Featured
Malicious PyPI Packages Target Bitcoin Users and Payment Systems with Data-Stealing Code
Security researchers discovered three malicious Python packages on PyPI that were downloaded over 39,000 times, designed to steal sensitive data and validate stolen credit cards. The packages masqueraded as Bitcoin library fixes while containing code to steal database files and test stolen payment information.
Critical Verizon Call Filter Vulnerability Exposed Millions of Customer Call Records
A severe security flaw in Verizon's Call Filter app allowed unauthorized access to detailed call logs of millions of customers through a back-end server vulnerability. The incident, discovered by researcher Evan Connelly, highlights privacy risks in pre-installed telecommunications apps despite being patched by March 25.
Federal Judge Advances New York Times' Copyright Lawsuit Against OpenAI
A landmark lawsuit by The New York Times against OpenAI and Microsoft over AI training data copyright infringement will proceed after a federal judge's ruling. The case, centered on unauthorized use of news articles to train ChatGPT, could set crucial precedents for AI companies' use of copyrighted content.
EU Prepares Historic $1B Fine Against X for Content Violations
European regulators are readying unprecedented penalties against Elon Musk's X platform for alleged Digital Services Act violations related to content moderation and transparency. The anticipated $1B fine could consider revenue from Musk's other companies and may require mandatory platform changes.
EU's New Security Strategy Sparks Privacy Concerns Over Encryption Backdoors
European Commission's ProtectEU security strategy proposes controversial backdoors in encrypted platforms, aiming to modernize security while raising privacy concerns. The plan includes intelligence sharing reforms and expanded Europol powers, but experts warn about potential vulnerabilities in digital security.
GitHub Unveils New Security Features After 39M Secret Leaks Discovered
GitHub reveals alarming statistics of 39 million secrets exposed in code repositories during 2024, prompting the launch of enhanced security tools. The platform responds with new features including free secret scanning, risk assessment capabilities, and AI-powered detection to help organizations prevent sensitive data exposure.
Chinese State Hackers Exploit Critical Ivanti Flaw to Deploy Advanced Malware
Security researchers reveal Chinese state-sponsored group UNC5221 is actively exploiting a critical Ivanti Connect Secure vulnerability to deploy sophisticated TRAILBLAZE and BRUSHFIRE malware. The high-severity flaw enables remote code execution through stack-buffer overflow, prompting urgent patching recommendations.
NSA Director Abruptly Dismissed After Just Two Months in Leadership Role
General Timothy Haugh has been unexpectedly removed as NSA Director and U.S. Cyber Command chief, along with reassignment of his civilian deputy. The sudden leadership shake-up at one of America's primary intelligence agencies has sparked concerns from lawmakers and follows a recent visit by Elon Musk.
Cybercriminals Exploit Legacy Stripe API to Validate Stolen Card Data in Sophisticated Skimming Campaign
Researchers uncovered a web skimming operation targeting 49 e-commerce merchants by exploiting Stripe's deprecated API to validate stolen payment cards. The sophisticated attack injects malicious code mimicking legitimate checkout pages while leveraging cryptocurrency options and automated customization tools.
