lemmydev2

Automaker's answer to spate of car thefts is to charge customers for extra Hyundai is charging UK customers £49 ($66) for a security upgrade to prevent thieves from bypassing its car locks.…

Scattered Spider, ShinyHunters, and Lapsus$ spent the weekend bragging to each other on a Telegram channel Prolific cybercrime collectives Scattered Spider, ShinyHunters, and Lapsus$ appear to be working together to break into businesses' networks, steal their data, and force an extortion payment.…

Can deleting old emails and photos help the UK tackle ongoing drought this year? That’s the hope, according to recommendations for the public included in a press release today from the National Drought Group. There are far bigger steps companies and policymakers can take to conserve water of course, but drought has gotten bad enough […]

The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. [...]

Time to start over.

Clinical Diagnostics Lab Hack Among Latest Recent Cyberattacks in the NetherlandsA Dutch population health research agency is notifying 485,000 participants of a cervical cancer screening program of a hacking incident at a clinical diagnostics laboratory that potentially compromised patients' personal and health information, including lab test results.

The threat actor collective ShinyHunters has recently announced that BreachForums—one of the most prolific breeding grounds for stolen credentials and leak data—has been commandeered by international law enforcement agencies. According to Shiny from ShinyHunters, the site’s administrative controls, including the accounts “Hollow,” “ShinyHunters,” and the original “Founder,” now operate under the oversight of French authorities […] The post ShinyHunters Unveils That BreachForums Taken by Law Enforcement Agencies, Now It Is a Honeypot appeared first on Cyber Security News.

Marks & Spencer Group Plc has reinstated online delivery on its full range of items, nearly four months after a cyberattack caused chaos for the British clothing and food retailer.

Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g. API keys, to external servers by issuing DNS requests. Prompt Injection Hijacks Claude When reviewing or interacting with untrusted code or processing data from external systems, Claude Code can be hijacked to run bash commands that allow leaking of sensitive information without user approval.

Comments

Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. [...]

It turns out no one was clean on OPSEC DEF CON  On Saturday at DEF CON, security boffin Micah Lee explained just how he hacked into TeleMessage, the supposedly secure messaging app used by White House officials, which in turn led to a massive database dump of their communications.…