Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- [PL][VIDEO] Cybersecurity on vacation
- [PL] Play impersonation scam exploits alleged duplicate bill payment
- [PL][VIDEO] AI for pennies: how the illicit token market works
- [PL][VIDEO] An overview of security risks posed by home cameras
- [PL] European Commission sues Poland over failure to implement the Law Enforcement Directive
- The city admits irregularities but blames Google and the operator it finances
- [PL] Up to five years in prison for making and selling eavesdropping devices
- [PL] Fake accounts, fabricated articles and Russian links: how Operation Matryoshka is still operating
- [PL] Is geo-blocking users an effective way to protect copyright when any VPN can bypass it?
- European cloud provider Nextcloud leaks 367K records, exposing staff and clients
- "We've unbanned everyone affected by this bug" — Discord explains how over 8,000 users were banned, and why the platform had to scramble to undo the damage
- Over 5,800 arrests, USD 293 million intercepted in global fraud bust
- Eight Predator victims sue spyware firm Intellexa, 13 others, for millions
- US government says it got hacked — again
- Adult supervision: How OnlyFans takedowns quietly police compromised domains
For the more technical
- [PL][VIDEO] What you can do with a radio without an amateur radio licence
- [PL][VIDEO] WordPress without hardening: a straightforward path to hacking
- [PL] How the Cetus decentralised exchange was robbed
- [PL] Critical Oracle E-Business Suite flaw already exploited by cybercriminals, putting enterprise financial systems at risk
- One trigram at a time: XSLeak via Universal CSS Injection and DoS in Opera (GX)
- Here’s how Opera’s Paste Protect guards you natively against clipboard attacks
- It’s 37oC, and all we can think about is ColdFusion (Adobe ColdFusion Security Bulletin APSB26-68 CVE Bonanza)
- Seven FatFs bugs, one very large blast radius
- Tenda firmware (multiple versions) contains hidden authentication backdoor
- Protocol prying: Systematic vulnerability research in the Apple AirDrop and Android Quick Share proximity transfer protocols
- Bad Epoll: The bug missed by Mythos
- Januscape: Guest-to-host escape in KVM/x86
- Exploiting vulnerabilities in Johnson & Johnson web apps
- Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits
- Glitch SPY: An emerging Android RAT distributed through a fake Polish rental app
- RedWing: A mobile malware-as-a-service operation
- ClickFix to cash-out: Anatomy of a Mexican banking-fraud toolkit
- JadePuffer: Agentic ransomware for automated database extortion
- Browser-only ransomware: From LLM hallucinations to a practical attack technique
- SOCRadar links FortiBleed campaign to INC and Lynx ransomware operations
- GodDamn ransomware: Latest beast rebrand uses malicious driver to disable defenses
- Seven steps to ransomware: CitrixBleed 2 weaponized by initial access brokers
- Phantom squatting: AI-hallucinated domains as a software supply chain vector
- Analyzing AI-augmented network enumeration
- Inside an AI-assisted cloud attack: Familiar techniques at unfamiliar speed
- Boss Scam: Don’t trust every “urgent” email or WhatsApp message from your boss!
- TimbreStealer malware targets Mexico companies with advanced evasion techniques
- From phishing to persistence: A CrySome RAT infection chain analysis
- Vidar stealer unmasked: Code signing abuse, Go loaders and file inflation
- One email closer to the edge: UNK_MassTraction & the physics of exploitation
- From invoice to AnyDesk: Uncovering a phishing campaign targeting Russian aerospace organizations
- Suspected Russian threat actor impersonates legitimate crypto wallets to deploy remote utilities
- Cavern Manticore: Exposing Iran-linked modular C2 framework
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments