligent service, highlighted a dark web forum post by a hacker claiming to be in possession of 89 million Steam user records. According to Valve, which has been pretty good at keeping on top of security, there is nothing...
Read more...
Intel is once again in the crosshairs of a fresh speculative execution exploit, this time dubbed "Branch Privilege Injection." The new vulnerability, revealed by researchers at ETH Zurich's COMSEC group, is capable of extracting sensitive kernel memory using techniques that bypass existing Spectre-class mitigations...
Read more...
Heads up to all ASUS motherboard, prebuilt system, and laptop owners: if you're running the company's DriverHub software, be sure to update it to the latest version ASAP. The reason for this is an exceedingly nasty bug loitering in the utility that could easily allow for remote code execution.
The vulnerabilities...
Read more...
Are you holding on to an aging wireless router in hopes of stretching out the bang for your bucks? That's admirable—no sense in throwing away and filling up a landfill with electronics that are still useful—but depending on the model, it can also pose a security threat. So says the Federal Bureau of Investigation...
Read more...
Data breaches, whether due to the nefarious activities of hackers or inadequate security measures, are a major concern due to the harm they can cause to affected users. In this latest breach, a report claims that the dating app Raw left user data unprotected, exposing private details for all to see.
Raw was...
Read more...
Nefarious hackers have figured out many ways to circumvent 2FA restrictions and harvest passwords with sophisticated phishing traps. Many of these bad actors, however, will soon be looking for new ways to attack Microsoft user accounts. Microsoft seems to have delivered on its earlier promise to push users a...
Read more...
Do you use AirPlay to send videos from an iPhone, iPad, or Mac to a television or play music through a smart speaker? Then friends, you are in for a treat. Thanks to a vulnerability in not just Apple's operating system, but the ecosystem-wide AirPlay software development kit (SDK), over two billion devices are...
Read more...
Concerns about the vulnerabilities of passwords are not new, and there have been recent moves to pivot to other secure alternatives, such as passkeys. A recent report has further highlighted that need. A cybersecurity firm reveals that hackers can now quickly crack passwords containing a mix of numbers, uppercase and...
Read more...
Patch Tuesday, is sometimes a love hate sort of thing. It's a safe bet that most Windows Home or Pro users hate having to reboot it every time there's a hangnail that needs fixing. Regardless, those days are coming to an end, thanks to upcoming availability of in-memory hot-patching, as long as you're running Windows Server, which is obviously
Read more...
Io_uring was introduced in 2019 with Linux kernel 5.1, and its purpose was to help improve the efficiency and flexibility of input and output operations on Linux. While this led to significant performance gains, it also led to critical blind spots for Linux security tools. Most recently, security researchers have...
Read more...
A recent report has revealed that an employee surveillance app has been leaking sensitive information about employees and companies in a public storage resource, which raises the question as to the extent to which employers should be allowed to access employees' private data.
WorkComposer is a surveillance app that...
Read more...