[SECURITY]
STORIES FROM THE SECURITY DESK ■ LAST 14 DAYS ■ RSS
■ SECURITY
100 STORIESElon Musk's xAI has filed its first lawsuit against a Grok user accused of generating child sexual abuse material (CSAM) using the AI chatbot. The legal action marks a shift in how the company is addressing the issue.
US Homeland Security Investigations seized over 30,000 SIM cards across the country in June and July. The agency claims the operation dismantled infrastructure used in telephone fraud schemes.
Advanced Russian threat actors have adopted Clickfix, a social-engineering technique previously favored by financially motivated cybercriminals, according to recent security findings.
The Coca-Cola Company disclosed a ransomware attack on its Fairlife dairy subsidiary that has suspended US production. The company has not resumed operations at the affected facility.
A new information-stealing malware called ClickLock targets macOS systems by terminating all visible processes to trick users into entering their login credentials. The attack forces users into a compromised authentication state.
Virtual private network usage in the UK nearly doubled to 2.2 million users following the introduction of age verification laws for adult websites in July 2025, according to an Ofcom report. The regulator found evidence of children using VPNs to circumvent the age restrictions.
OpenAI has identified the cause of reports where GPT-5.6 unexpectedly deleted files. The issue primarily occurs when full-access mode is enabled without sandboxing protections.
Security researchers have identified OkoBot, a new malicious framework delivering over 20 payloads designed to steal cryptocurrency wallet seed phrases, credentials, and sensitive user data.
Two teenagers have been sentenced to five and a half years each for breaking into Transport for London's core IT systems in 2024. The breach exposed data belonging to millions of commuters and forced 27,000 TfL staff to reset passwords.
Mozilla research found that period tracker Stardust shares users' health data with an analytics company, revealing significant privacy gaps among menstrual health apps. The findings highlight inconsistent data protection practices across the category.
Genetic testing company 23andMe has agreed to an $18 million settlement with 43 state attorneys general over failure to protect customer genetic data.
Traditional security workflows designed for human-speed operations are inadequate for AI agents, requiring organizations to rebuild defenses around live identity foundations and customizable threat responses.
Two members of the Scattered Spider cybercrime collective have been sentenced to five years and six months in prison each for a 2024 cyberattack that disrupted Transport for London.
Russian threat actor UAT-11795 is distributing trojanized versions of popular video conferencing apps to deploy Starland, a new backdoor capable of stealing credentials and cryptocurrency.
A new ransomware group called Spirals has demonstrated rapid attack capabilities, completing full network encryption within a single day. The threat actor moved from initial access through data theft to encryption faster than most ransomware operations.
The Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring federal agencies to patch a critical Oracle E-Business Suite vulnerability by Saturday. The flaw is currently being exploited in active attacks.
xAI has filed a lawsuit against a user who allegedly used Grok to generate nonconsensual sexualized images of both adults and children.
The UK's online regulator Ofcom has launched a formal investigation into TikTok over concerns the platform fails to protect children from harmful content. The watchdog is particularly focused on the effectiveness of TikTok's age verification systems.
Leaked data reveals the AI music generator sourced training material from YouTube Music, Deezer, and Genius without public disclosure. The discovery raises questions about the company's data acquisition practices.
Security researcher Andreas Makris remotely compromised a Yarbo robot lawn mower to expose critical vulnerabilities in the device's safety systems.
The FBI has taken control of websites operated by Alarum Technologies Ltd., marking a significant enforcement action against the proxy network industry. The move signals increased federal scrutiny of services that mask user identities online.
Meta has issued conflicting statements about NameTag, a face recognition system reported by WIRED. Company executives have offered unclear remarks on whether the technology actually exists.
Zoom has disclosed a critical vulnerability affecting its Windows desktop client and SDK that allows unauthenticated attackers to hijack user accounts. The company has released patches to address the security issue.
A hacker accessed Suno's source code, revealing details about how the AI music platform scraped millions of songs. Suno confirmed a November breach but stated no sensitive personal data was compromised.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.
Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.
Vancouver Police Department has implemented a discreet button on its website that instantly closes the page and clears browser history when clicked. The feature is designed to help domestic violence survivors quickly hide their browsing activity.
Europe's digital identity wallet age verification system will only work on iOS and Android devices, excluding alternative mobile platforms. The technical specification has drawn criticism from privacy advocates and open-source developers.
The Trump administration has established the Gold Eagle federal clearinghouse to enable real-time sharing of AI-related cyber threat intelligence between government agencies and private sector companies. The White House says the system is already receiving vulnerability reports and coordinating patch prioritization.
Spanish authorities dismantled a major cybercrime organization responsible for €140 million in fraudulent earnings, resulting in four arrests. The ring operated investment scams and business email compromise attacks.
SonicWall has released security updates to address two actively exploited vulnerabilities in its SMA1000 appliance. The company urges customers to patch immediately.
A US federal judge dismissed a class action lawsuit accusing Apple of failing to prevent child sexual abuse material from spreading through iCloud, citing Section 230 protections for online platforms.
