Pulse of Truth

Users are not thrilled.

Verizon changed policy after he bought the phone, wouldn't unlock it despite FCC rule.

Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. [...]

One important player in the PPPP protocol business is VStarcam. At the very least they’ve already accumulated an impressive portfolio of security issues. Like exposing system configuration including access password unprotected in the Web UI (discovered by multiple people independently from the look of it). Or the open telnet port accepting hardcoded credentials (definitely discovered by lots of people independently). In fact, these cameras have been seen used as part of a botnet, likely thanks to some documented vulnerabilities in their user interface. Is that a thing of the past? Are there updates fixing these issues? Which devices can be updated? These questions are surprisingly hard to answer. I found zero information on VStarcam firmware versions, available updates or security fixes. In fact, it doesn’t look like they ever even acknowledged learning about the existence of these vulnerabilities. No way around downloading these firmware updates and having a look for myself. With surprising results. First of all: there are lots of firmware updates. It seems that VStarcam accumulated a huge number of firmware branches. And even though not all of them even have an active or downloadable update, the number of currently available updates goes into hundreds. And the other aspect: the variety of update formats is staggering, and often enough standard tools like binwalk aren’t too useful. It took some time figuring out how to unpack some of the more obscure variants, so[...]

The weak RC4 for administrative authentication has been a hacker Holy Grail for decades.

Scammers exploited a PayPal subscriptions feature to send legitimate emails from service@paypal.com, using fake purchase notifications to push tech support scams.

Comments

An open 16TB database exposed 4.3B professional records. It was unsecured and only closed after researchers alerted the owner. A 16TB unsecured MongoDB database exposed about 4.3 billion professional records, mainly LinkedIn-style data, enabling large-scale AI-driven social-engineering attacks. The researcher Bob Diachenko and nexos.ai discovered the unsecured DB on November 23, 2025, and it was […]

Dozens of government websites have fallen victim to a PDF-based SEO scam, while others have been hijacked to sell sex toys.

cross-posted from: https://lemmy.bestiver.se/post/796318

Comments

Comments

Hackers Target French Interior Ministry, Germany Summons Russian AmbassadorThe French Ministry of Interior is investigating a suspected nation-state cyberattack that targeted its email server. Additionally, the German government on Friday attributed a 2024 hacking incident on air traffic control systems to Russian nation-state hackers.

From protests to elections, governments are increasingly pulling the internet plug on entire populations. Connectivity is slowly becoming a tool of control, not a guarantee. 

Black Hat's Jeff Moss: 'We're in a Political Situation, Whether You Like It or Not'Technology doesn't exist in a vacuum, and by extension neither does cybersecurity. But in recent years, Black Hat founder Jeff Moss said he's been "struggling" with the "uncomfortable truth" that unlike the largely risk-free early days of hacking, today "all tech is political."

It's just audio for now, but the Mira set an icky precedent for always-on recording in smart glasses.

Research by ransomware expert Max Smeets suggests companies that pay up to criminal gangs are more likely to attract press attention

A spoofed email address and an easily faked document is all it takes for major tech companies to hand over your most personal information.

A security researcher tried to alert Home Depot to the security lapse exposing its back-end GitHub source code repos and other internal cloud systems, but was ignored.

Over 176 low-value transfers, $3.1 million worth of ‘dust’ was consolidated from Silk Road-era addresses before moving to Coinbase Prime. The post Who moved $3M in Silk Road BTC? Dormant addresses spring back to life appeared first on Protos.

Hama Film makes photo booths that upload pictures and videos online. But their back-end systems have a simple flaw that allows anyone to download customer pictures.

Privacy laws have expanded around the world, and security leaders now work within a crowded field of requirements. New research shows that these laws provide stronger rights and duties, but the protections do not always translate into reductions in harm. The study looks at thirty five years of privacy history, from the rise of early data protection efforts to the current landscape of AI driven risk, cross border transfers, and uneven enforcement. The researchers from … More → The post What 35 years of privacy law say about the state of data protection appeared first on Help Net Security.

President Donald Trump’s administration is preparing to turn to private businesses to help mount offensive cyberattacks against foreign adversaries, according to people familiar with the matter, potentially expanding a shadowy electronic conflict typically conducted by secretive intelligence agencies.

Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.…

And the earlier React2Shell patch is vulnerable If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it should patch quickly.…

A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. [...]