Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip Read more about Apple chips can be hacked to leak secrets from Gmail, iCloud, and more in a browser[…]

Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday. The journalists and other civil society members were being alerted of a possible breach of their devices, with Read more about WhatsApp says journalists and civil society members were targets of Israeli spyware[…]

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data. The non-profit organization provides primary medical, dental, and mental health services to more than 145,000 active patients. CHC said in a Thursday filing with Maine’s attorney general that unknown Read more about US healthcare provider data breach impacts 1 million patients[…]

Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023. The devices were infected with what appears to be a variant of cd00r, a publicly available “invisible backdoor” designed to operate stealthily on a victim’s machine by monitoring network traffic for specific Read more about Magic packet Backdoor found on Juniper VPN routers[…]

A Volkswagen software subsidiary called Cariad experienced a massive data leak that left 800,000 EV owners exposed, according to reporting by the German publication Spiegel Netzwelt. The leak allowed personal information to be left online for months, including movement data and contact information. This included precise location data for 460,000 vehicles made by VW, Seat Read more about Volkswagen data leak exposed the precise locations of 800,000 EV owners[…]

Hackers aligned with the Chinese government have infiltrated U.S. telecommunications infrastructure so deeply that it allowed the interception of unencrypted communications on a number of people, according to reports that first emerged in October. The operation, dubbed Salt Typhoon, apparently allowed hackers to listen to phone calls and nab text messages, and the penetration has Read more about Feds Warn SMS Authentication Is Unsafe[…]

The tool, named “EagleMsgSpy,” was discovered by researchers at U.S. cybersecurity firm Lookout. The company said at the Black Hat Europe conference on Wednesday that it had acquired several variants of the spyware, which it says has been operational since “at least 2017.” Kristina Balaam, a senior intelligence researcher at Lookout, told TechCrunch the spyware Read more about Researchers uncover Chinese spyware used to target Android devices[…]

The Biden administration on Friday hosted telco execs to chat about China’s recent attacks on the sector, amid revelations that US networks may need mass rebuilds to recover. Details of the extent of China’s attacks came from senator Mark R Warner, who on Thursday gave both The Washington Post and The New York Times insights Read more about China complete pwn of US all telco means a physical rebuild is necessary[…]

A critical zero-day vulnerability in Palo Alto Networks’ firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation. According to the equipment maker, the vulnerability requires no user interaction or privileges to exploit, and its attack complexity is deemed “low.” There’s no CVE number assigned to Read more about Mystery Palo Alto Networks 0-day RCE now actively exploited – shut off access to Management Interface NOW[…]

What’s claimed to be more than 183 million records of people’s contact details and employment info has been stolen or otherwise obtained from a data broker and put up for sale by a miscreant. The underworld merchant, using the handle KryptonZambie, has put a $6,000 price tag on the information in a cybercrime forum posting. Read more about Data broker gathers records on 100M+ people, gets stolen, put up for sale[…]

In October, video game giant Activision said it had fixed a bug in its anti-cheat system that affected “a small number of legitimate player accounts,” who were getting banned because of the bug. In reality, according to the hacker who found the bug and was exploiting it, they were able to ban “thousands upon thousands” Read more about Hacker bans thousands of Call of Duty gamers through anti-cheat software, shows how dangerous this poorly written kernel acces junk is.[…]

U.S. money transfer giant MoneyGram has confirmed that hackers stole its customers’ personal information and transaction data during a cyberattack last month. The company said in a statement Monday that an unauthorized third party “accessed and acquired” customer data during the cyberattack on September 20. The cyberattack — the nature of which remains unknown — Read more about MoneyGram says hackers stole customers’ personal information and transaction data[…]

[…] A pro-Palestenian hacktivist group called SN_BLACKMETA has taken responsibility for the hack on X and Telegram. “They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of ‘Israel,’” the group said Read more about Pro-Palistian Hacktivists Claim Responsibility for Taking Down the Internet Archive, piss off pro Palestinians globally[…]

[…] Today, a group of independent security researchers revealed that they’d found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the Internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the Read more about Flaw in Kia’s web portal let researchers track, hack cars. Again.[…]

Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company’s Microsoft Sharepoint server. Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and Read more about Fortinet confirms data breach after hacker claims to steal 440GB of files[…]