Data breach tracker HaveIBeenPwned claims the victim count of peer-to-peer lender Prosper's September cyberattack stands at 17.6 million. In the first breakdown of affected data since Prosper disclosed the attack last month, HIBP alleges that email addresses - as expected - were affected, as well as a slew of other personal information. Customer accounts and funds are believed to be safe, and there was no impact to the platform's customer-facing operations. READ MORE...
Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group. A group of hackers from The Com - a loosely-organised collective of English-speaking hackers, scammers and fraudsters - has shared the names, addresses, and phone numbers of hundreds of US government employees on private Telegram channels, according to a report by 404 Media. READ MORE...
Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site. "We are aware of the incident involving Envoy's Oracle E-Business Suite application," Envoy Air told BleepingComputer. Envoy Air is a subsidiary of American Airlines and operates regional flights under the American Eagle brand. READ MORE...
We regularly warn our readers about new scams and phishing texts. Almost everyone gets pestered with these messages. But where are all these scam texts coming from? According to an article in The Wall Street Journal: "It has become a billion-dollar, highly sophisticated business benefiting criminals in China." In particular, the number of toll payment scam messages has exploded, rising by 350% since January 2024. READ MORE...
Russia, China, Iran and North Korea have sharply increased their use of artificial intelligence to deceive people online and mount cyberattacks against the United States, according to new research from Microsoft. This July, the company identified more than 200 instances of foreign adversaries using AI to create fake content online, more than double the number from July 2024 and more than ten times the number seen in 2023. READ MORE...
Microsoft disrupted a Rhysida ransomware campaign that used fake Teams binaries signed with digital certificates, including many from Microsoft's own service. In a social media post on X, Microsoft Threat Intelligence on Wednesday said it revoked more than 200 code-signing certificates issued by Azure's Trusted Signing service. These certificates are sometimes abused by threat actors to make malware appear as if it is legitimate, trusted software. READ MORE...
The OODA loop-for observe, orient, decide, act-is a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make their decisions with untrustworthy observations and orientation. To solve this problem, we need new systems of input, processing, and output integrity. Many decades ago, U.S. Air Force Colonel John Boyd introduced the concept of the "OODA loop," for Observe, Orient, Decide, and Act. READ MORE...
Most research on LLM privacy has focused on the wrong problem, according to a new paper by researchers from Carnegie Mellon University and Northeastern University. The authors argue that while most technical studies target data memorization, the biggest risks come from how LLMs collect, process, and infer information during regular use. The study reviewed 1,322 AI and machine learning privacy papers published between 2016 and 2025. READ MORE...
Think about what you share with artificial intelligence agents like ChatGPT and Claude. Does that information include business ideas, venting about an interaction, travel plans, or even competitive research? A vast and expanding trove of personal data is steadily being fed into AI chatbots that can be used to weave a clear picture of what you're planning to do next. Your interactions with AI are as sensitive as your personal diary - times 10. READ MORE...
A high-severity vulnerability in Dolby's Unified Decoder could be exploited for remote code execution, without user interaction in certain cases. Built on top of the Dolby Digital Plus (DD+) standard, the Unified Decoder is a software/hardware component used for processing various audio formats, converting them into formats that can be played back through speakers. The decoder was impacted by an out-of-bounds write issue that could be triggered during the processing of evolution data. READ MORE...