Tag Directory / INFOSEC     showing 161–180 of 308   RSS


WhatsApp's former security boss claims reporting infosec failings led to ousting

Thomas Claburn / theregister - Meta shrugs off allegations of improper dismissal, ignoring privacy and security WhatsApp's former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him for r…

#cybersecurity #infosec #meta #law

WhatsApp's former security boss claims reporting infosec failings led to ousting

5 months / theregister / Thomas Claburn

Ex-Meta employee files whistleblower suit for alleged security flaws at WhatsApp

5 months / cnbc

Former WhatsApp security boss in lawsuit likens Meta’s culture to a “cult”

5 months / arstechnica / Dan Goodin

Back to Top / Monday, September 8, 2025, 7:20 pm / permalink 14097 / 3 stories in 5 months


Signal rolls out new encrypted backup features

Signal is stepping up its security game by launching a pair of backup options – one free and one paid – that offer end‐to‐end encrypted storage for chats, media, and messages. This dual-pronged approach aims to ensure users can safely restore their communications even after mishaps.

#infosec #cloudsec #apps #privacy

Forget disappearing messages – now Signal will store 100MB of them for you for free

5 months / theregister / Iain Thomson

Signal adds secure cloud backups to save and restore chats

5 months / bleepingcomputer / Sergiu Gatlan

Signal’s first paid feature adds encrypted media and message backups

5 months / theverge / Jay Peters

Signal introduces free and paid backup plans for your chats

5 months / techcrunch / Ivan Mehta

Back to Top / Monday, September 8, 2025, 3:20 pm / permalink 14066 / 4 stories in 5 months


Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

Sergiu Gatlan / bleepingcomputer - In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers' accounts in a phishing attack. [...]

#cybersecurity #infosec #supplychain

Image post - please click to view at origin

5 months / bsky / @arstechnica.com / arstechnica.com

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

5 months / arstechnica / Dan Goodin

Massive npm hack poisons 18 packages with billions of downloads

5 months / siliconangle / Duncan Riley

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

5 months / bleepingcomputer / Bill Toulas

Dev snared in crypto phishing net, 18 npm packages compromised

5 months / theregister / Thomas Claburn

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

5 months / bleepingcomputer / Sergiu Gatlan

Back to Top / Monday, September 8, 2025, 3:20 pm / permalink 14065 / 6 stories in 5 months


Salesloft says Drift customer data thefts linked to March GitHub account hack

Lorenzo Franceschi-Bicchierai / techcrunch - The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the breach.

#cybersecurity #saas #dataprivacy #infosec

Salesloft: Hacker broke into systems in March through GitHub account

5 months / therecord

NEW: Salesloft said hackers accessed its GitHub account between March and June of this year. During that time, they were able to access data that later helped them steal information from several customers, such as Bugcrowd, Cloudflare, Google, Proofpoin

5 months / bsky / @lorenzofb.bsky.social / lorenzofb.bsky.social

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the breach.

5 months / bsky / @techcrunch.com / techcrunch.com

How huge breach started: Drift attackers gained entry via a Salesloft GitHub account

5 months / theregister / Jessica Lyons

Salesloft says Drift customer data thefts linked to March GitHub account hack

5 months / techcrunch / Lorenzo Franceschi-Bicchierai

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

5 months / bleepingcomputer / Bill Toulas

Back to Top / Monday, September 8, 2025, 1:21 pm / permalink 14055 / 6 stories in 5 months


VirusTotal’s AI Uncovers Year-Long Malware Campaign Hidden in SVG Files

Markus Kasanmascheff / winbuzzer - VirusTotal has used its AI Code Insight tool to uncover a year-long malware campaign that hid within SVG files to evade antivirus software.The post VirusTotal’s AI Uncovers Year-Long Malware Campaign Hidden in SVG Files appeared first on WinBuzzer.

#cybersecurity #infosec #security

VirusTotal’s AI Uncovers Year-Long Malware Campaign Hidden in SVG Files

5 months / winbuzzer / Markus Kasanmascheff

Malware found hidden in image files, can dodge antivirus detection entirely — VirusTotal discovers undetected SVG phishing campaign

5 months / tomshardware

Back to Top / Sunday, September 7, 2025, 12:20 pm / permalink 13994 / 2 stories in 5 months


Attackers snooping around Sitecore, dropping malware via public sample keys

Jessica Lyons / theregister - You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping malware …

#cybersecurity #infosec #hack

Attackers snooping around Sitecore, dropping malware via public sample keys

6 months / theregister / Jessica Lyons

Hackers exploited Sitecore zero-day flaw to deploy backdoors

6 months / bleepingcomputer / Bill Toulas

Back to Top / Thursday, September 4, 2025, 7:21 pm / permalink 13857 / 2 stories in 6 months


Windows 11 August 2025 security update is causing unintended UAC prompts to appear for non-admin users — some apps are crashing

tomshardware - Microsoft's latest Windows update for Windows 11, Windows 10 is causing unintended UAC prompts to appear in certain cases for non-admin users.

