Security

API testing firm APIsec exposed customer data during security lapse

API testing firm APIsec has confirmed it secured an exposed internal database containing customer data, which was connected to the internet for several days without a password. The exposed APIsec database stored records dating back to 2018, including names and email addresses of its customers’ employees and users, as well as details about the security […]

API testing firm APIsec exposed customer data during security lapse Read More »

Again and again, NSO Group’s customers keep getting their spyware operations caught

On Thursday, Amnesty International published a new report detailing attempted hacks against two Serbian journalists, allegedly carried out with NSO Group’s spyware Pegasus.  The two journalists, who work for the Serbia-based Balkan Investigative Reporting Network (BIRN), received suspicious text messages including a link — basically a phishing attack, according to the nonprofit. In one case, Amnesty

Again and again, NSO Group’s customers keep getting their spyware operations caught Read More »

Mozilla patches Firefox bug ‘exploited in the wild’, similar to bug attacking Chrome

Mozilla has fixed a security bug in its Firefox for Windows browser that was “being exploited in the wild.”  In a brief update, Mozilla said it updated the browser to Firefox version 136.0.4 after identifying and fixing the new bug, tracked as CVE-2025-2857, which presents a “similar pattern” to a bug that Google patched in

Mozilla patches Firefox bug ‘exploited in the wild’, similar to bug attacking Chrome Read More »

NHS vendor Advanced to pay £3M fine following 2022 ransomware attack

NHS vendor Advanced will pay just over £3 million ($3.8 million) in fines for not implementing basic security measures before it suffered a ransomware attack in 2022, the U.K.’s data protection regulator has confirmed.  It’s half the fine that the Information Commissioner’s Office had initially sought in August 2024, when the data watchdog said it

NHS vendor Advanced to pay £3M fine following 2022 ransomware attack Read More »

Has GetReal cracked the code on AI deepfakes? $18M and an impressive client list says yes

The proliferation of scarily realistic deepfakes is one of the more pernicious byproducts of the rise of AI, and falling victim to scams based on these deepfakes is already costing companies millions of dollars — not to mention the implications these could have on national security. A startup that’s built a toolset aimed at governments

Has GetReal cracked the code on AI deepfakes? $18M and an impressive client list says yes Read More »

Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists

Google said it has fixed a vulnerability in its Chrome browser for Windows that malicious hackers have used to break into victims’ computers. In a brief note on Tuesday, Google said that it fixed the vulnerability, tracked as CVE-2025-2783, that was discovered by researchers at security firm Kaspersky earlier this month.  Google said it was

Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists Read More »

The Trump administration planned Yemen strikes in an unauthorized Signal chat

The Trump administration’s national security leaders accidentally included the editor-in-chief of the Atlantic, Jeffrey Goldberg, in a chat on Signal discussing confidential plans to attack Yemen’s Houthis. “I could not believe that the national-security leadership of the United States would communicate on Signal about imminent war plans,” Goldberg wrote of the March 15 messages, which

The Trump administration planned Yemen strikes in an unauthorized Signal chat Read More »