Sitecore CMS flaw let attackers brute-force 'b' for backdoor

Sitecore CMS exploit chain starts with hardcoded 'b' password

#cybersecurity #gaming #nintendo

After just 12 days, Nintendo is already nuking Switch 2 consoles for players caught using Mig Flash — popular cartridge allows Switch 1 games on the new console, but users say they're only using their own ROMs

tomshardware - Be wary if you're planning to use the MIG-Switch with your Nintendo Switch 2, with user reports indicating a widespread ban on consoles that have been used with the flash cart.

Nintendo will take your Switch 2 offline forever if you use a Mig flash cartridge

8 months / theverge / Cameron Faulkner

Nintendo is now banning Switch 2 consoles over piracy

8 months / mobilesyrup / Bradly Shankar

Nintendo is already banning Switch 2 flashcart users

8 months / techspot

Switch 2 users report online console bans after running personal game “backups”

8 months / arstechnica / Kyle Orland

After just 12 days, Nintendo is already nuking Switch 2 consoles for players caught using Mig Flash — popular cartridge allows Switch 1 games on the new console, but users say they're only using their own ROMs

8 months / tomshardware

Nintendo Launches Opening Salvo in War Against Switch 2 Game Pirates, as MIG Switch Users Report Online Service Bans

8 months / ign / Tom Phillips

23andMe hit with £2.3M fine after exposing genetic data of millions

Connor Jones / theregister - Penalty follows year-long probe into flaws that allowed attack to affect so many The UK's data watchdog is fining beleaguered DNA testing outfit 23andMe £2.31 million ($3.13 million) over its 2023 mega breach.…

#cybersecurity #biotech #dataprivacy #law

UK Watchdogs Fine 23andMe $3.1M for Data Security Violations

8 months / cnet / Bree Fowler

UK watchdog fines 23andMe over 2023 data breach

UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data

8 months / bleepingcomputer / Sergiu Gatlan

23andMe hit with £2.3M fine after exposing genetic data of millions

UK watchdog fines 23andMe over 2023 data breach

Bots are overwhelming websites with their hunger for AI data

Bots are overwhelming websites with their hunger for AI data

Thomas Claburn / theregister - GLAM-E Labs report warns of risk to online cultural resources Bots harvesting content for AI companies have proliferated to the point that they're threatening digital collections of arts and culture.…

#ai #cybersecurity #aiethics #culture

8 months / theregister / Thomas Claburn

AI Scraping Bots Are Breaking Open Libraries, Archives, and Museums

8 months / 404media / Emanuel Maiberg

Canada's WestJet says 'expect interruptions' online as it navigates cybersecurity turbulence

Connor Jones / theregister - Flights still flying - just don't count on the app or website working smoothly Canadian airline WestJet is warning of "intermittent interruptions or errors" on its app and website as it investigates a cybersecurity incident.…

#cybersecurity #infosec #aviation #cybercrime

Canada's WestJet says 'expect interruptions' online as it navigates cybersecurity turbulence

Canada’s WestJet probes cyberattack on internal systems

8 months / techmonitor / Aninda Chakraborty

Dark Web Drug Market Crushed by Transatlantic Law Enforcement

European and US authorities have coordinated a decisive operation that dismantled an illicit dark web drug marketplace. The crackdown resulted in key arrests, dismantling a platform that had facilitated large-scale narcotics trafficking and underscoring the international resolve to combat cyber-enabled criminal networks.

#cybersecurity #government #cybercrime #law

Eurocops arrest suspected Archetyp admin, shut down mega dark web drug shop

Police seizes Archetyp Market drug marketplace, arrests admin

8 months / bleepingcomputer / Sergiu Gatlan

Car sharing giant Zoomcar says hacker accessed personal data of 8.4 million users

Jagmeet Singh / techcrunch - The personal data includes customer names, phone numbers, and car registration numbers.

#cybersecurity #dataprivacy #cars #privacy

Indian car-sharing marketplace Zoomcar has revealed that a hacker accessed the personal data of at least 8.4 million customers, including their names, phone numbers, and car registration numbers. techcrunch.com/2025/06/16/c...

8 months / bsky / @journalistjagmeet.com / journalistjagmeet.com

Car sharing giant Zoomcar says hacker accessed personal data of 8.4 million users

Car sharing giant Zoomcar says hacker accessed personal data of 8.4 million users

8 months / techcrunch / Jagmeet Singh

Zoomcar discloses security breach impacting 8.4 million users

#cybersecurity #infosec #cloudsec #microsoft

Microsoft 365: Hackers Abuse Pentesting Tool for Widespread Attack on 80,000 User Accounts

Markus Kasanmascheff / winbuzzer - The "UNK_SneakyStrike" campaign is actively targeting over 80,000 Microsoft Entra ID accounts by weaponizing the TeamFiltration pentesting tool for large-scale, automated password spraying attacks.The post Microsoft 365: Hackers Abuse Pentesting Tool for …

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide.

8 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

Microsoft 365: Hackers Abuse Pentesting Tool for Widespread Attack on 80,000 User Accounts

8 months / winbuzzer / Markus Kasanmascheff

Password-spraying attacks target 80,000 Microsoft Entra ID accounts

#cybersecurity #security #privacy #hack

Journalists targeted by Paragon spyware confirmed in latest hacking incident

Recent reports confirm that multiple journalists have been hacked using Paragon spyware, intensifying concerns over digital press freedom and privacy. Investigations reveal sophisticated techniques aimed at European media figures, prompting urgent calls for stronger cybersecurity measures amid an already invasive surveillance landscape.

