Featured
Google's AI Ethics Shift Sparks Employee Backlash Over Weapons Development

Google faces internal resistance after removing its ban on AI use in weapons and surveillance systems, marking a significant departure from its 2018 stance. The policy change, amid rising defense sector competition, has triggered widespread employee protests and debates over AI's role in military applications.
U.S. Government Reveals Record of 39 Zero-Day Vulnerability Disclosures in Landmark Transparency Report

The U.S. Office of the Director of National Intelligence released its first-ever public report detailing the disclosure of 39 zero-day software vulnerabilities in 2023. This unprecedented transparency offers insight into how the government balances national security with software security through its Vulnerabilities Equities Process.
Baltic Nations Bolster Cyber Defenses Ahead of Russian Power Grid Separation

Lithuania, Latvia, and Estonia are strengthening cybersecurity measures as they prepare to disconnect from the Soviet-era BRELL power network shared with Russia. The Baltic states anticipate potential retaliation from Moscow while transitioning to the EU electricity system on February 9.
Hijacked AWS Storage Buckets Expose Major Organizations to Supply Chain Attacks

Security researchers discovered 150 abandoned AWS S3 storage buckets previously used by major organizations that could be easily re-registered and hijacked. The vulnerability allowed researchers to gain control over storage locations still receiving millions of requests from government agencies and corporations.
European Surveillance Campaign Exposed: Paragon Spyware Targets Journalists and Activists

Italian authorities reveal widespread deployment of Paragon Solutions' surveillance technology targeting individuals across 14 European countries. The operation, affecting journalists and activists, has sparked investigations into potential surveillance abuse despite the company's claims of ethical standards.
Okta Bcrypt Vulnerability Exposes Critical API Design Flaws

A security incident at Okta revealed how Bcrypt's 72-character input limitation could be exploited to bypass authentication in certain conditions. The case highlights crucial lessons for modern API design, emphasizing explicit input validation over silent modifications.
Cybercriminals Target Organizations with Sophisticated ADFS Phishing Scheme

Security researchers have uncovered a sophisticated phishing campaign targeting organizations using Microsoft ADFS, with attackers creating convincing fake login portals to steal credentials and bypass MFA. The scam has affected over 150 organizations across education, healthcare, government and technology sectors, primarily in the US, Canada, Australia and Europe.
Security Experts Alarmed as DOGE Gains Unprecedented Access to Federal Systems

Cybersecurity professionals raise red flags over security breaches as Elon Musk's Department of Government Efficiency obtains access to sensitive Treasury and OPM systems. Growing concerns emerge about data exposure and employee safety as protests mount against controversial security protocol violations.
Hidden Threat: Security Expert Exposes Dangerous Vulnerability in Modified USB Cables

Cybersecurity researcher Mike Grover demonstrates how a seemingly innocent charging cable can be weaponized to remotely access and control computers from up to 300 feet away. The modified cable can capture keystrokes, implant malware, and execute malicious commands without detection.