#software #infosec #windows #microsoft

Windows 11 August 2025 security update is causing unintended UAC prompts to appear for non-admin users — some apps are crashing

6 months / tomshardware

Windows starts asking for admin rights where it shouldn't after security fix

6 months / theregister / Richard Speed

Back to Top / Thursday, September 4, 2025, 4:21 pm / permalink 13832 / 2 stories in 6 months


LinkedIn will require recruiters and executives to verify their identity to cut down on scams

Ian Carlos Campbell / engadget - LinkedIn will now require some users to verify their identity before they change job titles in an attempt to cut down on scams on the platform. The new identity verification rules will specifically apply to executives and recruiters who interact with job …

#infosec #business #scam #privacy

LinkedIn will require recruiters and executives to verify their identity to cut down on scams

6 months / engadget / Ian Carlos Campbell

LinkedIn takes on hiring scams with recruiter verification

6 months / theverge / Dominic Preston

Back to Top / Thursday, September 4, 2025, 9:22 am / permalink 13779 / 2 stories in 6 months


Cloudflare Breach Exposes Customer Support Data in Major Salesloft Supply-Chain Attack

Markus Kasanmascheff / winbuzzer - Cloudflare confirms it was a victim of a major supply-chain attack via Salesloft, exposing customer support data and potential credentials from its Salesforce instance.The post Cloudflare Breach Exposes Customer Support Data in Major Salesloft Supply-Chai…

#cybersecurity #dataprivacy #infosec #business

Cloudflare, Zscaler among companies impacted by Salesloft Drift incident

6 months / therecord

Cloudflare Breach Exposes Customer Support Data in Major Salesloft Supply-Chain Attack

6 months / winbuzzer / Markus Kasanmascheff

Back to Top / Wednesday, September 3, 2025, 8:21 am / permalink 13658 / 2 stories in 6 months


Cloudflare Says Support Case Data Compromised by Breach of Salesloft’s Drift

PYMNTS / pymnts - Cloudflare said Tuesday (Sept. 2) that information shared in its customer support system should be considered compromised. The company issued this warning in a Tuesday blog post in which it disclosed that it was affected by a breach of Salesloft’s Drift t…

#cybersecurity #dataprivacy #infosec #cloudsec

Cloudflare Says Support Case Data Compromised by Breach of Salesloft’s Drift

6 months / pymnts / PYMNTS

How big will this Drift get? Cloudflare cops to Salesloft Drift breach

6 months / theregister / Jessica Lyons

Back to Top / Tuesday, September 2, 2025, 7:21 pm / permalink 13631 / 2 stories in 6 months


Stolen OAuth tokens expose Palo Alto customer data

Paul Kunert / theregister - Security firm's Salesforce instance accessed using credentials stolen from Salesloft's Drift platform breach Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lif…

#cybersecurity #dataprivacy #infosec #cloudsec

Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week.

6 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

Breach of Salesloft Drift integration exposes data at Cloudflare, Zscaler and Palo Alto Networks

6 months / siliconangle / Duncan Riley

Cloudflare hit by data breach in Salesloft Drift supply chain attack

6 months / bleepingcomputer / Sergiu Gatlan

Zscaler latest victim of Salesloft Drift attacks, customer data exposed

6 months / theregister / Jessica Lyons

Stolen OAuth tokens expose Palo Alto customer data

6 months / theregister / Paul Kunert

Palo Alto Networks data breach exposes customer info, support tickets

6 months / bleepingcomputer / Lawrence Abrams

Back to Top / Tuesday, September 2, 2025, 10:22 am / permalink 13546 / 6 stories in 6 months


WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware

Zack Whittaker / techcrunch - A spyware vendor was behind a recent campaign that abused a vulnerability in WhatsApp to deliver an exploit capable of hacking into iPhones and Macs.

#infosec #apple #ios #apps

A new spyware campaign chained WhatsApp and a flaw in iOS 18.6 to expose users to a "zero-click" hack that required no interaction to compromise an iPhone.

