Pulse of Truth

In an excellent example of one of the most overused XKCD images, the libxml2 library has for a little while lost its only maintainer, with [Nick Wellnhofer] making good on …read more

The French national postal service's online services were knocked offline by "a major network incident" on Monday, disrupting digital banking and other services for millions. [...]

The Uzbek government's national license plate scanning system was discovered exposed to the internet for anyone to access without a password.

Flock left at least 60 of its people-tracking Condor PTZ cameras live streaming and exposed to the open internet.

Judge says former most-wanted fugitive Mark Acklom will likely never return to the UK The UK's Crown Prosecution Service (CPS) says a fraudster who claimed to be part of MI6 must repay £125,000 ($168,000) to a former love interest that he conned.…

Personal data of 27,500 staff and affiliates stored in test files.

On-site staff keep key systems working while all but one region battles with encrypted PCs Romania's cybersecurity agency confirms a major ransomware attack on the country's water management administration has compromised around 1,000 systems, with work to remediate them still ongoing.…

Financial Times: Investigation: internal Binance files show it failed to stop hundreds of millions in crypto from flowing through suspicious accounts, even after a 2023 US deal  —  Leaked files show continued activity despite links to terror networks, failed ID checks and other red flags

Browser agents promise to handle online tasks without constant user input. They can shop, book reservations, and manage accounts by driving a web browser through an AI model. A new academic study warns that this convenience comes with privacy risks that security teams should not ignore. The report evaluates eight popular browser agents released or updated in 2025. These include ChatGPT Agent, Google Project Mariner, Amazon Nova Act, Perplexity Comet, Browserbase Director, Browser Use, Claude … More → The post Browser agents don’t always respect your privacy choices appeared first on Help Net Security.

Analysis from Amazon highlights the growing scale of North Korean-backed "fake IT worker" campaigns

SK Telecom's epic infosec faill will cost it another $1.5 billion South Korea’s government on Friday announced it will require local mobile carriers to verify the identity of new customers with facial recognition scans, in the hope of reducing scams.…

Cartridge-based consoles have often been celebrated for their robust and reliable media. You put a simple ROM chip in a tough plastic housing, make sure the contacts are fit for …read more

Resecurity has identified the emergence of uncensored darknet AI assistants, enabling threat actors to leverage advanced data processing capabilities for malicious purposes. One of these – DIG AI – was identified on September 29 of this year and has already gained popularity among cybercriminal and organized crime circles. During Q4 2025, our HUNTER team observed a notable increase in malicious actors’ utilizing DIG AI, accelerating during the Winter Holidays, when illegal activity worldwide reached a … More → The post DIG AI: Uncensored darknet AI assistant at the service of criminals and terrorists appeared first on Help Net Security.

A rare case of deliberately trying to induce an outage A staffer at the USA’s National Institute of Standards and Technology (NIST) tried to disable backup generators powering some of its Network Time Protocol infrastructure, after a power outage around Boulder, Colorado, led to errors.…

Kashmir Hill / New York Times: Some experts in the human-computer interaction field say making AI chatbots act humanlike creates cognitive dissonance for users over how much to trust them  —  I first noticed how charming ChatGPT could be last year when I turned all my decision-making over to generative A.I. for a week.

Cyber criminals are changing their tactics by recruiting insiders within organizations instead of relying on traditional attack methods like brute force or social engineering. Recent findings show that employees in banks, telecom companies, and technology firms are being approached through darknet forums to sell access to corporate networks, user devices, and cloud systems. The payouts […] The post Threat Actors are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data appeared first on Cyber Security News.

Law enforcement agencies across 19 countries arrested 574 suspects and recovered approximately $3 million during a major cybercrime operation spanning Africa. Suspects were arrested in Ghana in connection to the cyber-fraud case, with over 100 digital devices seized. (Source: Europol) The month-long initiative, known as Operation Sentinel (27 October–27 November), targeted three of the region’s most prevalent cybercrime threats: business email compromise (BEC), digital extortion, and ransomware. All three were identified as growing risks in … More → The post 574 arrests, $3 million recovered in Africa-wide cybercrime crackdown appeared first on Help Net Security.

The Kimwolf Android botnet has infected 1.8M+ devices, launching massive DDoS attacks and boosting its C&C domain, says XLab. Kimwolf is a newly discovered Android botnet linked to the Aisuru botnet that has infected over 1.8 million devices and issued more than 1.7 billion DDoS attack commands, according to XLab. On October 24, 2025, XLab […]

Comments

Comments

Miranda Bryant / The Guardian: Denmark says Russia was behind “destructive and disruptive” cyberattacks on a water utility in 2024 and DDoS attacks in the lead-up to local November elections  —  Intelligence service says attacks were work of groups connected to Russian state in ‘clear evidence’ of hybrid war

Seven years after the original attack, CISA has added the ASUS Live Update backdoor to its Known Exploited Vulnerabilities catalog.

Claims that Quantum Computing will destroy Bitcoin may be exaggerated, but Bitcoin will need to adapt.

Human review didn't stop AI from triggering lockdown at panicked middle school.

Machine-Written Pull Requests Contain 70% More BugsCodeRabbit analyzed 470 GitHub pull requests and found AI-generated code introduces more defects than human-written code across logic, security, maintainability and performance categories, with severity spiking higher as well. The use of AI code generation has expanded across the industry.