Big tech fails to opt-out users requesting not to be tracked much of the time, new research says
A new audit from privacy organization webXray reveals 194 online ad services are ignoring the legally binding Global Privacy Control opt-out signal.
Preparing for digital fallout: Analyzing Iran's cyber capabilities in a conflict scenario
A deep dive into Iran's cyber warfare playbook, based on a Recorded Future report. We analyze potential targets, attack methods, and how businesses ca
‘Mythos-ready’ security: CSA urges CISOs to prepare for accelerated AI threats
The Cloud Security Alliance urges CISOs to prepare for 'Mythos', a future class of AI-driven cyber threats that will shrink attack timelines to minute
Kraken extortion attempt highlights the fine line between security research and crime
Cryptocurrency exchange Kraken revealed an extortion attempt after a “researcher” exploited a bug to steal $3M, blurring the line between hacking and
Over 100 Chrome extensions caught stealing user accounts and data
Over 100 malicious Chrome extensions with 1.6M+ downloads were found stealing Google OAuth tokens, enabling full account takeover and ad fraud.
Russia blocks social media platform Bluesky in escalating internet crackdown
Russia has blocked the decentralized social media platform Bluesky, adding it to a state-run blacklist as part of its escalating internet censorship c
OpenAI caught in the crossfire of a North Korea-linked supply chain attack
OpenAI revoked a macOS code signing certificate after it was potentially compromised as part of a sophisticated, North Korea-linked supply chain attac
Invisible threats: Analyzing state-sponsored fiber tapping, Windows rootkits, and the AI arms race
An analysis of this week's top threats, including state-sponsored infrastructure attacks, persistent UEFI rootkits, and a critical PDF zero-day.
Rockstar Games data leaked online following breach at analytics partner
Data allegedly belonging to Rockstar Games has been leaked by the ShinyHunters gang after a breach at third-party analytics vendor Anodot.
Adobe patches critical zero-day that was exploited for months
Adobe has patched a critical zero-day (CVE-2024-34097) in Acrobat and Reader that was actively exploited via malicious PDFs for at least four months.
Claims of LinkedIn browser 'spying' clash with security research findings
Sensational claims of corporate espionage by LinkedIn's browser extension were largely refuted by researchers, who found its data collection served fe
OpenAI rotates security certificates after supply chain attack hits development pipeline
A malicious package impersonating 'axios' was executed in a GitHub Actions workflow, forcing OpenAI to rotate potentially exposed macOS code-signing k