6 months / bsky / @appleinsider.com / appleinsider.com

A spyware vendor was behind a recent campaign that abused a vulnerability in WhatsApp to deliver an exploit capable of hacking into iPhones and Macs.

6 months / bsky / @techcrunch.com / techcrunch.com

NEW: WhatsApp has fixed a "zero-click" security flaw in its iOS and Mac apps that was being used to stealthily hack into Apple devices. Amnesty said the hacks were part of an "advanced spyware campaign." WhatsApp tells me they sent fe

6 months / bsky / @zackwhittaker.com / zackwhittaker.com

Advanced spyware campaign: WhatsApp users have been targeted by government spyware again, “less than 200” hacked Apple users techcrunch.com/2025/08/29/w... #Staatstrojaner

6 months / bsky / @ccc.de / ccc.de

WhatsApp flaw paired with iOS 18 exploit delivered zero-click spyware

6 months / appleinsider

WhatsApp iOS and Mac Security Bug Exploited by Hackers Now Patched

6 months / iphoneincanada / Austin Blake

WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware

6 months / techcrunch / Zack Whittaker

WhatsApp patches vulnerability exploited in zero-day attacks

6 months / bleepingcomputer / Sergiu Gatlan

Back to Top / Friday, August 29, 2025, 2:21 pm / permalink 13406 / 8 stories in 6 months


Microsoft to Enforce MFA for Azure Command-Line Tools Starting October 2025

Markus Kasanmascheff / winbuzzer - Microsoft will mandate Multi-Factor Authentication (MFA) for Azure CLI, PowerShell, and APIs starting Oct 1, 2025, to enhance security for developers.The post Microsoft to Enforce MFA for Azure Command-Line Tools Starting October 2025 appeared first on Wi…

#cybersecurity #infosec #microsoft #azure

Microsoft to Enforce MFA for Azure Command-Line Tools Starting October 2025

6 months / winbuzzer / Markus Kasanmascheff

Microsoft to enforce MFA for Azure resource management in October

6 months / bleepingcomputer / Sergiu Gatlan

Back to Top / Friday, August 29, 2025, 1:21 pm / permalink 13400 / 2 stories in 6 months


High-severity vulnerability in Passwordstate credential manager. Patch now.

Dan Goodin / arstechnica - Vulnerability can be exploited to gain access to customers' crown jewels.

#cybersecurity #software #infosec

High-severity vulnerability in Passwordstate credential manager. Patch now.

6 months / arstechnica / Dan Goodin

Passwordstate dev urges users to patch auth bypass vulnerability

6 months / bleepingcomputer / Sergiu Gatlan

Back to Top / Thursday, August 28, 2025, 2:21 pm / permalink 13317 / 2 stories in 6 months


New research shows passkeys can be hijacked through malicious extensions

Duncan Riley / siliconangle - A new report out today from browser security company SquareX Ltd. reveals a critical flaw in passkeys, the widely promoted alternative to passwords, that could allow attackers to hijack accounts across banking, e-commerce and enterprise software-as-a-serv…

#cybersecurity #infosec #privacy

Unpacking Passkeys Pwned: Possibly the most specious research in decades

6 months / arstechnica / Dan Goodin

New research shows passkeys can be hijacked through malicious extensions

6 months / siliconangle / Duncan Riley

Back to Top / Thursday, August 28, 2025, 9:20 am / permalink 13275 / 2 stories in 6 months


The first AI-powered ransomware has been discovered — "PromptLock" uses local AI to foil heuristic detection and evade API tracking

tomshardware - Security firm ESET has discovered a new type of ransomware that uses a local AI model to generate malicious scripts and perform other illicit activities. Because of the variance of LLM output, this malware is harder to track than traditional attacks.

#ai #cybersecurity #infosec #cybercrime

First AI-powered ransomware spotted, but it's not active – yet

6 months / theregister / Jessica Lyons

The first AI-powered ransomware has been discovered — "PromptLock" uses local AI to foil heuristic detection and evade API tracking

6 months / tomshardware

Back to Top / Tuesday, August 26, 2025, 5:21 pm / permalink 13150 / 2 stories in 6 months


Nevada closes state offices as cyberattack disrupts IT systems

Lawrence Abrams / bleepingcomputer - Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday. [...]

#cybersecurity #infosec #government #cybercrime

Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday.

