UFP Technologies, a Massachusetts-based medical device maker, said it is investigating a cyberattack in mid-February that led to some of its company data being stolen or potentially destroyed, according to a regulatory filing. The company said the attack, which was detected Feb. 14, impacted most of its IT network, as well as its billing and label-making capabilities for customer deliveries. READ MORE...
Aglobal law enforcement effort has taken root to combat The Com, a sprawling nihilistic network of thousands of minors and young adults engaged in various forms of cybercrime, including physical violence and extortion. Project Compass, an operation coordinated by Europol with support from 28 countries, including all members of the Five Eyes, has resulted in the arrest of 30 perpetrators since the initiative got underway in January 2025, authorities said in a news release Thursday. READ MORE...
A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide. 27-year-old Yurii Nazarenko (also known as "John Wick," "Tor Ford," and "Uriel Septimberus") admitted that his OnlyFake subscription-based platform used artificial intelligence to generate realistic-looking counterfeit passports, driver's licenses, and Social Security cards. READ MORE...
Juniper Networks this week released an out-of-band update for its Junos OS Evolved network operating system to patch a critical vulnerability. The vulnerability, tracked as CVE-2026-21902, affects Junos OS Evolved on PTX series high-performance routers. The issue impacts the On-Box Anomaly detection framework and it can be exploited by an unauthenticated attacker with network access to execute arbitrary code with root privileges. READ MORE...
A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push notification access, the device's contact list, real-time GPS location, and clipboard contents-all without installing a traditional app. READ MORE...
Smart glasses with built-in cameras are showing up in more public spaces, and a growing number of people want a way to know when one is nearby. An Android app called Nearby Glasses, developed by Yves Jeanrenaud, attempts to fill that gap by scanning Bluetooth traffic for manufacturer identifiers associated with known smart glasses makers. The project cites reported incidents that motivated its development, including cases of Meta Ray-Ban glasses being used to record people without consent. READ MORE...
Google Maps/Cloud API (Application Programming Interface) keys that used to be safe to publish can now, in many cases, be used as real Gemini AI credentials. This means that any key sitting in public JavaScript or application code may now let attackers connect to Gemini through its API, access data, or run up someone else's bill. Researchers found around 2,800 live Google API keys in public code that can authenticate to Gemini. READ MORE...
Cisco revealed today that a critical zero-day vulnerability in its Catalyst SD-WAN Controller has been exploited in the wild for "at least three years." The vulnerability, tracked as CVE-2026-20127, is an authentication bypass flaw with a maximum CVSS score of 10. An attacker can send crafted requests to vulnerable systems and log into the controllers as an internal, high-privileged, non-root user, according to Cisco's security advisory. READ MORE...
It's hard to overstate the role that Wi-Fi plays in virtually every facet of life. The organization that shepherds the wireless protocol says that more than 48 billion Wi-Fi-enabled devices have shipped since it debuted in the late 1990s. One estimate pegs the number of individual users at 6 billion, roughly 70 percent of the world's population. Despite the immeasurable amount of data flowing through Wi-Fi transmissions, the history of the protocol has been littered with security landmines. READ MORE...