Google Chrome to revoke notification access for inactive sites
Google is updating the Chrome web browser to automatically revoke notification permissions for websites that haven't been visited recently, to reduce alert overload. While Google Chrome's Safety Check tool already removes access to other permissions, such as...
Apple now offers $2 million for zero-click RCE vulnerabilities
Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure. Since the program launched in 2020, Apple has awarded $35 million to 800...
Hacktivists deactivate after falling into researchers’ trap • The Register
Security researchers say they duped pro-Russia cybercriminals into targeting a fake critical infrastructure organization, which the crew later claimed - via their Telegram group - to be a real-world attack. Forescout said the short-lived TwoNet hacktivist group...
Microsoft warns of ‘payroll pirate’ attacks against US unis • The Register
Microsoft's Threat Intelligence team has sounded the alarm over a new financially-motivated cybercrime spree that is raiding US university payroll systems. In a blog post, Redmond said a cybercrime crew it tracks as Storm-2657 has been targeting university...
Cops seize Scattered Lapsus$ Hunters’ BreachForums domain • The Register
US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office. The site,...
Prospect union tells members their data was breached in June • The Register
UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities. According to disclosure emails seen by The Register sent to union members who work as scientists, engineers, techies, and managers, the...
FBI takes down BreachForums portal used for Salesforce extortion
The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs. Law enforcement authorities in the U.S. and...
New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. The malware is targeting Russian users through Telegram channels and malicious websites that appear...
Data quantity doesn’t matter when poisoning an LLM • The Register
Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on. Researchers at the US AI firm, working with the UK AI Security Institute, Alan Turing Institute, and other academic institutions, said today that it...
Firewall configs stolen for all cloud backup customers
SonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month. Previously, the vendor stated that the incident "exposed firewall configuration backup files stored in certain MySonicWall...