Pulse of Truth

One scheduled speaker has also pulled out of the New York-based event and specifically pointed to Trump’s mass deportation efforts.

A stalkerware company that recently leaked millions of users' personal information online has taken all of its assets offline without any explanation.

Wired: A security researcher finds an exposed Elastic database with 184M records, including login credentials for Apple, Meta, Google, and others; its owner is unknown  —  A trove of breached data, which has now been taken down, includes user logins for platforms including Apple, Google, and Meta.

BSI Cites New Technologies, Geopolitical Tensions as Key Risk FactorsMounting decentralization and digitization put electricity grids at risk of hacking that could cause power outages, the German cybersecurity agency warned Wednesday. Technologies such as internet-connected solar power inverters and a tense geopolitical situation sparks increased concern.

Case being heard in Germany could derail Zuck's plans, and noyb tells El Reg the fight isn't over The Irish Data Protection Commission has cleared the way for Meta to begin slurping up the data of European citizens next week, ongoing legal challenges notwithstanding. …

Police arrested 270 suspects following an international law enforcement action codenamed 'Operation RapTor' that targeted dark web vendors and customers from ten countries. [...]

Comments

We use GenAI at work to make tasks easier, but are we aware of the risks? According to Netskope, the average organization now shares more than 7.7GB of data with AI tools per month, and 75% of enterprise users are accessing applications with GenAI features. The dark side of GenAI The fact that 89% of organizations have zero visibility into AI usage reveals a gap in oversight and control. On top of that, 71% of … More → The post Be careful what you share with GenAI tools at work appeared first on Help Net Security.

Even after its refurbishing, Recall provides few ways to exclude specific apps.

A sophisticated search engine optimization (SEO) poisoning attack has emerged, targeting employees through their mobile devices with fake login pages that mimic legitimate corporate portals. The attack, which has already affected organizations in the manufacturing sector, enables hackers to steal employee credentials, access payroll systems, and redirect salary payments to attacker-controlled accounts. This deceptive campaign […] The post Hackers Attacking Employees Mimic as Organizations to Steal Payroll Logins & Reroute Payments appeared first on Cyber Security News.

A summer reading insert recommended made-up titles by real authors such as Isabel Allende and Delia Owens. The Sun-Times and The Philadelphia Inquirer have apologized.

The Nordic Model criminalizes buyers of sex in multiple European countries (and Maine). Sweden just voted to expand its reach to the internet.

The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. [...]

Popular VR game Gorilla Tag partnered with the company k-ID to comply with age verification laws.

Experts tell CyberScoop that the U.S. telecom system is just too technologically fragmented to gather a clear picture of threats, and too big to ever fully eject all espionage efforts. The post A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon appeared first on CyberScoop.

Credit card theft losses in 2023 alone totaled $36.5M International cops working with Microsoft have shut down infrastructure and seized web domains used to run a distribution service for info-stealing malware Lumma. Criminals paid $250 to $1,000 a month to get access to the infostealer.…

The company expects it will continue to struggle with online disruptions until at least July, due to the attack.

Social engineering used on outsourcer.

At yesterday’s I/O conference, Google announced plans to start putting its AI chatbot, Gemini, in a variety of different places, including cars. Today, Volvo said it was shoving its way to the front of the line to be the first to receive the new tech. Volvo said it was expanding its preexisting partnership with Google […]

Attackers have made a decisive switch toward stealthy, identity-centric attacks. Forget breaking in – modern cybercriminals simply log in. And that should be a concern. According to the IBM X-Force 2025 Threat Intelligence Index, nearly one-third of intrusions in 2024 were initiated not through sophisticated attacks, but through valid account exploitation. Moreover, phishing-delivered infostealers surged, quietly harvesting credentials to fuel subsequent attacks, while slow patch cycles and unpatched public-facing applications continue to provide gateways for compromise. Let’s dive into that...

Microsoft Deployment Toolkit (MDT) shares, an often-overlooked infrastructure component, can be a goldmine of credentials for attackers. A new report published by TrustedSec highlights how red teams can easily extract domain administrator credentials from misconfigured MDT deployments, potentially leading to complete network compromise. While security professionals have long focused on System Center Configuration Manager (SCCM) […] The post Extracting Credentials from Microsoft Deployment Toolkit Shares – Red Teaming appeared first on Cyber Security News.

Update before that proof-of-concept comes to bite Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.…

Facial recognition cameras ping cops when suspects appear, sparking backlash.

The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. [...]