Pulse of Truth

Barbara Moens / Financial Times: The EU Commission orders Apple to open iOS to third-party connected devices, and in preliminary findings charges Google with breaking the DMA in search and apps  —  EU continues Big Tech crackdown under landmark Digital Markets Act  —  Brussels is pressing ahead with regulatory action …

Clearview AI spent nearly a million dollars in a bid to purchase “690 million arrest records and 390 million arrest photos” from all 50 states, court records reveal.

93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs, according to Fastly. This includes two in five organizations (41%) increasing CISO participation in strategic decisions at the board level. CISO liability under the spotlight In late 2023, newly adopted regulations such as the SEC rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies as well as other headlines have put … More → The post Most organizations change policies to reduce CISO liability risk appeared first on Help Net Security.

California Cryobank LLC, one of America’s largest sperm donor repositories, has confirmed a significant data breach that exposed sensitive customer information.  The cyber intrusion, which occurred on April 20, 2024, but remained undetected until October 4, 2024, has triggered mandatory breach notifications to affected individuals across multiple states, with formal notices sent to customers on […] The post US Sperm Donor Giant California Cryobank Hacked – Customers Personal Data Exposed appeared first on Cyber Security News.

He was supposed to make a sci-fi epic about super intelligent clones. The FBI says he spent the money on crypto and cars.

Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library

Don't laugh. This kind of warning shows crims are getting desperate Dark web analysts at infosec software vendor Fortra have discovered an extortion crew named Ox Thief that threatened to contact Edward Snowden if a victim didn’t pay to protect its data – a warning that may be an indicator of tough times in the ransomware world for some, at least.…

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. [...]

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions -

Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98

It concerns a

Comments

A new threat assessment from the Danish Civil Protection Authority (SAMSIK) warned of cyberattacks targeting the telecommunications sector after citing a wave of incidents hitting European organizations the past few years.

Alphabet Inc. is in talks to purchase the cloud security company Wiz for $33 billion, restarting deal discussions that were called off last summer after extended negotiations, according to people familiar with the matter.

Cloudflare announced that it is expanding end-to-end support for post-quantum cryptography to its Zero Trust Network Access solution. Available immediately, organizations can securely route communications from web browsers to corporate web applications to gain immediate, end-to-end quantum-safe connectivity. By mid-2025, Cloudflare will extend this support to include all IP protocols, significantly broadening compatibility across most corporate applications and devices. With this, organizations will be able to rely on Cloudflare to transition their Internet communications between … More → The post Cloudflare boosts defenses against future quantum threats appeared first on Help Net Security.

Packed with real-world case studies and practical examples, Cybersecurity Tabletop Exercises offers insights into how organizations have successfully leveraged tabletop exercises to identify security gaps and enhance their incident response strategies. The authors explore a range of realistic scenarios, including phishing campaigns, ransomware attacks, and insider threats, demonstrating how these exercises can uncover vulnerabilities before an actual crisis occurs. It also highlights key lessons learned from exercises that didn’t go as planned, providing a well-rounded … More → The post Review: Cybersecurity Tabletop Exercises appeared first on Help Net Security.

Ransomware negotiations are a high-stakes game where every decision matters. In this Help Net Security video, Kurtis Minder, CEO at GroupSense, takes us inside the world of ransomware negotiations. We learn how attackers communicate, the tough decisions victims face, and the mistakes that can make or break a response. He breaks down the key factors in deciding whether to engage with hackers, the legal and ethical considerations, and why preparation is everything. Learn why logging … More → The post Pay, fight, or stall? The dilemma of ransomware negotiations appeared first on Help Net Security.

The WebUSB standard is certainly controversial. Many consider it a security risk, and, to date,  only Chromium-based browsers support it. But there is a workaround that is, ironically, supposed to …read more

A Micronesian state suffered a ransomware attack and was forced to shut down all computers of its government health agency. A state in Micronesia, the state of Yap, suffered a ransomware attack, forcing the shutdown of all computers in its government health agency. Yap is one of the four states of the Federated States of […]

Jennifer Elias / CNBC: Google and other companies are considering bringing back in-person job interviews, as some startups sell AI tools that let engineers cheat in virtual interviews  —  After landing internship offers from Amazon, Meta and TikTok, computer science student Chungin “Roy” Lee has decided to move to San Francisco.

The advertising industry is immensely powerful, and disturbingly opaque.

Pavel Durov, chief executive officer of the Telegram messaging app, has been allowed to leave France for several weeks, Agence France-Press reported, citing sources who weren’t identified.

Politico: European authorities raided 21 addresses, arrested several people, and sealed two offices in the EU Parliament, as part of a spiraling bribery probe into Huawei  —  Chinese tech giant's offices raided and Parliament offices sealed in case that echoes the 2022 Qatargate investigation.

The US Justice Department announced that the LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S. The US Justice Department announced that one of the LockBit ransomware developer, Rostislav Panev (51), has been extradited to the United States. The dual Russian-Israeli national was arrested in Israel in 2024 and faces charges related […]

Joseph Menn / Washington Post: Morgan Marquis-Boire, the once-celebrated hacker accused of sexual assaults in 2017, is the undisclosed co-founder of crypto intelligence firm Unciphered  —  Employees said they weren't told that the co-founder of Unciphered was a once-celebrated spyware foe who dropped out of the public eye after being accused of sexual assault.

This seemed inevitable. You can't have a personal assistant if they don't have access to everything you do.

CJR study shows AI search services misinform users and ignore publisher exclusion requests.