Pulse of Truth

Creators of AI image models for porn and celebrities are running out of easy hosting options as Civitai and Tensor.Art change their policies under pressure.

Ange Lavoipierre / ABC: At the end of June, Australia quietly introduced rules forcing search engine companies such as Google and Microsoft to check the ages of logged-in users  —  In short:  —  Search engines are in line for the same age assurance technology behind the teen social media ban.

Lowering the risks that common vulnerabilities and exposures (CVEs) pose to organizations can be a costly endeavor — but shifting your team's focus away from the deluge can free up your software engineering efforts and unleash business opportunities while reducing risk, a new report has found.

Russian basketball player arrested in France over alleged ties to a ransomware group accused of targeting U.S. firms and federal institutions. Russian basketball player Daniil Kasatkin (26) was arrested in France in June at the request of the U.S. over alleged ties to a ransomware group targeting hundreds of U.S. companies and federal entities. He […]

Comments

Oh my sweet secret informant lover, what happened in that NATO meeting today? A lovestruck US Air Force employee has pleaded guilty to conspiring to transmit confidential national defense information after sharing military secrets information about the Russia-Ukraine war with a woman he met on a dating app.…

Financial institutions are building stronger defenses against direct cyberattacks, but they may be overlooking a growing problem: their vendors. According to Black Kite’s new report, third-party risk has become one of the biggest cybersecurity threats facing the financial sector. Ransomware attacks by finance subindustry (Source: Black Kite) The vendor blind spot The report finds that while financial institutions themselves are getting better at defending against ransomware and other threats, the companies they rely on, including … More → The post Financial firms are locking the front door but leaving the back open appeared first on Help Net Security.

While IT departments race to implement AI governance frameworks, many employees have already opened a backdoor for AI, according to ManageEngine. The rise of unauthorized AI use Shadow AI has quietly infiltrated organizations across North America, creating blind spots that even the most careful IT leaders struggle to detect. Despite formal guidelines and sanctioned tools, shadow Al has become the norm rather than the exception. 70% of IT decision makers (ITDMs) have identified unauthorized AI … More → The post Employees are quietly bringing AI to work and leaving security behind appeared first on Help Net Security.

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. [...]

Politicians uneasy over potential impact on national security, local reports say Russia, home to some of the world's most lucrative and damaging cybercrime operations, has rejected a bill to legalize ethical hacking.…

Suzanne Smalley / The Record: A German court ruled Meta's tracking pixels embedded in third-party websites and apps violate the EU's GDPR, ordering it to pay €5,000 to a German Facebook user  —  A German court has ruled that Meta must pay €5,000 ($5,900) to a German Facebook user who sued the platform …

Suspects Tied to April Ransomware Attacks Against Retailers M&S, Co-Op, HarrodsThe U.K.'s National Crime Agency on Thursday arrested in England four suspected members of the Scattered Spider cybercrime collective, as part of an ongoing investigation into major, disruptive hack attacks in April against major retailers Marks & Spencer, the Co-Op and Harrods.

Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.…

No, really, those are the magic words A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the AI model to play a guessing game.…

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

Extensions load unknown sites into invisible Windows. What could go wrong?

Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.

Low-severity bugs but infosec pros claim they are a 'critical' overall threat – patch accordingly AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure.…

Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204. Compared to the same quarter last year, the volume of detected malware has jumped by 188%, highlighting the escalating scale and sophistication of attacks targeting developers, software teams, and CI/CD pipelines. “Attackers are no longer simply experimenting … More → The post Open source has a malware problem, and it’s getting worse appeared first on Help Net Security.

Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. [...]

Only 23% of organizations are confident that they have very high visibility of their software supply chain, according to LevelBlue’s Data Accelerator. The limited visibility reported by organizations significantly impacts their cyber resilience. Poor risk visibility leaves software supply chains vulnerable This Accelerator is an in-depth analysis into data from the 2025 LevelBlue Futures Report, comparing risk appetites, investment gaps, and overall preparedness to help organizations secure their end-to-end software supplier ecosystem. It shows software … More → The post Global software supply chain visibility remains critically low appeared first on Help Net Security.

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. [...]

China's Hack-For-Hire Scene Disgorges Another LeakThe Chinese nation-state threat actor tracked as Salt Typhoon is operated by a clutch of private firms whose clients include multiple Chinese government agencies, finds analysis of leaked data by Spy Cloud. Researchers found a spreadsheet listing buyers, sellers and financial transaction details.

The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded. The post Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers appeared first on CyberScoop.

Comments