Security

Chinese authorities are using a new tool to hack seized phones and extract data

Security /

Security researchers say Chinese authorities are using a new type of malware to extract data from seized phones, allowing them to obtain text messages — including from chat apps such as Signal — images, location histories, audio recordings, contacts, and more. On Wednesday, mobile cybersecurity company Lookout published a new report — shared exclusively with […]

Chinese authorities are using a new tool to hack seized phones and extract data Read More »

US Army soldier pleads guilty to hacking telcos and extortion

Security /

Former U.S. Army soldier Cameron John Wagenius pleaded guilty to hacking telecommunication companies and attempting to extort them by threatening to release stolen files, the Department of Justice announced on Tuesday. According to the DOJ, Wagenius, who went online with the nickname “kiberphant0m,” conspired to defraud 10 victim companies by stealing their login credentials, using

US Army soldier pleads guilty to hacking telcos and extortion Read More »

Ukrainian hackers claim to have destroyed servers of Russian drone maker

Security /

Ukrainian hacktivist group BO Team has claimed to have hacked into the network of Russian drone maker Gaskar Group and disrupted its operations. In a post on its Telegram channel, BO Team announced the breach, saying it carried out the attack along with the Ukrainian Cyber Alliance, another hacktivist group that operates in Ukraine, as

Ukrainian hackers claim to have destroyed servers of Russian drone maker Read More »

DOGE staffer with access to Americans’ personal data leaked private xAI API key

Security /

A DOGE staffer with access to the private information on millions of Americans held by the U.S. government reportedly exposed a private API key used for interacting with Elon Musk’s xAI chatbot. Independent security journalist Brian Krebs reports that Marko Elez, a special government employee who in recent months has worked on sensitive systems at

DOGE staffer with access to Americans’ personal data leaked private xAI API key Read More »

Episource is notifying millions of people that their health data was stolen

Security /

Medical billing giant Episource is notifying millions of people across the United States that their personal and health information was stolen in a cyberattack earlier this year. The breach affects more than 5.4 million people, according to a listing with the U.S. Department of Health and Human Services, making it one of the largest healthcare

Episource is notifying millions of people that their health data was stolen Read More »

Trump administration to spend $1 billion on ‘offensive’ hacking operations

Security /

The Trump administration, through the Department of Defense, plans to spend $1 billion over the next four years on what it calls “offensive cyber operations.”  The provision in Trump’s landmark One Big Beautiful Bill does not say what those “offensive cyber operations” are, nor what specific tools or software would qualify. The budget does note

Trump administration to spend $1 billion on ‘offensive’ hacking operations Read More »

Elmo’s X account hacked to publish racist and antisemetic posts

Security /

In case it wasn’t obvious, no, that’s not the real Elmo that posted racist and antisemetic posts on Elon Musk’s X. Someone had hacked into the Sesame Street character’s X account. On Sunday, Elmo’s official account published several abusive posts, since removed. It’s not clear how the account was compromised, but the nonprofit Sesame Workshop

Elmo’s X account hacked to publish racist and antisemetic posts Read More »

Can an ‘ethical’ spyware maker justify providing its tech to ICE?

Security /

Paragon, an Israeli spyware company that claims to operate as an “ethical” surveillance vendor, faced scrutiny when earlier this year Italy was caught using Paragon’s tools to spy on the phones of two journalists. Paragon responded by cutting Italy off from its surveillance products, becoming the first spyware company to ever publicly name one of

Can an ‘ethical’ spyware maker justify providing its tech to ICE? Read More »

CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw

Security /

U.S. cybersecurity agency CISA says hackers are actively exploiting a critical-rated security flaw in a widely used Citrix product, and has given other federal government departments just one day to patch their systems. Security researchers have dubbed the bug “Citrix Bleed 2” for its similarity to a 2023 security flaw in Citrix NetScaler, a networking

CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw Read More »

AI chatbot’s simple ‘123456’ password risked exposing personal data of millions of McDonald’s job applicants

Security /

Security researchers found that they could access the personal information of 64 million people who had applied for a job at McDonald’s, in large part by logging into the company’s AI job hiring chatbot with the username and password “123456.” Ian Carroll and Sam Curry wrote in a blog post that “during a cursory security

AI chatbot’s simple ‘123456’ password risked exposing personal data of millions of McDonald’s job applicants Read More »