Pulse of Truth

Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.…

Suzanne Smalley / The Record: A German court ruled Meta's tracking pixels embedded in third-party websites and apps violate the EU's GDPR, ordering it to pay €5,000 to a German Facebook user  —  A German court has ruled that Meta must pay €5,000 ($5,900) to a German Facebook user who sued the platform …

No, really, those are the magic words A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the AI model to play a guessing game.…

Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.

Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204. Compared to the same quarter last year, the volume of detected malware has jumped by 188%, highlighting the escalating scale and sophistication of attacks targeting developers, software teams, and CI/CD pipelines. “Attackers are no longer simply experimenting … More → The post Open source has a malware problem, and it’s getting worse appeared first on Help Net Security.

Only 23% of organizations are confident that they have very high visibility of their software supply chain, according to LevelBlue’s Data Accelerator. The limited visibility reported by organizations significantly impacts their cyber resilience. Poor risk visibility leaves software supply chains vulnerable This Accelerator is an in-depth analysis into data from the 2025 LevelBlue Futures Report, comparing risk appetites, investment gaps, and overall preparedness to help organizations secure their end-to-end software supplier ecosystem. It shows software … More → The post Global software supply chain visibility remains critically low appeared first on Help Net Security.

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

Extensions load unknown sites into invisible Windows. What could go wrong?

Low-severity bugs but infosec pros claim they are a 'critical' overall threat – patch accordingly AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure.…

Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. [...]

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. [...]

China's Hack-For-Hire Scene Disgorges Another LeakThe Chinese nation-state threat actor tracked as Salt Typhoon is operated by a clutch of private firms whose clients include multiple Chinese government agencies, finds analysis of leaked data by Spy Cloud. Researchers found a spreadsheet listing buyers, sellers and financial transaction details.

The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded. The post Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers appeared first on CyberScoop.

Qantas Airways Ltd. said personal information belonging to 5.7 million customers, ranging from names and addresses to phone numbers and meal preferences, were stolen in last week’s cyberattack, as the fallout from the latest airline security breach becomes clearer.

Following a breach at the country's top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements.

Comments

LLMs don’t read the danger in requests if you use enough big words.

Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.

With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions.

Ivanti has identified and resolved three high-severity vulnerabilities in its Endpoint Manager (EPM) software. If exploited, these flaws could enable attackers to decrypt other users’ passwords or gain access to sensitive database information, posing significant risks to organizations that rely on this endpoint management solution. Ivanti Endpoint Manager Mobile Vulnerabilities Ivanti’s recent security update targets […] The post Ivanti Endpoint Manager Mobile Vulnerabilities Allow Attackers to Decrypt Other Users’ Passwords appeared first on Cyber Security News.

Laura Onita / Financial Times: M&S Chair Archie Norman tells UK parliament that M&S used the FBI and UK agencies to combat the May cyberattack and says M&S believes DragonForce was behind it  —  Chair Archie Norman tells parliamentarians retailer believes Dragon Force was criminal gang behind attack

From the very dawn of the personal computing era, the PC and Apple platforms have gone very different ways. IBM compatibles surged in popularity, while Apple was able to more …read more

The retail giant's chair confirmed the breach was caused by ransomware.

Application Attack Matrix is a community effort designed to help defenders and organizations better understand and define how attackers use and exploit weaknesses in applications. The post Oligo Security strives to fill application-layer gaps in MITRE ATT&CK framework appeared first on CyberScoop.

Comments