Latest IntelligenceThreat IntelligencePage 1
Search by keyword →
Apple Intelligence expands to Google infrastructure with privacy safeguards
Apple has announced an expansion of its Private Cloud Compute (PCC) platform, extending the privacy-focused infrastructure behind Apple Intelligence beyond the ...
WhatsApp says it caught NSO attempting to spy on users again
WhatsApp says it has disrupted new social engineering campaigns linked to Israeli spyware maker NSO Group and is now asking a US federal court to hold the compa...
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...]...
Dashlane hit by brute-force campaign triggering account suspensions
Dashlane has confirmed that a brute-force attack over the weekend triggered a wave of account suspension emails, unusual login notifications, and authentication...
Signal users targeted by attackers seeking backup recovery keys
Signal users are being targeted in a new phishing campaign that attempts to steal recovery keys used to access the platform's encrypted cloud backups. Attackers...
Megalodon campaign compromises over 5,500 GitHub repositories with malicious commits
Security researchers have uncovered a large-scale supply chain attack dubbed “Megalodon” that injected malicious GitHub Actions workflows into more than 5,500 r...
NordVPN wins early court victory against LaLiga’s VPN blocking campaign
A Spanish court has rejected LaLiga’s request to fine NordVPN over alleged failures to comply with a controversial anti-piracy blocking order. The decision was ...
Proton Pass adds new protections for AI agents with account access
A new Proton Pass feature allows users to securely share credentials with AI agents via “AI access tokens,” aiming to reduce the security risks posed by autonom...
Tor launches crowdfunding campaign to support internet freedom projects
The Tor Project has launched a new cryptocurrency-based crowdfunding initiative aimed at supporting internet freedom and privacy tools amid growing financial pr...
AI assistants can be hijacked and manipulated by inaudible sounds
Hidden audio commands can hijack AI voice assistants and transcription tools without users hearing anything unusual, according to new research set to be present...
Mozilla hardens Firefox against fingerprinting, adds one-click session wipe
Mozilla has released Firefox 151, introducing new privacy-focused protections for Private Browsing Mode and stronger anti-fingerprinting defenses. A new “End Pr...
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign...
Microsoft’s legacy MSHTA tool heavily abused in malware attacks
Microsoft’s legacy mshta.exe utility remains widely abused in malware campaigns despite the retirement of Internet Explorer and Microsoft’s ongoing deprecation ...
Discord enables E2EE by default for all voice and video communications
Discord announced that all voice and video calls on its platform are now protected with end-to-end encryption (E2EE) by default. The rollout applies to direct m...
Multiple Vulnerabilities in NGINX Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in NGINX, the most severe of which could allow for remote code execution. NGINX is a software used for web serving...
Poland urges officials to ditch Signal for state-run messaging apps
Poland’s government is urging public-sector organizations to reduce their reliance on Signal for official communications and instead adopt domestically controll...
Signal begins testing automatic key verification for encrypted chats
Signal has started public testing of a new security feature called “automatic key verification,” designed to simplify confirming end-to-end encrypted conversati...
OpenAI confirms exposure in recent ‘Shai-Hulud’ supply-chain attack
OpenAI says a recent software supply-chain attack tied to the “Mini Shai-Hulud” malware campaign impacted two employee devices and exposed limited internal cred...
OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack
Two employee devices at OpenAI were compromised in a sweeping software supply chain attack targeting TanStack npm, but the AI company confirmed no user data, pr...
New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass
A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have identified a previously unknown implant calle...