U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security...
An estimated 100 million people live with facial differences. As face recognition tech becomes widespread, some say they’re getting blocked from accessing essential systems and services.
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws,...
Adobe has issued a set of security updates addressing more than 35 vulnerabilities across its product portfolio. These updates include fixes for several critical flaws affecting widely used...
The true cost of cyber risk is a human one. Siloed tools and disjointed operations aren’t just endangering your business, they’re also taking a real toll on your teams. It’s long past time to take...
Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap.
Carding is a type of cybercrime where attackers steal or illegally buy credit card information and use it to make unauthorized transactions. It often involves testing stolen card numbers with...
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with...
F5 disclosed a security incident in which a nation-state threat actor maintained persistent access to the company’s internal systems, including its BIG-IP product development and engineering...
Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the...
The malicious app required to make a “Pixnapping” attack work requires no permissions.
Microsoft has released its monthly security update for October 2025, addressing 175 Microsoft CVEs and 21 non-Microsoft CVEs. Among these, 17 vulnerabilities are considered critical and 11 are...
The tech giant addressed a record-high number of defects for the year in its latest update. The post Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days...
Jay Peters reports: 5CA is a customer service support company that works with Discord. Recently, the chat platform said the vendor had been breached as part of a “security incident” where 70,000...
A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency...
Officials in the US and UK have taken sweeping action against “one of the largest investment fraud operations in history,” confiscating a historic amount of funds in the process.
NEW YORK – New York Attorney General Letitia James today secured $14.2 million from eight car insurance companies for failing to protect the private information of more than 825,000 New Yorkers....
The cryptocurrency seizure and sanctions targeting the Prince Group, associates and affiliated businesses mark the most extensive action taken against cybercrime operations in the region to date....
Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner,...
Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization...
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines,...
Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages,...
This is a current list of where and when I am scheduled to speak: I and Nathan E. Sanders will be giving a book talk on Rewiring Democracy at the Harvard Kennedy School’s Ash Center in Cambridge,...
To support debugging applications written in Unity, the Android library adds a handler for the intent containing unity data onto a UnityPlayerAcivity. Android does manage feature flags it does not...
California's governor signed a bill that requires chatbot operators to set up a system to prevent suicidal ideation — an issue that several federal lawmakers have also focused on in recent months.
Meta's Facebook Messenger can use end-to-end encryption. In particular, you can select a friend and decide to start a conversation with them. Because the chat is encrypted, everything must be...
Vibe Coding is the practice of using an AI-assisted programmer to write all of the code without paying attention to whether it's correct or not. So, what's the term for a seasoned professional who...
In what marks the end of an era, Microsoft has released the Windows 10 KB5066791 cumulative update, the final free update for the operating system as it reaches the end of its support lifecycle. [...]
How Symantec Endpoint Security Complete delivered 180% ROI over three years in a Forrester TEI study
A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites, and...