A threat actor has created nearly 300 fraudulent GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware to unsuspecting developers.
LastPass has issued a warning about an active phishing campaign using fraudulent security notices to redirect users to malicious websites. The scheme targets both LastPass and Bitwarden password manager users.
Microsoft has rolled out cumulative updates KB5101650 and KB5099414 for Windows 11, addressing security vulnerabilities and bugs across multiple versions. The updates target versions 25H2/24H2 and 23H2.
Iran leveraged known vulnerabilities in mobile networks to identify and target U.S. military personnel in the Middle East during the buildup to and early stages of armed conflict.
Security researchers can now validate system vulnerabilities by analyzing attack techniques rather than launching live exploits. This approach eliminates risks to critical infrastructure while still determining exploitability.
A new study reveals that YouTube and X are inadvertently functioning as gateways to nonconsensual deepfake pornography services. These platforms contain content directing users to sites where sexually explicit deepfakes can be created for as little as $1 per image.
SAP released security updates for 16 vulnerabilities in July 2026, including three critical flaws affecting NetWeaver, Commerce Cloud, and AppRouter. The patches address risks across multiple enterprise software components.
Two newly discovered phishing kits, Jalisco and OmegaLord, are actively targeting Microsoft 365 accounts with techniques designed to circumvent multi-factor authentication protections.
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against American organizations. The action targets infrastructure providers facilitating cyber threats.
As scam calls and messages proliferate, ordinary people are turning the tables on fraudsters through scambaiting—deliberately engaging scammers to waste their time and resources.
Security researchers have identified a defensive technique called "context bombing" that uses prompt injections to trigger an attacker's own AI guardrails, reducing the success rate of AI-based hacking attempts by approximately 90%.
Department of Homeland Security analysts dismissed suspicious network activity detected in May as harmless before confirming a breach in June, according to internal documents.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that Russian state-sponsored hackers are actively targeting residential routers. The threat escalates as attackers seek to exploit routers for use as residential proxies.
Grok CLI experienced a critical bug that caused it to upload entire home directories to Google Cloud Storage. The issue sparked significant discussion in the developer community about data handling practices.
Aylo, Pornhub's parent company, will restore access to the site in the UK through Apple's device-level age verification system in iOS 26.4. The move requires users to complete age verification before accessing the platform.
Australia's eSafety Commissioner has identified significant gaps in how major tech platforms address online sexual extortion. Young men are reporting sextortion at higher rates than any other demographic, with over 2,000 complaints filed in just six months.
Angelo Martino, a ransomware negotiator, was sentenced to 70 months in prison for colluding with attackers to defraud victims. Martino helped orchestrate scams that extracted over $75 million from ransomware victims.
Samsung's Health app is warning users that opting out of AI training will result in deletion of their health data. The ultimatum has sparked backlash over privacy and consent practices.
Nihon Kotsu, Japan's biggest taxi company, has shut down portions of its systems following a cyberattack. The incident disrupted operations across the carrier's network infrastructure.
Telegram's short-link domain t.me has been suspended, disrupting the messaging platform's URL shortening service. The suspension raises questions about accessibility and service continuity for millions of users.
A new macOS malware called CrashStealer disguises itself as Apple's crash-reporting tool to steal credentials, keychain data, and cryptocurrency wallets from infected systems.
Security firm Jscrambler disclosed that attackers published a malicious version of its npm package, which was downloaded nearly 1,500 times before detection. The compromised package contained infostealer malware targeting developer systems.
Security researchers are turning prompt injection attacks into a defensive weapon. The technique, called "context bombing," forces malicious AI agents to shut down before causing damage.
The Los Angeles Police Department has allowed its contract with surveillance company Flock to expire, citing serious civil liberties and privacy concerns. The move marks a significant departure for one of Flock's largest government customers.
Lidl has notified customers across Germany, Belgium, and the Netherlands that their personal information was compromised in a breach targeting a third-party service provider.
The Cybersecurity and Infrastructure Security Agency has released a postmortem on a significant security breach where a contractor accidentally published internal credentials—including AWS Govcloud keys—to a public GitHub repository. The credentials remained exposed for nearly six months before KrebsOnSecurity alerted the agency.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of actively exploited remote code execution vulnerabilities in two popular Joomla extensions. Attackers are leveraging arbitrary file upload flaws in iCagenda and Balbooa Forms to gain unauthorized access to affected systems.
UK authorities have charged five suspects following a National Crime Agency investigation into Russian Coms, a caller ID spoofing platform allegedly used to execute over 1.8 million scam calls.
The European Union has sanctioned members of Russia's Federal Security Service (FSB) for cyber espionage and sabotage campaigns targeting EU and Ukrainian entities since 2010. The move, coordinated with the UK, targets dozens of individuals and organizations involved in systematic hacking operations.
Cybersecurity agencies from the United States and eight allied nations have issued a joint warning about Russian state-sponsored hackers targeting vulnerable routers to breach critical infrastructure networks.
