Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there

We compared three incidents that surfaced today to show why the impact of a breach depends less on who was hit and more on what was taken.

Malwarebytes
Open in Source
#web#apple#microsoft#dos#git#auth
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, first detected by Amazon's GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper

Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer. The malicious package, named "Tracer.Fody.NLog," remained on the repository for nearly six years. It was published by a user named "csnemess" on February 26, 2020. It masquerades as "Tracer.Fody,"

Android threats in 2025: When your phone becomes the main attack surface

Android users spent 2025 walking a tighter rope than ever, with malware, data-stealing apps, and SMS-borne scams all climbing sharply.

JumpCloud Remote Assist Flaw Lets Users Gain Full Control of Company Devices

A critical vulnerability (CVE-2025-34352) found by XM Cyber in the JumpCloud Remote Assist for Windows agent allows local users to gain full SYSTEM privileges. Businesses must update to version 0.317.0 or later immediately to patch the high-severity flaw.

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has

Photo booth flaw exposes people’s private pictures online

A security researcher says a basic website flaw at a photo booth operator may have exposed hundreds of private customer photos.

Why Data Security and Privacy Need to Start in Code

AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as the surface area they must cover is expanding quickly while their staffing levels remain largely

Google is discontinuing its dark web report: why it matters

Google will discontinue its dark web report early next year, prompting mixed reactions. How does dark web monitoring actually help keep you safe?