PT-2026-46092

Node names long name, short name received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor...

Company bragged phone mics could listen to conversations. They couldn’t.

A media company and two of its marketing partners have been fined for selling a service which, they said, listened in to people's conversations through their phones. Actually they did nothing of the sort. Most people have worried at some point that their phone has been listening to them through t...

Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds

A new study finds AI companies, defense firms, and dating apps are among 38 data collectors allegedly using manipulative design to confuse users while collecting their data...

State of ransomware in 2026

With International Anti-Ransomware Day taking place on May 12, Kaspersky presents its annual report on the evolving global and regional ransomware cyberthreat landscape. Ransomware remains one of the most persistent and adaptive cyberthreats. In 2026: New families continue to emerge, adopting...

Your extensions leak clues about you, so we made sure Browser Guard doesn’t

Did you know you can be profiled based on the browser extensions you use? Advertisers can detect which extensions are installed and use that to build a picture of the kind of user you are. For instance, do you pride yourself on being a good online shopper who never pays full price? Maybe you use ...

The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report

The predictive window has collapsed. In 2025, high-impact vulnerabilities weren’t quietly accumulating risk. They were operationalized, and often within days. Today, Rapid7 Labs released the 2026 Global Threat Landscape Report, an in-depth analysis of how attacker behavior is evolving across...

Missing Authentication For Critical Function

Apache ActiveMQ Artemis is vulnerable to Missing Authentication for Critical Function. The vulnerability is due to missing authentication checks in the Core protocol federation mechanism, allowing an unauthenticated attacker to force the broker to establish an outbound connection to a rogue broke...

How Data Brokers Can Fuel Violence Against Public Servants

A new report from the Public Service Alliance finds state privacy laws offer public servants few ways to protect their private data, even as threats against them are on the rise...

Surveillance and ICE Are Driving Patients Away From Medical Care, Report Warns

A new EPIC report says data brokers, ad-tech surveillance, and ICE enforcement are among the factors leading to a “health privacy crisis” that is eroding trust and deterring people from seeking care...

From the Shadows to the Headlines: A Decade of State-Sponsored Cyber Leaks

From the Shadows to the Headlines: A Decade of State-Sponsored Cyber Leaks By Ryan Slaney and Emma DeCarli · January 20, 2026 Executive summary The December 2, 2025, publication of a massive leak revealing the inner workings of the IRGC-linked Department 40 a.k.a. APT35, Charming Kitten, and Fres...

Your Digital Footprint Can Lead Right to Your Front Door

You lock your doors at night. You avoid sketchy phone calls. You're careful about what you post on social media. But what about the information about you that's already out there—without your permission? Your name. Home address. Phone number. Past jobs. Family members. Old usernames. It's all sti...

The State of Security Today: Setting the Stage for 2026

As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...

Sling TV turned privacy into a game you weren’t meant to win

Streaming service Sling TV has settled with the California Attorney General over allegations that it blocked users from exercising their privacy rights. The company will pay $530,000 after being accused of making it difficult for customers to opt out of its data collection practices. The Californ...

How scammers use your data to create personalized tricks that work

Think of your digital footprint as your online shadow—the trail you leave behind whenever you browse, post, shop, or even appear in someone’s contact list. It’s your likes, reviews, comments, and all the little traces you didn’t mean to share. Together, they paint a picture of you—one that friend...

CVE-2025-62413

MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting XSS vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. ...

CVE-2025-62413 MQTTX vulnerable to cross-site scripting via improper message payload rendering

MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting XSS vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. ...

Roku accused of selling children’s data to advertisers and brokers

The state of Florida has accused Roku, which powers many smart TVs and streaming devices, of selling children's data to third parties without their consent. According to the Florida Attorney General James Uthmeier, Roku collected viewing habits, voice recordings, and precise geolocation from kids...

The Business of Cybercrime: Raj Samani on Access, Ransomware, and What Comes Next

Cybercrime is no longer chaotic, it’s commercial. That’s the central theme of Episode 3 in our Experts on Experts: Commanding Perspectives series, where Craig Adams sits down with Raj Samani, Chief Scientist at Rapid7, for a wide-ranging, no-nonsense conversation on today’s threat economy. They...

EUVD-2019-2978

Malware in sbrugna...

EUVD-2019-0481

Malware in sbrugna...