When your digital vault is compromised, the fallout isn't just financial - it cuts to the foundation of trust. That is the reality that Coinbase, one of the world's largest cryptocurrency exchanges, is facing in the wake of a data breach that reportedly led to losses of up to $400 million and exposed almost 70,000 customers' personal information. This breach also sparked serious questions about how well companies are managing data governance, internal security controls, and insider risk. READ MORE...
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. In June, Google's Threat Intelligence Group (GTIG) warned that threat actors tracked as UNC6040 were targeting Salesforce customers in social engineering attacks. READ MORE...
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites. The scam begins with deceptive ads posted on social media. READ MORE...
Hackers planted a Raspberry Pi equipped with a 4G modem in the network of an unnamed bank in an attempt to siphon money out of the financial institution's ATM system, researchers reported Wednesday. The researchers with security firm Group-IB said the "unprecedented tactic allowed the attackers to bypass perimeter defenses entirely." The hackers combined the physical intrusion with remote access malware that used another novel technique to conceal itself. READ MORE...
Hackers have concealed spyware in more than 250 seemingly harmless Android and iOS apps in Korea. The malicious apps are of all shapes and sizes: social media, dating, cloud file services, even car services. They mimic brands with innocuous names and cute and professional-looking logos. They sport plenty of five-star reviews. In other words, they're quite easy to mistake as legitimate, until after you've waived all your personal data protections. READ MORE...
Browser security firm LayerX has disclosed a new attack method that works against popular gen-AI tools. The attack involves browser extensions and it can be used for covert data exfiltration. The method, named Man-in-the-Prompt, has been tested against several highly popular large language models (LLMs), including ChatGPT, Gemini, Copilot, Claude and DeepSeek. Any browser extension can access these AI tools and inject prompts instructing them to provide sensitive data and exfiltrate it. READ MORE...
Many of us have received texts like these. Often super short, some flirty, some with a business tone, or sometimes just a simple 'hello.' You don't know the sender, and they look like an honest mistake. But they're not. All the messages are carefully crafted to seem plausible-so you don't immediately feel suspicious-and short-to trigger your curiosity. The intention of these messages are to get you to be confused enough that you will reply, perhaps by saying they have the wrong number. READ MORE...
Thai and Cambodian tensions relating to issues including cybersecurity concerns boiled over into a kinetic skirmish at the border last week. The conflict started largely as an extension of a decades-old dispute over access to an ancient Hindu temple located a couple of hundred meters on the Cambodian side of the border. Tensions at the temple were already high. In May, Thai and Cambodian troops exchanged fire across the border near the site. One Cambodian soldier died as a result. READ MORE...
Beijing has summoned Nvidia over alleged security issues with its chips, in a blow to the US company's push to revive sales in the country after Washington granted approval for the export of a made-for-China chip. China's cyber regulator on Thursday said it had held a meeting with Nvidia over what it called "serious security issues" with the company's artificial intelligence chips. It said US AI experts had "revealed that Nvidia's computing chips have location tracking." READ MORE...