A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.
Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.
A new variant of RedHook Android malware abuses Wireless ADB (Android Wireless Debugging) to gain shell-level privileges without requiring a computer connection. This represents a significant escalation in the malware's capabilities.
Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.
A security analysis reveals xAI's Grok Build command-line tool transmits complete source code and project files to xAI's servers. The discovery raises data privacy questions for developers using the tool.
A Cambridge study reveals that terrorist organizations including Boko Haram and ISIS are using ChatGPT, Claude, and Gemini to plan attacks and develop weapons. Safety filters designed to prevent such misuse have repeatedly failed.
The Australian Cyber Security Centre has issued an alert about coordinated exploitation of vulnerable content management systems and plugins worldwide. The campaign targets organizations using outdated or unpatched CMS software.
Artificial intelligence discovered a critical security vulnerability in Linux kernel code that human developers overlooked for over a decade. The bug could allow unauthorized root access to systems.
Researchers have demonstrated a new attack called 'Ghostcommit' that hides prompt injections in PNG files to fool AI code reviewers and agents into exposing repository secrets.
A 34-year-old Armenian man pleaded guilty to hacking U.S. companies and deploying the Ryuk ransomware. He faces up to 15 years in prison.
Australia's eSafety watchdog will investigate whether major adult websites are allowing users to bypass age verification requirements using virtual private networks (VPNs). The probe follows new regulations introduced in March requiring age checks on adult content.
Dutch National Police have identified strong evidence that Dutch hackers were responsible for a February breach at telecommunications provider Odido. The investigation marks a significant development in the case.
Surveillance technology company Flock Safety did not issue a cease-and-desist letter to The Saturday Salon, a Newport Beach lecture series, despite claims posted on Instagram Thursday. The incident reignites debate over the company's practices and relationship with law enforcement.
The US Cybersecurity and Infrastructure Security Agency revealed it lacked a prepared incident response plan during a recent security event, forcing it to develop procedures in real time.
Research reveals that terrorist group Boko Haram is leveraging advanced AI technologies to enhance operational capabilities. A new report documents how the organization has integrated frontier AI systems into recruitment, planning, and execution efforts.
Researchers have discovered six vulnerabilities in U-Boot, a bootloader used across millions of devices, that could allow attackers to execute malicious code during device startup. The flaws could enable persistent malware installation while bypassing security protections.
Progress Software is alerting ShareFile customers running Storage Zone Controllers to immediately shut down their servers due to a credible external security threat targeting the on-premises file-sharing platform.
A US court sentenced Angelo Martino, a former ransomware negotiator, to 70 months in prison for colluding with the BlackCat ransomware gang to extort $75.3 million from five of his employer's clients.
A Florida-based ransomware negotiator has been convicted for assisting a notorious ransomware gang in extorting U.S. companies. This marks the third negotiator jailed for facilitating ransom payments to hackers.
Attackers are actively exploiting a critical authentication bypass in Gitea's official Docker image that enables user impersonation, including administrator accounts. The vulnerability affects the self-hosted Git service.
Microsoft rolled out a new "Workspace Check-in" feature for Teams last month that enables location tracking of employees. The feature raises questions about employee privacy and monitoring capabilities.
Fraud losses extend far beyond chargebacks. False declines, account takeovers, and customer abuse collectively damage revenue and erode trust, according to fraud prevention analysis.
Zimbra has issued an urgent security advisory urging customers to patch a critical cross-site scripting (XSS) vulnerability in its Classic Web Client. The flaw affects users of the Zimbra Collaboration suite.
Facewatch, a facial recognition system used by major retailers including Sainsbury's and B&M, is launching real-time police alerts for serious offenders. Civil liberties groups have raised concerns about the technology's surveillance implications.
Bright Data Ltd., an Israel-based web scraping startup, announced a $1 million bug bounty program as law enforcement intensifies oversight of the data collection industry.
A former DigitalMint employee has been sentenced to nearly six years in prison for participating in BlackCat ransomware attacks targeting U.S. companies. The case marks a significant prosecution in the ongoing crackdown against major ransomware operations.
Microsoft has released a patch for a zero-day vulnerability in Windows Defender that could allow attackers to exhaust hard disk space. The flaw was discovered and reported by security researcher NightmareEclipse.
A software defect from 2006 triggered a cascading network failure that knocked out Telstra's national phone service Wednesday morning. The bug, related to daylight savings time processing, created a 'digital domino chain' that locked customers out across the country.
The EU Parliament is advancing legislation that would require tech companies to scan for child sexual abuse material (CSAM), reviving a proposal rejected in March. End-to-end encrypted services like WhatsApp would be exempt from the requirements.
Hackers compromised the Injective Labs SDK repository on GitHub and published a malicious package to npm that steals cryptocurrency wallet private keys and seed phrases from developers.
Microsoft says Windows users should expect increased security patches as the company deploys AI tools to identify vulnerabilities in its codebase. The shift reflects a growing reliance on artificial intelligence for proactive threat detection.