"“I don’t like conspiracies, but there are two Italian journalists from the same newspaper in the same condition,” he said. “It can’t be a coincidence."" @suzannesmalley.bsky.social and @therecordmedia.bsky.social reports therecord.media/

8 months / bsky / @rondeibert.bsky.social / rondeibert.bsky.social

Graphite spyware used in Apple iOS zero-click attacks on journalists

Paragon spyware activity found on more journalists’ devices

8 months / therecord

Aim Security details first known AI zero-click exploit targeting Microsoft 365 Copilot

Duncan Riley / siliconangle - A new report out today from Aim Security Ltd. has revealed the first known zero-click artificial intelligence vulnerability that could have allowed attackers to exfiltrate sensitive internal data without any user interaction. The vulnerability, dubbed “Ec…

#ai #cybersecurity #cloudsec #microsoft

Your weekly reminder not to build LLM systems that combine access to private data with exposure to untrusted tokens and exfiltration vectors (the "lethal trifecta"). This time it was Microsoft 365 Copilot (now patched, they closed the exfiltrati

8 months / bsky / @simonwillison.net / simonwillison.net

Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot

8 months / simonwillison / Simon Willison

Aim Security details first known AI zero-click exploit targeting Microsoft 365 Copilot

8 months / siliconangle / Duncan Riley

Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot

#cybersecurity #dataprivacy #infosec #government

Texas warns 300,000 crash reports siphoned via compromised user account

Iain Thomson / theregister - Lone Star State drivers with accident records need to be careful about fraud The Texas Department of Transportation says a compromised user account was used to improperly download nearly 300,000 crash reports, exposing personal data that could be exploite…

Texas warns 300,000 crash reports siphoned via compromised user account

8 months / theregister / Iain Thomson

Texas Dept. of Transportation breached, 300k crash records stolen

#cybersecurity #infosec #business #cybercrime

Ongoing cyberattack at US grocery distributor giant UNFI affecting customer orders

Zack Whittaker / techcrunch - United Natural Foods said it is "diligently managing through the cyber incident" that sparked disruption outages.

Whole Foods tells staff cyberattack at its primary distributor UNFI will affect product availability

Ongoing cyberattack at US grocery distributor giant UNFI affecting customer orders

Grocery wholesaler UNFI hit by cyberattack, operations affected

8 months / techmonitor / Aninda Chakraborty

M&S online ordering system operational 46 days after cyber shutdown

Connor Jones / theregister - A milestone in cyberattack recovery – but deliveries will take a while and normal service not yet back UK retailer Marks & Spencer has reinstated online orders for some customers, marking a major milestone in its recovery from a cyberattack in April.…

#cybersecurity #ecommerce #infosec #business

M&S online ordering system operational 46 days after cyber shutdown

#cybersecurity #infosec #business #europe

Spyware maker cuts ties with Italy after government refused audit into hack of journalist’s phone

therecord - Israel-based spyware maker Paragon and Italy's government had a falling out over the company's offer to help investigate what happened on journalist Francesco Cancellato's phone.

Spyware maker cuts ties with Italy after government refused audit into hack of journalist’s phone

8 months / therecord

Paragon says it canceled contracts with Italy over government’s refusal to investigate spyware attack on journalist

8 months / techcrunch / Lorenzo Franceschi-Bicchierai

Major US grocery distributor warns of disruption after cyberattack

Zack Whittaker / techcrunch - UNFI, a grocery distributor for Whole Foods and others, warned of disruptions to customer orders after a cyberattack.

#cybersecurity #infosec #business #supplychain

Major US grocery distributor warns of disruption after cyberattack

Major US grocery distributor warns of disruption after cyberattack

Grocery wholesale giant United Natural Foods hit by cyberattack

8 months / bleepingcomputer / Sergiu Gatlan

Trump rescinds Biden’s cybersecurity initiatives with new executive order

Swagath Bandhakavi / techmonitor - US President Donald Trump issued an executive order on Friday that revokes multiple cybersecurity measures established by Joe Biden.

#cybersecurity #infosec #government #trump

Trump rescinds Biden’s cybersecurity initiatives with new executive order

8 months / techmonitor / Swagath Bandhakavi

Trump cyber executive order drops Biden-era provisions

8 months / therecord

Google fixes bug that could reveal users’ private phone numbers

Zack Whittaker / techcrunch - The bug allowed a researcher to uncover recovery phone numbers of nearly any Google account.

#cybersecurity #google #android #privacy

Google patched bug leaking phone numbers tied to accounts

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

8 months / bsky / @404media.co / 404media.co

Výzkumník brutecat našel zranitelnost, která odhalila telefonní číslo spojené s jakýmkoli účtem Google pomocí brute force. Google problém opravil

8 months / bsky / @tyden.bsky.social / tyden.bsky.social

New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account. TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.

8 months / bsky / @zackwhittaker.com / zackwhittaker.com

Google fixes bug that could reveal users’ private phone numbers

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

8 months / 404media / Joseph Cox

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

8 months / wired / Joseph Cox

Google fixes bug that could reveal users’ private phone numbers