#http-warnings

[ follow ]
#cybersecurity #malware #data-breach #vulnerabilities #security #social-engineering #ai #whatsapp #phishing
#openclaw
Information security
fromArs Technica
9 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
DevOps
fromInfoWorld
20 hours ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
9 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
DevOps
fromInfoWorld
20 hours ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
more#openclaw
Apple
fromMail Online
10 hours ago

Apple issues warning to iPhone users over stealthy attack: Act NOW

Apple has released critical iOS updates to protect against the DarkSword cyberattack method targeting vulnerable devices.
#ai
fromFortune
7 hours ago
Digital life

Internet Watch Foundation finds 260-fold increase in AI-generated CSAM in just one year, and 'it's the tip of the iceberg' | Fortune

Privacy technologies
fromComputerWeekly.com
1 day ago

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.
fromThe Hacker News
2 days ago
Information security

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirmed a human error led to the accidental release of Claude Code's internal source code, but no sensitive data was exposed.
Digital life
fromFortune
7 hours ago

Internet Watch Foundation finds 260-fold increase in AI-generated CSAM in just one year, and 'it's the tip of the iceberg' | Fortune

AI-generated child sexual abuse material is surging, fundamentally changing targeting methods and overwhelming investigators.
Privacy technologies
fromComputerWeekly.com
1 day ago

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.
Information security
fromThe Hacker News
2 days ago

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirmed a human error led to the accidental release of Claude Code's internal source code, but no sensitive data was exposed.
more#ai
#whatsapp
Privacy professionals
fromTechCrunch
2 days ago

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.
Privacy professionals
fromTNW | Apple
2 days ago

WhatsApp notifies 200 users who installed fake app built by Italian spyware maker SIO

WhatsApp alerted 200 users in Italy about a counterfeit app that was actually government spyware developed by SIO.
Information security
fromTheregister
3 days ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.
Privacy professionals
fromTechCrunch
2 days ago

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.
Privacy professionals
fromTNW | Apple
2 days ago

WhatsApp notifies 200 users who installed fake app built by Italian spyware maker SIO

WhatsApp alerted 200 users in Italy about a counterfeit app that was actually government spyware developed by SIO.
Information security
fromTheregister
3 days ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.
more#whatsapp
#phishing
Information security
fromTechzine Global
4 days ago

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.
Information security
fromThe Hacker News
2 days ago

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.
Information security
fromThe Hacker News
2 days ago

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.
Information security
fromTechzine Global
4 days ago

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.
more#phishing
#privacy
Privacy professionals
fromArs Technica
1 day ago

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.
Privacy professionals
fromArs Technica
1 day ago

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.
more#privacy
Software development
fromInfoWorld
12 hours ago

Internet Bug Bounty program hits pause on payouts

The Internet Bug Bounty program is pausing submissions for bug reports in open-source software to reassess its approach to security.
React
fromInfoWorld
20 hours ago

Local-first browser data gets real

Signals provide a performant alternative for reactive state management in front-end development.
#npm
Node JS
fromInfoQ
2 days ago

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.
Node JS
fromBleepingComputer
3 days ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.
Node JS
fromInfoQ
2 days ago

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.
Node JS
fromBleepingComputer
3 days ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.
more#npm
SF parents
fromBoston.com
2 days ago

Mass. man sentenced for online threats to public figures, children, elementary school

A Wilbraham man was sentenced to 32 months in prison for making violent threats against public officials, children, and a local school.
#cybersecurity
Information security
fromSecurityWeek
17 hours ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
fromThe Hacker News
1 day ago
Information security

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Information security
fromThe Hacker News
12 hours ago

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.
Information security
fromComputerWeekly.com
1 day ago

NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks | Computer Weekly

High-risk individuals must reduce exposure to social engineering attacks targeting encrypted messaging apps like Signal, WhatsApp, and Facebook Messenger.
Information security
fromSecurityWeek
17 hours ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
Information security
fromThe Hacker News
1 day ago

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.
Information security
fromThe Hacker News
12 hours ago

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.
Information security
fromComputerWeekly.com
1 day ago

NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks | Computer Weekly

High-risk individuals must reduce exposure to social engineering attacks targeting encrypted messaging apps like Signal, WhatsApp, and Facebook Messenger.
more#cybersecurity
#data-breach
Privacy professionals
fromSilicon Canals
19 hours ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Privacy technologies
fromTechCrunch
1 day ago

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.
Privacy professionals
fromSilicon Canals
1 day ago

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.
Privacy professionals
fromTechCrunch
1 day ago

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.
Information security
fromSecuritymagazine
1 day ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
Information security
fromTheregister
1 day ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
Privacy professionals
fromSilicon Canals
19 hours ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Privacy technologies
fromTechCrunch
1 day ago

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.
Privacy professionals
fromSilicon Canals
1 day ago

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.
Privacy professionals
fromTechCrunch
1 day ago

