Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Video call app Huddle01 exposed 600K+ user logs

Privacy left the chat. A misconfigured Kafka broker effectively undid the anonymity many users rely on.

Malwarebytes
#web#ios#android#git#auth
One Republican Now Controls a Huge Chunk of US Election Infrastructure

Former GOP operative Scott Leiendecker just bought Dominion Voting Systems, giving him ownership of voting systems used in 27 states. Election experts don't know what to think.

Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform

Scaling the SOC with AI - Why now?  Security Operations Centers (SOCs) are under unprecedented pressure. According to SACR’s AI-SOC Market Landscape 2025, the average organization now faces around 960 alerts per day, while large enterprises manage more than 3,000 alerts daily from an average of 28 different tools. Nearly 40% of those alerts go uninvestigated, and 61% of security teams admit

New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data

The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake 'payment lures' and urgent security alerts to trick victims into calling a fraudulent support number.

Mango discloses data breach at third-party provider

The fashion retailer says a breach at a marketing partner exposed limited contact details—but no financial data or passwords.

Roku accused of selling children’s data to advertisers and brokers

Florida claims Roku ignored clear signs its users were minors, collecting and selling viewing habits, voice recordings and precise locations.

BeaverTail and OtterCookie evolve with a new Javascript module

Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK).

Laura Faria: Empathy on the front lines

Laura opens up about her journey through various cybersecurity roles, her leap into incident response, and what it feels like to support customers during their toughest moments — including high-stakes situations impacting critical infrastructure.

GHSA-9m49-p2j3-c6xm: Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability

*** UNSUPPORTED WHEN ASSIGNED *** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability. As this project is retired, it is not planned to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

GHSA-3q4q-wqm6-hvf3: Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictions.