Cybersecurity

Samsung reached a settlement with Texas over unauthorized collection of viewing data from smart TVs without proper user consent. The company will now require express consent before collecting content-viewing information from Texas residents.

South Korea's National Tax Service exposed a cryptocurrency wallet's recovery phrase in a public press release, resulting in $4.8M theft by hackers. This incident highlights critical operational security failures in government handling of digital assets and underscores the importance of secure key management practices that extend beyond traditional cybersecurity controls.

Peru has increased its squid catch limit in what appears to be a regular Friday squid-themed blog post. The post serves as an open thread for security discussions not covered elsewhere on the blog.

Security experts emphasize that major events like the FIFA World Cup require enhanced focus on wireless and drone defense capabilities, extending beyond conventional physical and cybersecurity measures to address active and passive wireless threats.

AI-powered security vulnerability detection tools are showing promise but current products are not meeting the speed and accuracy requirements of enterprises and software developers.

Microsoft is testing security and performance improvements for batch file and CMD script execution in Windows 11 Insider Preview builds, addressing potential vulnerabilities in legacy scripting environments.

Instagram is implementing parental alerts in four countries that will notify parents when their children repeatedly search for self-harm or suicide-related content on the platform. This safety feature targets youth protection concerns on social media.

Third-party software like PDF readers and email clients create significant attack surfaces through inconsistent patching. Action1 highlights how software drift across endpoints increases exploit risk and emphasizes the need for systematic third-party patch management.

Claude Code's introduction rippled across the stock market, but researchers and analysts say its impact was overstated, as they peel back the layers.

Hackers stole personal information such as names, email addresses, phone numbers, and other information. The post 38 Million Allegedly Impacted by ManoMano Data Breach appeared first on SecurityWeek .

The attacks exploited a post-authentication command injection vulnerability in the endpoint manager’s interface. The post 900 Sangoma FreePBX Instances Infected With Web Shells appeared first on Secur

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more pa

The 24-year-old suspect has been accused of trafficking over 26,000 cards from a single brand. The post Chilean Carding Shop Operator Extradited to US appeared first on SecurityWeek .

Anthropic said it sought narrow assurances from the Pentagon that Claude won’t be used for mass surveillance of Americans or in fully autonomous weapons. The post Anthropic Refuses to Bend to Pentagon

A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide. [...]

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen prote

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malwar

Aeternum operates on smart contracts, making its command-and-control (C&C) infrastructure difficult to disrupt. The post Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resili

An out-of-band security update for Junos OS Evolved patches the remote code execution vulnerability CVE-2026-21902. The post Juniper Networks PTX Routers Affected by Critical Vulnerability appeared fi

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downl

Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effor

CISA has released an advisory to warn about four vulnerabilities discovered by a researcher in Gardyn Home and Gardyn Studio. The post Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking app

When a company gets breached through a third-party security vendor, who should bear responsibility? For one FinTech company, the answer is the firewall provider.

The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind.

Gerald Eddie Brown, 65, was arrested in Jeffersonville, Indiana on Thursday after spending nearly three years living in China and allegedly providing combat aircraft training to pilots in the Chinese

Rudd “does not have the background that would allow him to immediately step into” the role of leading Cyber Command, Wyden wrote in a letter that was included in the Congressional Record on Wednesday.

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. [...]

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts

Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. [...]

DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. [...]

Proactively identifying, assessing, and addressing risk in AI systems We cannot anticipate every misuse or emergent behavior in AI systems. We can , however, identify what can go wrong, assess how bad