Former US Defense Contractor Executive Admits to Selling Exploits to Russia
An Australian national pleaded guilty in a US court to stealing trade secrets from a US defense contractor and selling them to a Russian broker of cyber exploits, the US Department of Justice announced. While an employee of the victim company, the individual, Peter Williams, 39, stole at least eight "cyber-exploit components" of software associated with national security, which constituted trade secrets, the DoJ says. READ MORE...
Millions Impacted by Conduent Data Breach
Business services provider Conduent is notifying millions of people that their personal information was stolen in a January 2025 data breach. The incident was disclosed publicly in late January, when Conduent confirmed system disruptions that affected government agencies in multiple US states. In April, the company notified the Securities and Exchange Commission (SEC) that the attackers had stolen personal information from its systems. READ MORE...
Cyberpunks mess with Canada's water, energy, and farm systems
Hacktivists have breached Canadian critical infrastructure systems to meddle with controls that could have led to dangerous conditions, marking the latest in a string of real-world intrusions driven by online activists rather than spies. In a joint alert issued this week, the Canadian Centre for Cyber Security and the Royal Canadian Mounted Police said industrial control systems (ICS) had been manipulated by hacktivists - not for money, but for the thrill and headlines. READ MORE...
Major US Telecom Backbone Firm Hacked by Nation-State Actors
Ribbon Communications, an American company that provides backbone technology for communication networks, has been targeted by hackers. Ribbon provides communications and networking solutions that enable organizations to reliably run phone calls and data networks. In a quarterly financial report submitted recently to the SEC, Ribbon said it discovered unauthorized access to its IT network in early September 2025. READ MORE...
Malicious NPM packages fetch infostealer for Windows, Linux, macOS
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The packages were uploaded to npm on July 4, and remained undetected for a long period due to multiple layers of obfuscation that helped escape standard static analysis mechanisms. According to researchers at cybersecurity company Socket, the ten packages counted nearly 10,000 downloads. READ MORE...
AI Search Tools Easily Fooled by Fake Content
AI search tools like Perplexity, ChatGPT, and OpenAI's Atlas browser offer powerful capabilities for research and information gathering but are also dangerously susceptible to low-effort content manipulation attacks. It turns out websites that can detect when an AI crawler visits can serve completely different content than what human visitors see, allowing bad actors to serve up poisoned content with surprising ease. READ MORE...
This security hole can crash billions of Chromium browsers, and Google hasn't patched it yet
A critical, currently unpatched bug in Chromium's Blink rendering engine can be abused to crash many Chromium-based browsers within seconds, causing a denial-of-service condition - and, in some tests, freezing the host system. Security researcher Jose Pino found the flaw, and created a proof-of-concept exploit, Brash, to demonstrate the vulnerability affecting billions of people worldwide. Chrome is the most popular browser in the world with over 70% market share, according to StatCounter. READ MORE...
Your photo could be all AI needs to clone your voice
A photo of someone's face may be all an attacker needs to create a convincing synthetic voice. A new study from Australia's national science agency explores this possibility, testing how well deepfake detectors perform against Face-to-Voice, an attack attack method that generates speech from photos. A new technique is changing how voice deepfakes are made. Instead of using text or a voice sample, it can generate speech from a photo by estimating how a person might sound based on their face. READ MORE...
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. The plugin provides malware scanning and protection against brute-force attacks, exploitation of known plugin flaws, and against database injection attempts. Identified as CVE-2025-11705, the vulnerability was reported to Wordfence by researcher Dmitrii Ignatyev. READ MORE...
- ...in 1838, Oberlin Collegiate Institute in Lorain County, Ohio becomes the first college in the U.S. to admit female students.
- ...in 1938, H.G. Wells' War of the Worlds is broadcast over the radio by Orson Welles' Mercury Theatre.
- ...in 1961, The USSR detonates "Tsar Bomba," a 50-megaton hydrogen bomb; it is still the largest explosive device of any kind over detonated.
- ...in 1991, BET Holdings Inc., becomes the first African-American owned company listed on the New York Stock Exchange.
