Pulse of Truth

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. [...]

Around November 2025 I stumbled into a tarpit for rude web scrapers: https://maurycyz.com/projects/trap_bots/ Since then I indulged in writing my own, and I thought to share it with fellow hackers. Comments

One developer is struggling with the social implications of a drive-by AI character attack.

The Japanese sex toy maker said a hacker broke into an employee's inbox and stole customer names, email addresses, and correspondence, including order details and customer service inquiries.

The Dutch phone giant Odido is the latest phone and internet company to be hacked in recent months, as governments and financially motivated hackers continue to steal highly confidential information about phone customers.

Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors' networks.

It's thought that the reserve soldier may have made $150K betting via Polymarket on missile strikes against Iran. The post Israeli soldier allegedly used military secrets to gamble on Polymarket appeared first on Protos.

Emails published by the Justice Department revealed cybersecurity veteran Vincenzo Iozzo emailed, and arranged to meet, Jeffrey Epstein multiple times between 2014 and 2018.

Private equity firms have spent years treating cybersecurity as an IT hygiene issue inside portfolio companies. That approach is getting harder to sustain as ransomware, data theft, and regulatory pressure interfere with value creation during the hold period. Has cybersecurity risk had any financial impact on your portfolio companies? (Source: Kroll) A recent Kroll survey of 325 private equity portfolio leaders found that 80% of firms experienced some form of disruption tied to cybersecurity risk … More → The post Cyber risk is becoming a hold-period problem for private equity firms appeared first on Help Net Security.

404 Media has obtained a cache of internal police emails showing at least two agencies have bought access to GeoSpy, an AI tool that analyzes architecture, soil, and other features to near instantly geolocate photos.

Flaw abused 'in an extremely sophisticated attack against specific targeted individuals' Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals.…

Security teams in large enterprises already spend significant time tracking vulnerabilities across software supply chains, third-party libraries, and internal codebases. Java environments add another layer of exposure because so many mission-critical systems still run on the JVM. A 2026 Azul survey of more than 2,000 Java professionals found that 64% said more than half of their organization’s applications or workloads are built with Java or run on a Java Virtual Machine. That footprint means Java … More → The post Java security work is becoming a daily operational burden appeared first on Help Net Security.

Lorenzo Franceschi-Bicchierai / TechCrunch: The US DOJ says Peter Williams, former boss of L3Harris' Trenchant, stole and sold tools that can hack millions of computers worldwide to a Russian broker  —  The former boss of a U.S. maker of hacking and surveillance tools stole and sold technology that can hack millions of computers and people worldwide …

Microsoft security researchers discovered a growing trend of AI memory poisoning attacks used for promotional purposes, referred to as AI Recommendation Poisoning. The MITRE ATLAS knowledge base classifies this behavior as AML.T0080: Memory Poisoning. The activity focuses on shaping future recommendations by inserting prompts that cause an assistant to treat specific companies, websites, or services as trusted or preferred. Once stored, these entries can affect responses in later, unrelated conversations. Manipulated assistants may influence recommendations … More → The post That “summarize with AI” button might be manipulating you appeared first on Help Net Security.

Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" targeting specific individuals. [...]

Smug faces across all those who opposed the WordPad-ification of Microsoft's humble text editor Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE).…

[This is a Guest Diary by Johnathan Husch, an ISC intern as part of the SANS.edu BACS program]

The tool presents users with a 3D model they can then manipulate to, the creator says, bypass Discord's age verification system.

Attackers using social engineering to exploit business processes, rather than tunnelling in via tech Exclusive  When fraudsters go after people's paychecks, "every employee on earth becomes a target," according to Binary Defense security sleuth John Dwyer.…

Operation Cyber Guardian was Singapore’s largest and longest running anti-cyber threat law enforcement operation

A Conduent breach exposed data of nearly 17,000 Volvo Group North America employees as the total impact rises to 25 million people. A data breach at business services provider Conduent has impacted at least 25 million people, far more than initially reported. Volvo Group North America confirmed that the security breach exposed data of nearly […]

Add-ons with 37M installs leak visited URLs to 30+ recipients, researcher says They know where you've been and they're going to share it. A security researcher has identified 287 Chrome extensions that allegedly exfiltrate browsing history data for an estimated 37.4 million installations.…

FBI Director Kash Patel said yesterday that investigators recovered footage from Savannah Guthrie's mother's doorbell camera using "residual data located in backend systems." This claim has many home security camera users asking an uncomfortable question: Is your data really gone when you hit delete? When Nancy Guthrie went missing, officials said she had a doorbell […]

The more you share online, the more you open yourself to social engineering If you've seen the viral AI work pic trend where people are asking ChatGPT to "create a caricature of me and my job based on everything you know about me" and sharing it to social, you might think it's harmless. You'd be wrong.…

Cambodian police have reportedly dismantled another scam operation, this time operating from the Xinli Casino in southern Cambodia. The post Cambodia arrests 800 in latest casino scam centre raid appeared first on Protos.