Tag: security researchers
12 articles

pet records Exposed: Exclusive Risky Security Warning
More than 85,000 pet and owner records were left exposed, turning beloved pets’ details into a roadmap for scammers and raising real risks like spam, identity theft and fraudulent claims—here’s what went wrong and what you can do now to protect yourself.

industrial control systems: Stunning Risky Honeypot Exposed
Researchers built a realistic fake water-utility honeypot that fooled a pro‑Russia hacktivist crew into bragging about an attack, revealing how online bravado can mask real impact while letting defenders safely harvest vital intelligence. The quiet takedown highlights both the power of deception to strengthen critical‑infrastructure security and the tricky legal and ethical questions it raises.

AI Vulnerability Reward Program: Exclusive $30K Best Win
Google’s new AI Vulnerability Reward Program offers up to $30,000 to researchers who responsibly report model flaws — a smart, practical move to incentivize fixes, curb abuse, and make AI safer for everyone.

self-replicating worm: Stunning Risk to Dev Supply Chains
A self-replicating worm has infected nearly 200 NPM packages, stealing developer tokens and publishing them to public GitHub repos so each install can expose even more credentials. If you use open-source dependencies, now’s the time to audit builds, rotate keys, and lock down your developer workflows before the next propagation wave hits.

Android security bulletin: Urgent Must-Have Fixes
Google’s massive September Android bulletin patches 120 vulnerabilities — including two already exploited in the wild — so installing updates ASAP is no longer optional. Device makers and carriers must accelerate rollouts, or millions of phones will remain easy targets.

Hook Android Trojan: Stunning Dangerous Ransomware Threat
A new Hook Android Trojan variant now combines banking fraud with ransomware-style lockouts, letting attackers both steal credentials and hold phones hostage. Millions of users should tighten app sources, review permissions, and keep backups as defenders scramble to catch up.

bug bounty programs: Must-Have Best Practices
Bug bounties can be brilliant — they turn curious outsiders into powerful allies who find and help fix real-world flaws before attackers do — but when programs are poorly scoped, underpaid, or legally hostile they breed frustration, public disclosures, and real risk. Get the incentives, triage, and policies right and they strengthen security; get them wrong and the results can be expensive, embarrassing, or downright ridiculous.

PromptFix attacks: Must-Have Defenses vs Risky Threats
Researchers warn of a new PromptFix attack that hijacks the prompts and data feeding agentic AIs, letting attackers steer, confuse, or corrupt assistants without touching the underlying models. As these agents enter everyday tools, layered protections like provenance checks, least‑privilege actions, and better monitoring are essential to keep them safe.

Apple backdoor: Stunning UK Reversal — Risky Plan Dies
In a surprising win for privacy, the U.K. appears to have backed away from forcing Apple to build a backdoor—raising fresh questions about how to balance law enforcement needs with global security risks. Driven by diplomatic pushback, expert warnings and public outcry, the decision gives encryption defenders a reprieve while pushing governments to find smarter, privacy-preserving alternatives.

cyber-secure lock upgrade: Must-Have Best Defense
Hyundai’s new £49 “cyber‑secure” lock upgrade offers a cheap fix for keyless‑relay thefts—but it also sparks a bigger question: should drivers pay for security retrofits or should manufacturers cover fixes to vulnerabilities they sold with?

Iranian Android Spyware: Exclusive Risky New Threat
A dangerous new strain of Iranian Android spyware — a revamped DCHSpy tied to MuddyWater — is turning smartphones into frontline spying tools with enhanced data-stealing and persistence that make detection much harder. Stay vigilant: keep your apps updated, use official stores, and enable strong authentication to reduce your risk.

Fake CAPTCHAs: Shocking Adtech Threat
Find out how fake CAPTCHAs—those seemingly harmless verification checks—are being weaponized by a shadowy adtech network to bypass moderation, spread disinformation, and profit from manipulation, and what it will take to reclaim trust online.