Google Sues the Badbox Botnet Operators

It will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google's security...

Behind the Booking: How Bots Are Undermining Airline Revenue

The airline industry is under constant attack from malicious bots. Bad actors use automation to scrape fares, hoard inventory, commit fraud, and compromise customer accounts. While every airline faces its own unique challenges, the business impacts are remarkably consistent—lost revenue, inflated...

RFK Jr. Orders HHS to Give Undocumented Migrants’ Medicaid Data to DHS

Plus: Spyware is found on two Italian journalists’ phones, Ukraine claims to have hacked a Russian aircraft maker, police take down major infostealer infrastructure, and more...

Employee monitoring app exposes users, leaks 21+ million screenshots

Unfortunately, spyware apps with poor reputations and even weaker security practices are all too common. I’ve lost count of how many blogs I’ve written about stalkerware-type apps that not only exposed the people they spied on but also ended up exposing the spies themselves. However, perhaps one...

TOTOLINK A3700R Access Control Error Vulnerability (CNVD-2025-12019)

The TOTOLINK A3700R is a wireless router that provides network connectivity for homes and small offices. The TOTOLINK A3700R suffers from an Access Control Error vulnerability that originates from improper access control of the setDdnsCfg function in the /cgi-bin/cstecgi.cgi file. No detailed...

Arguing Against CALEA

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today's threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have...

Unveiling Key Insights from the 2024 Take Command Summit

The 2024 Take Command Summit, held virtually in partnership with AWS, united over 2,000 security professionals to delve into critical cybersecurity issues. Our infographic captures the essence of the summit, showcasing expert insights from 10 sessions on topics like new attack intelligence, AI...

Meta’s Purple Llama wants to test safety risks in AI models

Meta has announced Purple Llama, a project that aims to "bring together tools and evaluations to help the community build responsibly with open generative AI models." Generative Artificial Intelligence AI models have been around for years and their main function, compared to older AI models is th...

Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers

It’s a big week for gamers across the globe, with imminent, dueling releases of Xbox Series X and PlayStation PS5. However, an army of retail bots threaten to drive prices up as much as three times the retail price, putting the coveted holiday gifts well out of reach of everyday fans. Retailers...

U.S. Universities Hit With 'Adult Dating' Spear-Phishing Attack

Several U.S. universities have been targeted in a widespread spear-phishing attack that uses adult dating as a lure. In reality, the emails spread the Hupigon remote access trojan RAT, known to be leveraged by state-sponsored threat actors. Researchers from Proofpoint warned that the ongoing...

Zoom Bombing Attack Hits U.S. Government Meeting

A U.S. House Oversight Committee meeting was the most recent victim of a Zoom bombing attack, after the meeting was disrupted at least three different times by uninvited attendees. The incident was disclosed in a recent internal letter from Jim Jordan R-Ohio to Carolyn Maloney R-NY, chairwoman fo...

Sen. Wyden Urges Government Ban on Adobe Flash

Citing security concerns, Sen. Ron Wyden is urging the government to create a plan to transition away from Adobe Flash before the vendor stops supporting it in 2020. To that end, the Oregon Democrat delivered a formal request to the National Security Agency and the National Institute of Standards...

Simple Security Flaws Could Steer Ships Off Course

A proof-of-concept attack could cause ships to dangerously veer off course, and it all stems from simple security issues, including the failure to change default passwords or segment networks. Researcher Ken Munro, with Pen Test Partners, on Monday showed how the attack could work and how it’s...