US Senator Ron Wyden accused the federal judiciary of “negligence and incompetence” following a recent hack, reportedly by hackers with ties to the Russian government, that exposed confidential court documents. The breach of the judiciary’s electronic case filing system first came to light in a report by Politico …
Barristers report going unpaid and cases being turned away amid fears firms will desert legal aid work altogether Lawyers have warned that a cyber-attack on the Legal Aid Agency has pushed the sector into chaos, with barristers going unpaid, cases being turned away and fears a growing number of …
Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy …
Researchers needed less than 48 hours with Google’s new Gemini CLI coding agent to devise an exploit that made a default configuration of the tool surreptitiously exfiltrate sensitive data to an attacker-controlled server. Gemini CLI is a free, open-source AI tool that works in the terminal environment to …
Looks serious. [...]
Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of …
The Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gains access to device GPS location data …
Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device (FRED), also known as an End-of-Train (EOT) device, is attached to the back …
A critical vulnerability allowing hackers to bypass multifactor authentication in network management devices made by Citrix has been actively exploited for more than a month, researchers said. The finding is at odds with advisories from the vendor saying there is no evidence of in-the-wild exploitation. Tracked as CVE-2025-5777, the …
Paragon is an Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of its product. Citizen Lab caught it spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users …
Thousands of home and small office routers manufactured by Asus are being infected with a stealthy backdoor that can survive reboots and firmware updates in an attack by a nation-state or another well-resourced threat actor, researchers said. The unknown attackers gain access to the devices by exploiting now-patched vulnerabilities …
How to prove your identity after your account gets hacked and how to improve security for the future Phone lost or stolen? Practical steps to restore peace of mind UK passport lost or stolen? Here are the steps you need to take Your Facebook or Instagram account can be …
Google is adding a new security setting to Android to provide an extra layer of resistance against attacks that infect devices, tap calls traveling through insecure carrier networks, and deliver scams through messaging services. On Tuesday, the company unveiled the Advanced Protection mode, most of which will be rolled …
The case is over : A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I’m sure it’ll be appealed. Everything always is. [...]
Meta is suing NSO Group, basically claiming that the latter hacks WhatsApp and not just WhatsApp users. We have a procedural ruling: Under the order, NSO Group is prohibited from presenting evidence about its customers’ identities, implying the targeted WhatsApp users are suspected or actual criminals, or alleging that …
The FBI is offering $10 million for information about the China-state hacking group tracked as Salt Typhoon and its intrusion last year into sensitive networks belonging to multiple US telecommunications companies. Salt Typhoon is one of a half-dozen or more hacking groups that work on behalf of the People …
The Wall Street Journal has the story : Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese …
Join a loyalty scheme and you often get a reward or discount on your special day – but it may have strings attached Celebrating your birthday isn’t just about getting presents and cards from family and friends. Signing up to loyalty schemes and newsletters can give you access to …
In another rare squid/cybersecurity intersection, APT37 is also known as “ Squid Werewolf.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. [...]
Lots of interesting details in the story : The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security …
This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job. [...]
It looks like a very sophisticated attack against the Dubai-based exchange Bybit: Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it …
The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history. Bybit officials disclosed the theft of more …
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications …
In the nascent field of AI hacking, indirect prompt injection has become a basic building block for inducing chatbots to exfiltrate sensitive data or perform other malicious actions. Developers of platforms such as Google's Gemini and OpenAI's ChatGPT are generally good at plugging these security holes, but hackers keep …