lemmydev2

Low-severity bugs but infosec pros claim they are a 'critical' overall threat – patch accordingly AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure.…

Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. [...]

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. [...]

Extensions load unknown sites into invisible Windows. What could go wrong?

Following a breach at the country's top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements.

Qantas Airways Ltd. said personal information belonging to 5.7 million customers, ranging from names and addresses to phone numbers and meal preferences, were stolen in last week’s cyberattack, as the fallout from the latest airline security breach becomes clearer.

China's Hack-For-Hire Scene Disgorges Another LeakThe Chinese nation-state threat actor tracked as Salt Typhoon is operated by a clutch of private firms whose clients include multiple Chinese government agencies, finds analysis of leaked data by Spy Cloud. Researchers found a spreadsheet listing buyers, sellers and financial transaction details.

Laura Onita / Financial Times: M&S Chair Archie Norman tells UK parliament that M&S used the FBI and UK agencies to combat the May cyberattack and says M&S believes DragonForce was behind it  —  Chair Archie Norman tells parliamentarians retailer believes Dragon Force was criminal gang behind attack

LLMs don’t read the danger in requests if you use enough big words.

With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions.

Ivanti has identified and resolved three high-severity vulnerabilities in its Endpoint Manager (EPM) software. If exploited, these flaws could enable attackers to decrypt other users’ passwords or gain access to sensitive database information, posing significant risks to organizations that rely on this endpoint management solution. Ivanti Endpoint Manager Mobile Vulnerabilities Ivanti’s recent security update targets […] The post Ivanti Endpoint Manager Mobile Vulnerabilities Allow Attackers to Decrypt Other Users’ Passwords appeared first on Cyber Security News.