Skip to main content

Hacking

Android device settings show Intrusion Logging feature enabled in Advanced Protection Mode.

Google Bolsters Android Spyware Defenses with Intrusion Logging Feature

Google just launched a game-changing feature to help protect Android users from spyware: Intrusion Logging, a powerful tool that collects forensic data to help investigate suspected device compromises. Now available in Advanced Protection Mode, this innovative feature lets users opt-in to safeguard their digital security and peace of mind.

Analyst 207
Smartphone on a lab bench with forensic tools in the background, under bright daylight.

Google Bolsters Android Security to Counter Spyware Vendors

Google's new Intrusion Logging feature is a game-changer in the fight against spyware, helping digital forensics researchers uncover sophisticated attacks on Android devices. By recording security incidents like device unlocking and spyware installation, it provides crucial evidence to investigate and take down these threats.

Analyst 207
Windows office workstations with computers and monitors in daylight-lit setting, highlighting potential vulnerabilities in…

Attackers Exploit AD CS for Stealthy Privilege Escalation

Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often under-monitored.

Analyst 207
A Windows computer workstation with file explorer open in a dimly lit office setting.

GhostLock Exploits Windows API to Disrupt File Access

Meet GhostLock, a proof-of-concept that cleverly exploits Windows API to disrupt file access, causing operational downtime without data loss, similar to the impact of ransomware. By manipulating the CreateFileW sharing parameter, GhostLock effectively locks files, leaving other processes in the dark with a sharing violation error.

Analyst 207
Server room setup with computers and networking equipment in a brightly-lit corporate IT environment.

Active Directory Breaches Persist After Password Resets

Resetting passwords isn't enough to keep hackers at bay, especially in Active Directory environments where cached credentials and sync delays can leave gaping security holes. Even after a password reset, attackers can still find ways to exploit outdated credentials and gain unauthorized access.

Analyst 207
Radio communication console in a control room with a blurred background.

Vulnerabilities in TETRA Radio System Expose Global Security Risks

A single misstep in a radio system can send critical infrastructure crashing down - as Taiwan's bullet train system learned the hard way when a university student's clever hack with a radio and online kit brought the entire network to a standstill for nearly an hour. The incident highlights the urgent need for robust defenses to safeguard our global security.

Analyst 207
Chrome browser window on laptop with multiple extensions, displaying blurred Claude AI interface on cluttered desk near…

Claude AI Extension Flaw Enables Cross-Plugin Hijacking

A security flaw in the Claude AI Chrome extension could put users at risk, as it allows other browser extensions to issue commands to Claude without verification. This vulnerability creates a backdoor for hackers to hijack the AI model, warns LayerX senior researcher Aviad Gispan.

Analyst 207
Government officials gather around a table with a laptop, symbolizing coordination and planning on cybersecurity.

Schumer Urges DHS to Bolster AI Cyber Defenses with State, Local Governments

Senate Minority Leader Chuck Schumer is sounding the alarm on the urgent need for stronger AI cyber defenses, warning that there's a high-stakes race between cybersecurity defenders and AI-enabled hackers. He’s pressing the Department of Homeland Security to team up with state and local governments to stay ahead of rapidly evolving threats.

Analyst 207
Interior of a government building with a judge's bench and tall windows.

Contractor Convicted for Destroying Dozens of Federal Databases

A contractor's reckless actions led to the destruction of dozens of federal databases, showcasing a staggering disregard for the security and integrity of sensitive government information. After being terminated on February 18, 2025, the contractor and his twin brother intentionally caused chaos by accessing computers without authorization and deleting crucial data.

Analyst 207
Developer workstation with laptop screen showing a trust prompt and blurred software development environment in the…

Anthropic's AI Tool Exposes to One-Click Remote Code Execution Risk

A single click on Claude Code's generic dialog can unleash a major security risk, allowing an unsandboxed Node.js process to spawn with full user privileges. This vulnerability can be exploited using just two common JSON files, putting developers at risk of one-click remote code execution.

Analyst 207
High-end graphics card sits on a clean, neutral-colored surface in a brightly-lit setting.

MD5 Password Hashes Cracked in Under an Hour

In a shocking test, Kaspersky researchers cracked 60% of 231 million MD5 password hashes in under an hour using just one high-powered graphics card, revealing the alarming vulnerability of even the most seemingly secure passwords. This unsettling experiment highlights the urgent need for stronger password protection.

Analyst 207
Person sitting at computer workstation with login screen and password notes in background.

Weak Passwords Expose Networks to Unintended Access

Even a seasoned expert like Roger Grimes, CISO advisor at KnowBe4, has fallen victim to the pitfalls of weak passwords - in a surprising turn of events, he recalling a time when he accidentally gained access to a client's network using the password "rosebud", famously lifted from a film plot.

