cybersecurity

Sex toy maker Lovense caught leaking users’ email addresses and exposing accounts to takeovers

A security researcher says sex toy maker Lovense has failed to fully fix two security flaws that expose the private email address of its users and allow the takeover of any user’s account. The researcher, who goes by the handle BobDaHacker, published details of the bugs on Monday after Lovense claimed it would need 14 […]

Sex toy maker Lovense caught leaking users’ email addresses and exposing accounts to takeovers Read More »

New York state cyber chief calls out Trump for cybersecurity cuts

During the first few months of the new Trump administration, the White House slashed cybersecurity budgets, staff, and initiatives. And some, including cybersecurity experts and legislators, are not happy about it. One of them is Colin Ahern, the chief cyber officer for the state of New York. In a recent interview with TechCrunch, Ahern said

New York state cyber chief calls out Trump for cybersecurity cuts Read More »

Flights grounded as Russia’s largest airline Aeroflot hit by cyberattack

Flights across Russia have been grounded after a cyberattack hit the country’s largest airline, Aeroflot, on Monday.  Details of the cyberattack remain limited, but a pro-Ukrainian hacker group known for targeting Russian organizations called Silent Crow took credit for the cyberattack alongside Belarusian hackers, citing Russia’s occupation of Ukraine.  The group said in a Telegram

Flights grounded as Russia’s largest airline Aeroflot hit by cyberattack Read More »

Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack

U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the “majority” of its customers, financial professionals, and employees during a mid-July data breach. When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach. “On July 16, 2025, a malicious threat actor gained access to a third-party,

Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack Read More »

Google took a month to shut down Catwatchful, a phone spyware operation hosted on its servers

Google has suspended the account of phone surveillance operator Catwatchful, which was using the tech giant’s servers to host and operate the monitoring software. Google’s move to shut down the spyware operation comes a month after TechCrunch alerted the technology giant the operator was hosting the operation on Firebase, one of Google’s developer platforms. Catwatchful

Google took a month to shut down Catwatchful, a phone spyware operation hosted on its servers Read More »

Cybercrime forum Leak Zone publicly exposed its users’ IP addresses

A self-styled “leaking and cracking forum” where users advertise and share breached databases, stolen credentials, and pirated software was leaking the IP addresses of its logged-in users to the open web, security researchers have found. Leak Zone left an Elasticsearch database exposed to the internet without a password, according to researchers at UpGuard. In a

Cybercrime forum Leak Zone publicly exposed its users’ IP addresses Read More »

AI slop and fake reports are exhausting some security bug bounties

So-called AI slop, meaning LLM-generated low quality images, videos, and text, has taken over the internet in the last couple of years, polluting websites, social media platforms, at least one newspaper, and even real-world events.  The world of cybersecurity is not immune to this problem, either. In the last year, people across the cybersecurity industry

AI slop and fake reports are exhausting some security bug bounties Read More »

Hundreds of organizations breached by SharePoint mass-hacks

Security researchers say hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, signalling a sharp rise in the number of detected compromises since the bug was discovered last week. Eye Security, a Dutch cybersecurity firm that first identified the vulnerability in SharePoint, a popular server software that companies use

Hundreds of organizations breached by SharePoint mass-hacks Read More »

Apple alerted Iranians to iPhone spyware attacks, say researchers

Apple notified more than a dozen Iranians in recent months that their iPhones had been targeted with government spyware, according to security researchers. Miian Group, a digital rights organization that focuses on Iran, and Hamid Kashfi, an Iranian cybersecurity researcher who lives in Sweden, said they spoke with several Iranians who received the notifications in

Apple alerted Iranians to iPhone spyware attacks, say researchers Read More »

UK government wants ransomware victims to report cyberattacks so it can disrupt the hackers

The U.K. government wants to require victims of ransomware to report if they were breached with the goal of providing law enforcement with information that could help target the cybercriminals responsible.  On Tuesday, the U.K.’s interior ministry, the Home Office, published a proposal with the aim of changing the British government’s strategy to counter ransomware.

UK government wants ransomware victims to report cyberattacks so it can disrupt the hackers Read More »