6 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

Nevada closes state offices as cyberattack disrupts IT systems

6 months / bleepingcomputer / Lawrence Abrams

Back to Top / Tuesday, August 26, 2025, 1:21 pm / permalink 13122 / 2 stories in 6 months


Arch Linux continues to feel the force of a DDoS attack after two brutal weeks — attackers yet to be identified as project struggles to restore full service

tomshardware - The Arch Linux project team are working to mitigate the impact, while keeping details of who, why and how close to its chest

#cybersecurity #infosec #distributions #linux

Arch Linux continues to feel the force of a DDoS attack after two brutal weeks — attackers yet to be identified as project struggles to restore full service

6 months / tomshardware

Arch Linux takes a pounding as DDoS attack enters week two

6 months / theregister / Gareth Halfacree

Back to Top / Friday, August 22, 2025, 12:21 pm / permalink 12902 / 2 stories in 6 months


Dev plants kill switch in ex-employer's network that crashed servers and deleted files, gets four years in the slammer — kill switch triggered by dev's removal from Active Directory when fired

tomshardware - A software engineer called Davis Lu was sentenced to four years in prison for creating a kill switch in his former employer's network.

#cybersecurity #infosec #cybercrime #law

Developer gets 4 years for activating network “kill switch” to avenge his firing

6 months / arstechnica / Ashley Belanger

The ex-developer was convicted of planting malicious code designed to crash its servers in the event that he was fired.

6 months / bsky / @techcrunch.com / techcrunch.com

Dev plants kill switch in ex-employer's network that crashed servers and deleted files, gets four years in the slammer — kill switch triggered by dev's removal from Active Directory when fired

6 months / tomshardware

Developer gets prison time for sabotaging former employer’s network with a ‘kill switch’

6 months / techcrunch / Zack Whittaker

Back to Top / Friday, August 22, 2025, 11:21 am / permalink 12894 / 4 stories in 6 months


Inside the Underground Trade of ‘Flipper Zero’ Tech to Break into Cars

Joseph Cox / 404media - “Kia Boys will be Flipper Boys by 2026,” one person in the reverse engineering community said.

#infosec #cars #cybercrime #security

A Digital Underground Is Using the Flipper Zero to Break Into Cars

6 months / gizmodo / Lucas Ropek

Is the Flipper Zero the next big car theft gadget?

6 months / theverge / Andrew J. Hawkins

Inside the Underground Trade of ‘Flipper Zero’ Tech to Break into Cars

6 months / 404media / Joseph Cox

Back to Top / Thursday, August 21, 2025, 11:21 am / permalink 12803 / 3 stories in 6 months


Back to Top


INFOSEC Heatmap

90 days, weeks are vertical, left is older; hover for info, click to see that day's coverage.



More Top Stories...

Pentagon labels Anthropic a supply‑chain risk; company vows legal fight

The Pentagon has designated Anthropic and its products as a “supply‑chain risk,” prompting the company to announce a court challenge. Experts warn the move could chill collaboration and talent flows into AI, while Anthropic insists it will contest the determination to protect its operations and customers. More...


SoftBank seeks massive $40B loan to back OpenAI investment, courting big risk

SoftBank is reportedly seeking up to a $40 billion loan to finance its planned stake in OpenAI, an audacious use of leverage to double down on the AI boom. The move would be one of the largest single‑company financing gambits in recent memory, raising questions about balance‑sheet strain versus potential upside. More...


Oracle and OpenAI scrap Texas data-center expansion; Meta eyes the spare capacity

Oracle and OpenAI have abandoned plans to expand a flagship Texas data center, leaving substantial compute capacity up for grabs. Nvidia reportedly brokered interest from Meta to take the unused slots as OpenAI downscales that particular buildout, a move that rattled markets and highlights shifting demand for large-scale on-prem AI infrastructure. More...


OpenAI launches Codex Security agent to automatically detect software vulnerabilities

OpenAI rolled out Codex Security, an AI agent that scans codebases to find complex vulnerabilities, suggests actionable fixes, and uses sandbox testing to limit false positives. The tool has already flagged issues in major projects and aims to compete with traditional application security tooling by automating deep, contextual code review. More...


Google releases Workspace CLI enabling AI agents to access Gmail, Drive, Calendar

Google has shipped an open-source Workspace CLI that gives AI agents like OpenClaw programmatic access to Gmail, Drive, Calendar and other Workspace services via a built-in MCP server. The tool standardizes agent integration, making it easier — and slightly creepier — for automated assistants to act on users’ behalf across core productivity apps. More...


NorthFeed Inc.

Disclaimer: The information provided on this website is intended for general informational purposes only. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. Users are encouraged to verify all details independently. We accept no liability for errors, omissions, or any decisions made based on this information.