Analyst 207
Military personnel train in a neutral facility with computer terminal in background.

Defense Contractor Exposes Military Training Data Through API Flaw

A defense contractor's careless API flaw left sensitive military training data vulnerable, sparking a 152-day saga between the contractor and the open-source security project Strix that ultimately led to the exposure being patched. The breach was caused by a low-privilege account having broad access to user records and training materials due to lax authorization checks.

Analyst 207
Secure-looking ledger on a table surrounded by abstract code representations in a bright, neutral-colored tech facility.

Google Bolsters Android App Security with Public Verification Ledger

Google is stepping up its game to keep your Android apps safe with a new public verification ledger that ensures the Google apps on your device are genuine and exactly as intended. This move builds on its Pixel Binary Transparency feature, now expanding it to all Android production apps.

Analyst 207
Rows of computer workstations with blank screens in a neutral-colored room.

AI Models Reach Hacking Parity, But Reasoning Falters

The AI hacking landscape has reached a major milestone: two top AI models, GPT-5.5 and Anthropic's Mythos Preview, have demonstrated nearly identical capabilities in a rigorous 95-task cybersecurity evaluation, with scores of 71.4% and 68.6% respectively. This parity marks a significant tipping point in the development of AI-powered hacking tools.

Analyst 207
Smartphone with blank screen on a neutral surface in a blurred research environment.

Google Boosts Bounty Payouts for Elusive Android Exploits

Google just supercharged its bounty program, offering up to $1.5 million for the most elusive Android exploits that require top-notch technical skills to pull off. The biggest prizes go to zero-click, full-chain exploits with persistence, highlighting Google's focus on tackling the toughest security challenges.

Analyst 207
Rows of computer servers and networking equipment glow softly in a data center.

AI Infrastructure Exposes Widespread Security Gaps

A staggering 2 million hosts and 1 million exposed services were uncovered through a simple scan of certificate transparency logs, revealing alarming security gaps in AI infrastructure. The findings painted a concerning picture: most AI projects lack even basic authentication, leaving them vulnerable to exploitation.

Analyst 207
Government building interior with daylight through tall windows and empty podium.

Pharmacist Indicted for Spying on Co-Workers with Cyber Tools

A pharmacist in Maryland has been indicted for allegedly spying on nearly 200 coworkers and individuals over eight years using cyber tools, breaching trust and violating digital boundaries. Matthew Bathula faces federal charges for unauthorized computer access and aggravated identity theft.

Analyst 207
Security professional stands in front of rows of server racks and workstations in a modern data center.

AI Drives Shift to Continuous Penetration Testing in Cloud Environments

The AI revolution is transforming technology like never before, and Evinova is at the forefront, shifting from annual penetration testing to continuous security validation to safeguard its cloud-native healthcare software. This bold move replaces traditional point-in-time assessments with ongoing validation, ensuring rock-solid security for its customers.

Analyst 207
Security expert examines laptop in lab setting with tech equipment and AI hints.

Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers

Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.

Analyst 207
Blurred computer screen in empty school hallway conveys concern and vulnerability.

Senators Probe Navigate360 Over Hacked Student Data

Senators Maggie Hassan and Jim Banks are demanding answers from Navigate360 after a cyberattack compromised its anonymous tip line, putting the sensitive data of students, staff, and schools at risk. The breach allegedly exposed 93 gigabytes of data, sparking concerns over the safety and security of those who rely on the company's services.

Analyst 207
Scholars' workspace with candlelit manuscript and scattered parchments.

Academics Crack 15th-Century Diplomatic Cipher

Meet Pedro de Ayala, a 15th-century diplomat who took infosec to new heights by encrypting sensitive royal gossip with clever symbols - only to have his secrets cracked 500 years later by some codebreaking academics. His creative encryption method, which combined symbol substitutions with deliberate omissions, kept his messages safe from prying eyes for centuries.

Analyst 207
Government building interior with judge's bench and US Attorney's seal, daylight through tall windows.

Crypto Launderer Sentenced to 70 Months for $230M Heist Role

Meet Evan Tangeman, a 22-year-old crypto launderer who lived large on stolen millions, racking up half-million-dollar nightclub tabs and luxury cars, before getting sentenced to 70 months in prison for his role in a $230M heist. His lavish lifestyle, fueled by greed, came crashing down with a guilty plea and a lengthy prison term.

Analyst 207
Large computer screen displays complex network diagram in modern lab setting.

Frontier AI Exposes Gaps in Traditional Security Programs

Imagine having the power to replicate a full year’s worth of manual penetration testing in just three weeks - that's the reality with frontier AI, which has exposed significant gaps in traditional security programs. Palo Alto Networks and Unit 42 have revealed that advanced models like Anthropic Mythos can autonomously identify software vulnerabilities and adapt to defensive controls in near-real-time.

Analyst 207