Pulse of Truth

Google has filed a lawsuit against SerpApi, a company that offers tools to scrape content on the web, including Google's search results. SerpApi is accused of violating the Copyright Act by using "deceptive means" to automatically access and take Google's search results "at an astonishing scale" before selling the data to customers. Reddit also sued […]

Miranda Bryant / The Guardian: Denmark says Russia was behind “destructive and disruptive” cyberattacks on a water utility in 2024 and DDoS attacks in the lead-up to local November elections  —  Intelligence service says attacks were work of groups connected to Russian state in ‘clear evidence’ of hybrid war

Machine-Written Pull Requests Contain 70% More BugsCodeRabbit analyzed 470 GitHub pull requests and found AI-generated code introduces more defects than human-written code across logic, security, maintainability and performance categories, with severity spiking higher as well. The use of AI code generation has expanded across the industry.

Comments

Seven years after the original attack, CISA has added the ASUS Live Update backdoor to its Known Exploited Vulnerabilities catalog.

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all.

Latest charges join the mountain of indictments facing alleged Tren de Aragua members A Venezuelan gang described by US officials as "a ruthless terrorist organization" faces charges over alleged deployment of malware on ATMs across the country, illegally siphoning millions of dollars.…

A new UEFI flaw exposes some ASRock, ASUS, GIGABYTE, and MSI motherboards to early-boot DMA attacks, bypassing IOMMU protections. Researchers warn of a new UEFI vulnerability that affects select ASRock, ASUS, GIGABYTE, and MSI motherboards, enabling early-boot DMA attacks that bypass IOMMU protections. UEFI (Unified Extensible Firmware Interface) is the modern firmware standard that initializes […]

Attackers helped themselves to historical personal info on 27K people The University of Sydney is ringing around thousands of current and former staff and students after admitting attackers helped themselves to historical personal data stashed inside one of its online code repositories.…

Comments

Jake Bleiberg / Bloomberg: Amazon CSO Stephen Schmidt says subtle keystroke data lag, measuring 110ms instead of the expected tens of milliseconds, helped catch a North Korean IT worker  —  Security personnel tracked connections from a contractor.  —  An infinitesimal delay in the typed commands of a new IT worker provided …

Suzanne Smalley / The Record: Pennsylvania's Supreme Court rules that police can get Google search data without a warrant; an expert warns it may encourage warrantless searches nationwide  —  The Pennsylvania Supreme Court ruled Tuesday that police did not need a warrant to obtain a convicted rapist's Google searches when investigating the crime.

Human review didn't stop AI from triggering lockdown at panicked middle school.

ByBit attack doing some seriously heavy lifting North Korea's yearly cryptocurrency thefts have accelerated, with Kim's state-backed cybercriminals plundering just over $2 billion worth of tokens in 2025.…

Comments

Two former employees of cybersecurity companies pleaded guilty on Thursday to federal crimes for launching their own ransomware attacks in a plot to extort millions of dollars from victims around the US.

Study finds built-in browsers across gadgets often ship years out of date Web browsers for desktop and mobile devices tend to receive regular security updates, but that often isn't the case for those that reside within game consoles, televisions, e-readers, cars, and other devices. These outdated, embedded browsers can leave you open to phishing and other security vulnerabilities.…

France confirms a cyberattack on its Interior Ministry as a 22-year-old is arrested. Hacker claims access to police, tax, and criminal record systems.

A hacker gained control of a 1,100 mobile phone farm powering covert, AI-generated ads on TikTok.

The CERT-FR (French Computer Emergency Response Team) is advising iPhone and Android users to fully disable Wi-Fi to reduce risk. CERT-FR warns iPhone and Android users to fully disable Wi-Fi to reduce exposure, citing multiple vulnerabilities across wireless interfaces, apps, OSs, and even hardware. The agency reiterates basic hygiene: install apps only from official stores, review […]

Minister insists 'modest' bill is not an assault on privacy-preserving tech The Danish government wants the public to weigh in on its proposed laws restricting use of VPNs to access certain corners of the internet.…

A man was charged for allegedly wiping a phone before CBP could search it; an Anthropic exec forced AI onto a Discord community that didn't want it; and we talk the Disney-OpenAI deal.

Kevin Collier / NBC News: Google sues the Chinese-speaking cybercriminal group known as Darcula, behind an alleged US text message phishing ring, in the US, seeking a restraining order  —  Google says the group's tools enabled scammers with little technical skill to impersonate agencies like the IRS and the USPS at a massive scale.

Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.

I have already talked about various React2Shell exploit attempts we have observed in the last weeks. But new varieties of the exploit are popping up, and the most recent one is using this particular version of the exploit: