Major Security Flaw in Stalkerware Apps Exposes Private Data of Over 2.6 Million Users
A critical vulnerability in popular phone monitoring apps Cocospy and Spyic has leaked sensitive personal data of millions of users, highlighting systemic security failures in surveillance software. The breach exposed private messages, photos, and call logs, while revealing concerning ties to China-based developers.
Only 0.1% Can Spot All Deepfakes: Study Reveals Critical Detection Gap
A startling study by iProov found that just 0.1% of participants could identify all AI-generated content in a deepfake detection quiz. The research highlights a concerning disparity between people's perceived and actual ability to spot synthetic media, with younger adults showing particular overconfidence.
NIST Mandates Quantum-Resistant Encryption Standards by 2030: ML-KEM to Replace RSA
NIST announces plans to phase out widely-used encryption algorithms like RSA by 2030, mandating transition to quantum-resistant standards like ML-KEM. Organizations have 6-7 years to upgrade their cryptographic systems before complete elimination of current public-key protocols by 2035.
Critical OpenSSH Vulnerabilities Could Enable Traffic Interception and Service Disruption
Qualys researchers uncover two serious security flaws in OpenSSH that could allow attackers to perform man-in-the-middle attacks and cause system crashes. The vulnerabilities affect multiple versions of this widely-used secure networking tool, prompting urgent patches and mitigation recommendations.
AI-Generated Optical Illusions: A New Frontier in Human-Bot Detection
Researchers have developed AI-powered optical illusions that can effectively distinguish between human users and automated bots, potentially revolutionizing website security. This innovative approach leverages human visual perception patterns to create puzzles that confound AI systems while remaining solvable by humans.
Hidden Data in Emojis: Engineer Reveals Unicode Steganography Technique
A software engineer has discovered how to embed secret data within emoji using Unicode variation selectors, raising security concerns. The technique could enable message tracking and bypass content moderation while remaining invisible to human readers.
Russian Hackers Exploit Microsoft Device Code Authentication to Target M365 Accounts
Security researchers uncover sophisticated Russian threat actors using Microsoft's legitimate Device Code Authentication to compromise M365 accounts of government organizations and NGOs. The attack leverages social engineering and authentic Microsoft domains to bypass traditional security measures.
Cyber Espionage Targets Military Drone Systems Amid Global Conflicts
Recent investigations uncover an alarming increase in cyberattacks targeting drone and counter-drone technologies during major conflicts like the Russia-Ukraine war. State-sponsored actors and cybercriminals are pursuing sensitive military data while tracking buyers and targeting drone specialists.
Critical Windows Security Update Patches 55 Flaws, Including Two Active Exploits
Microsoft's February 2025 Patch Tuesday addresses 55 security vulnerabilities in Windows systems, with two zero-day flaws already exploited by hackers. The update fixes multiple critical issues including remote code execution and privilege elevation vulnerabilities.
Password Manager Attacks Triple as Cybercriminals Deploy Advanced Malware
New research reveals malware targeting password storage systems now accounts for 25% of all variants, with attacks becoming increasingly sophisticated. Security experts recommend combining password managers with multi-factor authentication while maintaining their value as an essential security tool.