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.
Information security
fromSecuritymagazine
1 day ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
Information security
fromTheregister
1 day ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
more#data-breach
DevOps
fromComputerWeekly.com
1 day ago

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.
Apple
fromTechCrunch
2 days ago

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.
Digital life
fromBig Think
3 days ago

3 ways to prove you're human online

Generative AI is rapidly increasing information production, leading to a potential scarcity of human-generated content and a need for new human verification methods.
Information security
fromThe Hacker News
12 hours ago

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.
Privacy professionals
fromSilicon Canals
22 hours ago

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.
DevOps
fromTheregister
1 week ago

Documentation can contain malicious instructions for agents

Context Hub may enhance API usage but poses risks of software supply chain attacks through unverified documentation.
Privacy technologies
fromWIRED
3 days ago

This App Makes Even the Sketchiest PDF or Word Doc Safe to Open

Dangerzone is a free tool that safely opens potentially harmful documents by converting them into secure image-based PDFs.
Information security
fromWIRED
8 hours ago

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.
DevOps
fromInfoQ
1 week ago

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.
fromWIRED
21 hours ago

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The public Quizlet set contained information about alleged codes for specific facility entrances. 'Checkpoint doors code?' asked one card, with a specific four-digit combination listed in response.
Privacy professionals
#chrome
Information security
fromTechRepublic
1 day ago

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.
Information security
fromTechRepublic
1 day ago

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.
more#chrome
Information security
fromSecurityWeek
19 hours ago

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.
Privacy professionals
fromAdvocate.com
1 day ago

How the Kash Patel hack turned a college-linked username into a security warning

FBI Director Kash Patel's personal email was hacked, exposing over 300 emails and photos, raising concerns about digital security and identity management.
Information security
fromThe Hacker News
1 day ago

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.
Privacy professionals
fromSecurityWeek
2 days ago

FBI Warns of Data Security Risks From China-Made Mobile Apps

Foreign-developed mobile applications pose significant data security risks, particularly those from China, according to an FBI alert.
fromComputerworld
11 hours ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.
Information security
Privacy professionals
fromHer Campus
3 days ago

Who's Watching The Watchers? AI, Age Verification, And Online Privacy

Parents are increasingly concerned about children's exposure to harmful online content despite regulations like CIPA and platforms like YouTube Kids.
Information security
fromSecurityWeek
19 hours ago

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.
Information security
fromInfoWorld
1 day ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.
Privacy professionals
fromWIRED
1 week ago

Using a VPN May Subject You to NSA Spying

Using commercial VPNs may expose Americans to foreign surveillance laws, risking their constitutional protections against warrantless government spying.
Information security
fromTechzine Global
21 hours ago

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.
#malware
Information security
fromThe Hacker News
20 hours ago

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.
Information security
fromTheregister
1 day ago

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.
more#malware
#cisco
Information security
fromThe Hacker News
1 day ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.
Information security
fromSecurityWeek
1 day ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.
Information security
fromThe Hacker News
1 day ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.
Information security
fromSecurityWeek
1 day ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.
more#cisco
Information security
fromThe Hacker News
20 hours ago

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.
Information security
fromFortune
1 day ago

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.
Privacy professionals
fromthenextweb.com
4 weeks ago

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.
#claude-code
Information security
fromSecurityWeek
1 day ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
Information security
fromTheregister
2 days ago

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.
Information security
fromSecurityWeek
1 day ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
Information security
fromTheregister
2 days ago

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.
more#claude-code
#supply-chain-attack
more#supply-chain-attack
Information security
fromTechzine Global
1 day ago

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.
fromThe Hacker News
2 days ago

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
Information security
Information security
fromSecurityWeek
3 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.
Information security
fromSiliconANGLE
3 days ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.
Information security
fromComputerWeekly.com
3 days ago

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.
#api-security
Information security
fromInfoQ
4 days ago

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.
Information security
fromInfoQ
4 days ago

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.
Information security
fromTheregister
1 week ago

Security boffins harvest bumper crop of API keys from web

Almost 2,000 API credentials were found exposed on 10,000 webpages, posing significant security risks to organizations and critical infrastructure.
more#api-security
Information security
fromSecurityWeek
3 days ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.
Information security
fromSecurityWeek
6 days ago

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted by a ClickFix campaign delivering a Python-based information stealer through a fake Cloudflare verification page.
fromComputerworld
1 week ago

Chrome encryption bypass discovered: New malware steals passwords and cookies

The bypass requires neither privilege escalation nor code injection, making it a stealthier approach compared to alternative ABE bypass methods.
Information security
fromZDNET
1 month ago

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

Web browsers are among the top targets for today's cybercriminals, playing a role in nearly half of all security incidents, new research reveals. According to Palo Alto Networks' 2026 Global Incident Response report, an analysis of 750 major cyber incidents recorded last year across 50 countries found that, in total, 48% of cybercrime events involved browser activity. Individuals trying to connect to the web, including business employees, are exposed to cyberthreats on a daily basis.
Information security
[ Load more ]