Pulse of Truth

What once took place in the dark corners of the internet is now a sprawling ecosystem of illicit activity operating in plain sight - and one Cambodia-based operation seems to have made a lot of it possible. (Source: Bloomberg)

Workers on joint US/UK/Australia nuclear submarine program are painting a target on themselves The Director-General of Security at the Australian Security Intelligence Organization (ASIO) has lamented the fact that many people list their work in the intelligence community or on sensitive military projects in their LinkedIn profiles.…

Won't someone think of the King of Ink?!

Margaret Attridge / Courthouse News Service: A US jury finds Meta violated the California Invasion of Privacy Act when it intentionally recorded the health data of women via the period tracking app Flo  —  The jury got to decide how seriously Big Tech takes privacy, the attorney for a class of Flo users said in closing arguments.

OpenAI scrambles to remove personal ChatGPT conversations from Google results.

Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. [...]

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform […]

Our tests have shown there are ways to get around the promised security improvements exclusive  Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that's supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure trove for thieves.…

A sophisticated attack technique was uncovered where cybercriminals exploit free trials of Endpoint Detection and Response (EDR) software to disable existing security protections on compromised systems.  This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage legitimate security tools as weapons against themselves. Key Takeaways1. Attackers use […] The post Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections appeared first on Cyber Security News.

US semiconductor giant is trying to revive sales in the country.

Cybersecurity researchers have successfully demonstrated how Large Language Model (LLM) honeypots can effectively deceive threat actors into revealing their attack methodologies and malicious payloads. In a recent breakthrough incident, an SSH-based LLM honeypot managed to capture a real threat actor who unknowingly interacted with the artificial intelligence system, believing they had compromised a legitimate server […] The post LLM Honeypot’s Can Trick Threat Actors to Leak Binaries and Known Exploits appeared first on Cyber Security News.

Forget gullible old people — Gen Z is the most at-risk age group on the Web. Older folks might want to ignore it, but employers are likely to feel the brunt.

The Tea app is a warning.

Russia spying on foreign embassies? Say it ain't so Russian cyberspies are abusing local internet service providers' networks to target foreign embassies in Moscow and collect intel from diplomats' devices, according to a Microsoft Threat Intelligence warning.…

Crims warned 40% of respondents that they and their families would suffer Ransomware gangs now frequently threaten physical violence against employees and their families as a way to force victim organizations into paying their demands.…

If you want to work with dead bodies, AI probably won't steal your career.

A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques

Lovense, the maker of internet-connected sex toys, left user emails exposed for months — even after it became aware of the vulnerability. In a blog post spotted by TechCrunch and Bleeping Computer, security researcher BobDaHacker found that they could “turn any username into their email address,” which they could then use to take over someone’s […]

Ernesto Londoño / New York Times: Gov. Tim Walz activates the Minnesota National Guard to help St. Paul address a cyberattack detected Friday that led the city to shut down many of its systems  —  Gov. Tim Walz of Minnesota activated the National Guard to help the city of St. Paul address a cyberattack that was detected last Friday.

Cyber threats are becoming more frequent and sophisticated, and rural hospitals and clinics are feeling the pressure from all sides: tight budgets, small teams, limited training, complex technology, and vendors that do not always offer much help. Often, they are left juggling security tools without the IT support to use them effectively, according to Paubox. Compared to their urban counterparts, rural healthcare organizations are hitting more cybersecurity roadblocks, and not just in one or two … More → The post Why rural hospitals are losing the cybersecurity battle appeared first on Help Net Security.

FBI Dallas seized 20 BTC from Chaos ransomware affiliate “Hors,” tied to cyberattacks on Texas firms, on April 15, 2025. The FBI division in Dallas seized about 20 Bitcoins on April 15, 2025, from a wallet belonging to a Chaos ransomware affiliate named as “Hors.” The Hors affiliate is responsible for multiple cyberattacks on Texas […]

Researchers from IMDEA Networks, in collaboration with Universidad Carlos III de Madrid, IMDEA Software Institute, and the University of Calgary, have conducted the first large-scale study—"Your Signal, Their Data: An Empirical Privacy Analysis of Wireless-scanning SDKs in Android"—on how certain Android mobile applications use a device's WiFi and Bluetooth connections to track users' movements in their daily lives, thereby violating their privacy.

Switzerland’s top research institutions are in early talks with arms makers including Rheinmetall AG to fund a new $250 million semiconductor plant, according to people familiar with the plans, as the historically neutral country wades deeper into defense amid surging European military spending.

A threat actor, Tsar0Byte, allegedly claimed to have breached the company’s internal network through a vulnerable third-party link, exposing sensitive data belonging to more than 94,500 employees. The alleged breach, reported on dark web forums including DarkForums, represents one of the most extensive corporate data exposures affecting Nokia in recent years. According to the threat […] The post Threat Actors Allegedly Claim Access to Nokia’s Internal Network appeared first on Cyber Security News.

AI models large and small were found to introduce cross-site scripting errors and seriously struggle with secure Java generation