Pulse of Truth

A new study reveals that passkeys—widely promoted as a safer login method compared with passwords—may unintentionally expose users to serious risks in situations involving interpersonal abuse. The research introduces the first framework for analyzing how digital authentication tools can be exploited in contexts such as intimate partner violence, elder abuse and human trafficking.

“Kia Boys will be Flipper Boys by 2026,” one person in the reverse engineering community said.

Chris Prentice / Reuters: The DOJ says it will no longer target developers who create decentralized crypto platforms without criminal intent, as part of a regulatory retreat on crypto  —  The U.S. Justice Department does not plan to target software developers that create decentralized platforms for transmitting …

News of the fictitious bounty fooled news outlets into reporting that $50K would be paid for information on two Qilin administrators. The post Europol bounty for Russian crypto ransomware gang wasn’t real appeared first on Protos.

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. [...]

iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.…

Orange SA’s Belgian business said that hackers gained access to data from 850,000 customer accounts, in the third major cyberattack targeting the French telecommunications firm this year.

A significant security vulnerability has been discovered in Microsoft’s Copilot for M365 that allowed users, including potential malicious insiders, to access and interact with sensitive files without leaving any record in the official audit logs. After patching the flaw, Microsoft has reportedly decided against issuing a formal CVE or notifying its customers, leaving organizations unaware […] The post Copilot Vulnerability Breaks Audit Logs and Access Files Secretly for Hackers appeared first on Cyber Security News.

Comments

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ) said. The botnet has been used to carry out large-scale DDoS-for-hire attacks targeting

Three families of Android VPN apps, with a combined 700 million-plus Google Play downloads, are secretly linked, according to a group of researchers from Arizona State University and Citizen Lab. Finding the secret links Virtual private networks (VPNs) are widely marketed as tools for enhancing privacy, securing internet traffic, and shielding users from surveillance. Unfortunately, the consumer VPN ecosystem is decidedly opaque, making it difficult (and sometime impossible) for users to make an evidence-based decision … More → The post Android VPN apps used by millions are covertly connected AND insecure appeared first on Help Net Security.

The call comes as governments go to war with the anonymous web.

Convenient tech brings big bundle of security and privacy risks.

The Trump administration says that law enforcement organizations in Britain would back off asking the company for a tool to access customers’ data.

An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.

Cybersecurity myths are like digital weeds: pull one out, and another quickly sprouts in its place. You’ve probably heard them before: Macs don’t get viruses, we’re too small to be a target, or changing passwords often keeps us safer. Experts have been busting these myths for years, yet they still stick around and shape bad strategies while giving people a false sense of security. Myth 1: AI can replace your security team No matter how … More → The post The cybersecurity myths companies can’t seem to shake appeared first on Help Net Security.

As long as there have been games, there have been crackers breaking their copy protections. “Digital Rights Management” or DRM, is a phrase for copy protection coined near the end …read more

Norway’s security service PST says pro-Russian hackers took over a dam in April, opening outflow valves. Norway’s Police Security Service (PST) says pro-Russian hackers seized control of a dam’s systems in April, opening outflow valves. On April 7, the attackers took control of a dam in Bremanger, western Norway, opening a flood gate to release […]

It's the little things that matter most, as the saying goes, and the National Institute of Standards and Technology (NIST) has got their back. NIST's newly finalized lightweight cryptography standard provides a defense from cyberattacks for even the smallest of networked electronic devices.

A recent study by researchers at the University of California San Diego is the first detailed assessment of companies offering school-based online surveillance services such as social media monitoring, student communications monitoring and online activity monitoring to middle and high schools. Schools pay for the services directly or may request federal grant funding to cover the costs.

Comments

Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.

Who knew zero-days could be so useful to highway speedsters? The lingering effects of a cyberattack on the Public Prosecution Service of the Netherlands are preventing it from reactivating speed cameras across the country.…

As £9 billion MoU sparks debate about value for money, it's time to have your say Register debate series  It's a lot of money, £9 billion ($12 billion). Especially for a government which finds itself — for whatever reason — in a fiscal dead end.…

Comments