Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. In the letter sent to affected individuals, the company informs that it first detected suspicious activity on its network last year on June 23. Although the internal investigation was completed on July 18, 2024, a parallel investigation by federal agencies dictated that public disclosure of the incident should be withheld until it was completed. READ MORE...
Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data. On July 1st, Qantas disclosed that it had detected a cyberattack the previous day on a third-party platform used by a Qantas airline contact centre. While the company did not share any further details, BleepingComputer learned that the attack shared similarities with other attacks on the aviation industry. READ MORE...
Deepfake attacks aren't just for recruitment and banking fraud, they've now reached the highest levels of government. News emerged this week of an AI-powered attack that impersonated US Secretary of State Marco Rubio. Authorities don't know who was behind the incident. A US State Department cable seen by the Washington Post warned that someone impersonated Rubio's voice and writing style in voice and text messages on the Signal messaging app. READ MORE...
AiLock is a ransomware-as-a-service (RaaS) operation that first came to light in March 2025. Security researchers at Zscaler noted that they had identified a cybercriminal group extorting ransoms from organisations through threats. AiLock says that if you do not agree to give in to its demands, regulators will be informed about the data breach and competitors will be informed via email and social media. READ MORE...
McDonald's has outsourced the initial stages of its hiring process to an AI chatbot which seems to have been built without proper security measures. Security researchers managed to extract personal information about McDonald's job applicants by simply guessing a username and the password "12345." In doing this, the researchers could have potentially gained access to the information of 64 million applicants. READ MORE...
Shopping on a fake online store can lead to more than a bad purchase. It could mean losing money, having your identity stolen, or even getting malware on your device. E-shop scams rose by 790% in the first quarter of 2025 compared to the same period in 2024, according to Avast. Cybercriminals might be exploiting economic uncertainty as rising tariffs push consumers to seek cheaper deals online. This makes it easier to trick people with fake stores. READ MORE...
AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure. Akin to Meltdown and Spectre, the Transient Scheduler Attack (TSA) comprises four vulnerabilities that AMD said it discovered while looking into a Microsoft report about microarchitectural leaks. The four bugs do not appear too venomous at face value - two have medium-severity ratings while the other two are rated "low." READ MORE...
A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the AI model to play a guessing game. In this case, a researcher duped ChatGPT 4.0 into bypassing its safety guardrails, intended to prevent the LLM from sharing secret or potentially harmful information, by framing the query as a game. These particular guardrails were designed to block access to any licenses like Windows 10 product keys. READ MORE...
Researchers at penetration testing and threat intelligence firm PCA Cyber Security (formerly PCAutomotive) have discovered that critical vulnerabilities affecting a widely used Bluetooth stack could be exploited to remotely hack millions of cars. The researchers conducted an analysis of the BlueSDK Bluetooth framework developed by OpenSynergy and found several vulnerabilities, including ones that enable remote code execution, bypassing security mechanisms, and information leaks. READ MORE...
Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University's CERT Coordination Center (CERT/CC) has warned. The vulnerabilities have yet to be patched and it's unknown when (or whether) they will be. Ruckus Networks is a subsidiary of American network infrastructure provider CommScope. READ MORE...