Google representatives said that hackers created a fake account in the Law Enforcement Request System (LERS). This company platform is used by law enforcement agencies to submit official data requests.
CONTINUE READING 🡒 Category: News
Vendor spent a year fixing a flaw that allowed unlimited…
Security researchers from SEC Consult, part of Eviden, reported that the payments company KioSoft spent more than a year fixing a serious vulnerability affecting some of its NFC cards.
CONTINUE READING 🡒 
Huntress researchers tracked a hacker who installed their product
Last week, the cybersecurity company Huntress published research based on the fact that an attacker had installed a trial version of its product. However, the company ended up facing criticism, as many raised concerns about the extent…
CONTINUE READING 🡒 
HybridPetya ransomware can bypass UEFI Secure Boot
ESET specialists discovered a new piece of ransomware, HybridPetya, which can bypass UEFI Secure Boot protection to install a malicious application in the EFI system partition. It is believed that HybridPetya was inspired by the destructive Petya/NotPetya…
CONTINUE READING 🡒 
Critical Chrome Vulnerability Earned Researcher $43,000
Google has patched a critical use-after-free vulnerability in the Chrome browser that could lead to code execution. The security researcher who discovered it received a $43,000 reward under the bug bounty program.
CONTINUE READING 🡒 
GhostAction attack exposed 3,325 secrets
Another supply chain attack has been discovered, dubbed GhostAction. The malicious campaign targeted GitHub and resulted in the compromise of 3,325 secrets, including PyPI, npm, DockerHub, and GitHub tokens, as well as Cloudflare and AWS API keys.
CONTINUE READING 🡒 
U.S. Leads the Global Spyware Investment Market
According to an Atlantic Council study, the spyware industry is booming as investors increasingly turn their attention to this ethically questionable yet highly profitable field. Most of the funding goes to companies in the United States and…
CONTINUE READING 🡒 
DDoS protection company hit by a 1.5 billion packets-per-second attack
An unnamed European company specializing in DDoS protection became the victim of such an attack itself, with a peak rate of 1.5 billion packets per second (PPS). Experts from FastNetMon, who handled the mitigation, reported that the…
CONTINUE READING 🡒 
More than 600 domains distributing the DeliveryRAT Android Trojan have…
Experts from F6 and RuStore report that they have discovered and blocked 604 domains that were part of the hackers’ infrastructure used to infect mobile devices with the DeliveryRAT trojan. The malware disguised itself as popular food…
CONTINUE READING 🡒 
Pixel Camera and Google Photos to get deepfake detection tools
Google announced that it is integrating C2PA Content Credentials technology into the Pixel 10 camera app and Google Photos, so users can distinguish authentic images from those created or edited using artificial intelligence.
CONTINUE READING 🡒 
Microsoft Patched 81 Vulnerabilities Across Its Products in September
This week, Microsoft released the September updates, which addressed 81 vulnerabilities across the company’s products. Among them were two zero-day vulnerabilities whose details were disclosed before the patches were released.
CONTINUE READING 🡒 
Apple introduces iPhone memory protection to combat sophisticated attacks
This week, Apple introduced the iPhone 17 and iPhone Air, which will be equipped with a new memory protection feature designed to keep devices safe against sophisticated spyware attacks.
CONTINUE READING 🡒 
The largest supply-chain attack in history netted the hackers less…
The largest attack in the history of the npm ecosystem affected about 10% of cloud environments. However, experts concluded that the attackers made practically nothing from this breach.
CONTINUE READING 🡒 
Pirate revenues are falling, and movie descriptions are hidden in…
Experts at F6 reported that in the first half of 2025, revenues of illegal video content distributors fell by 14.5% compared to last year (to $16.6 million) and by 26.5% compared to the same period in 2023.…
CONTINUE READING 🡒 
Former WhatsApp Employee: 1,500 Engineers Had Access to Users’ Personal…
Attaullah Baig, who allegedly headed WhatsApp’s security department from 2021 to 2025, has filed a lawsuit against parent company Meta (an organization recognized as extremist and banned in the Russian Federation). Baig claims he was fired for…
CONTINUE READING 🡒 
Adobe Commerce and Magento Vulnerability Enables Account Takeover
Adobe has disclosed a critical bug (CVE-2025-54236) that affects the Commerce and Magento platforms. Researchers have dubbed this vulnerability SessionReaper and describe it as one of the most serious in the entire history of these products.
CONTINUE READING 🡒 
Plex urges users to reset passwords due to a data…
The streaming multimedia platform Plex is warning customers that they need to change their passwords immediately. The company suffered a data breach during which an attacker managed to steal users’ authentication data from the database.
CONTINUE READING 🡒 
Enthusiasts launch the Darwin Awards for AI
Nominations are now open for the Darwin Awards in artificial intelligence (AI Darwin Awards). The creators of the award aim not to mock AI itself, but the consequences of using it without due caution and attention.
CONTINUE READING 🡒 
12 misissued certificates were issued for Cloudflare’s 1.1.1.1 DNS service
Last week it emerged that the little-known certificate authority Fina issued 12 unauthorized TLS certificates for 1.1.1.1 (Cloudflare’s popular DNS service) from February 2024 to August 2025, without the company’s permission. The certificates could have been used…
CONTINUE READING 🡒 
The s1ngularity attack affected 2,180 GitHub accounts
According to specialists at Wiz, who examined the recent s1ngularity attack targeting NX, the incident had far-reaching consequences. The breach of NX led to the exposure of data from 2,180 accounts and affected 7,200 repositories.
CONTINUE READING 🡒