Pulse of Truth

Even security teams, the ones responsible for protecting the business, are adding to AI-related risk. A new survey by AI security company Mindgard, based on responses from over 500 cybersecurity professionals at RSAC 2025 Conference and Infosecurity Europe 2025, found that many security staff are using AI tools on the job without approval. Al tools usage by security teams (Source: Mindgard) This growing use of unapproved AI, often called shadow AI, is becoming a major … More → The post Who’s guarding the AI? Even security teams are bypassing oversight appeared first on Help Net Security.

News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. [...]

Researchers discovered the largest data breach ever, exposing 16 billion login credentials, likely due to multiple infostealers. Researchers announced the discovery of what appears to be the largest data breach ever recorded, with an astonishing 16 billion login credentials exposed. The ongoing investigation, which began earlier this year, suggests that the credentials were collected through […]

A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. [...]

Barracuda observed a big spike in spam emails generated using AI tools, making up the majority detected in April 2025

A recent study by researchers at the University of Padova reveals that despite the rise in car thefts involving Remote Keyless Entry (RKE) systems, the auto industry has made little progress in strengthening security. Since RKE’s introduction in the early 1980s, automakers have worked to improve security by adding features such as immobilizers, which prevent the engine from starting without proper authentication. Vehicle remote entry technologies and evolution Over the past year, new web and … More → The post Thieves don’t need your car keys, just a wireless signal appeared first on Help Net Security.

Cyberstalkers are increasingly turning to cheap GPS trackers to secretly monitor people in real time. These devices, which often cost less than $30 and run on 4G LTE networks, are small, easy to hide under a bumper or in a glovebox, and can go undetected for months. A new paper from researchers at NYU, You Can Drive But You Cannot Hide, presents an affordable, practical method for detecting these hidden cellular GPS trackers using off-the-shelf … More → The post GPS tracker detection made easy with off-the-shelf hardware appeared first on Help Net Security.

Clearing your cookies is not enough to protect your privacy online. New research led by Texas A&M University has found that websites are covertly using browser fingerprinting—a method to uniquely identify a web browser—to track people across browser sessions and sites.

Traditional static application security testing (SAST) tools are falling short. That’s the key takeaway from a recent report that tested these tools against nearly 3,000 open-source code repositories. The results: more than 91% of flagged vulnerabilities were false positives. The Exorcising the SAST Demons report comes from Ghost Security, which scanned public GitHub projects in Go, Python, and PHP. The study focused on three vulnerability types commonly found in real-world apps: SQL injection, command injection, … More → The post 91% noise: A look at what’s wrong with traditional SAST tools appeared first on Help Net Security.

MacKenzie Sigalos / CNBC: The DOJ announces the seizure of $225.3M in crypto linked to “pig butchering” scams, marking “the largest cryptocurrency seizure in US Secret Service history”  —  The Justice Department announced Wednesday the largest-ever U.S. seizure of cryptocurrency linked to so-called …

After an attack on Iran’s Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex.

A critical supply chain vulnerability dubbed “GerriScary” (CVE-2025-1568) that could have allowed attackers to inject malicious code into at least 18 major Google projects, including ChromiumOS, Chromium, Dart, and Bazel. The vulnerability uncovered by Tenable security researcher Liv Matan exploits the misconfigurations in Google’s Gerrit code collaboration platform, enabling unauthorized users to compromise trusted software […] The post Google’s Gerrit Code Platform Vulnerability Allows Hack of 18 Google Projects Including ChromiumOS appeared first on Cyber Security News.

Noele Illien / Bloomberg: UBS confirms data was stolen in a cyberattack on supplier Chain IQ, which said it and 19 other companies were targeted; Swiss media says it impacts 130K+ staff  —  UBS Group AG said that information about the company had been stolen in a cyber attack on one of its suppliers …

Research by: Jaromír Hořejší (@JaromirHorejsi), Antonis Terefos (@Tera0017) Key Points Introduction Minecraft is a popular video game with a massive global player base, with over 200 million monthly active players. The game has also sold over 300 million copies, making it one of the best-selling video games ever. Minecraft supports mods (user-created modifications), which enrich the […] The post Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data appeared first on Check Point Research.

Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable Authentication Modules (PAM) configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15, and allows an unprivileged local attacker – for example, an attacker who logs in via a remote SSH session – to gain the “allow_active” privileges … More → The post Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) appeared first on Help Net Security.

It was discovered that libblockdev incorrectly handled mount options when resizing certain filesystems. A local attacker with an active session on the console can use this issue to escalate their privileges to root.

Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned. The keylogging JavaScript code (Source: Positive Technologies) The initial vector for compromise is unknown The researchers haven’t been able to pinpoint how the attackers gained access to the compromised servers. Some of them were vulnerable to a slew … More → The post Researchers unearth keyloggers on Outlook login pages appeared first on Help Net Security.

Despite widespread anticipation about AI’s positive impact on workforce productivity, most employees feel they were overpromised on its potential, according to GoTo. In fact, 62% believe AI has been significantly overhyped. However, this is likely because employees aren’t making the most of what these tools have to offer. 86% admit they’re not using AI tools to their full potential, and 82% say they aren’t very familiar with how AI can be used practically in their … More → The post Employees are using AI where they know they shouldn’t appeared first on Help Net Security.

In a concerning development for mobile payment security, cybersecurity experts have identified a sophisticated new malware strain named “SuperCard” that exploits Android devices to steal payment card data. This malicious application, a modified version of the legitimate NFCGate program, intercepts Near Field Communication (NFC) traffic during contactless payments, effectively turning compromised phones into relay devices […] The post New SuperCard Malware Using Hacked Android Phones to Relay Data from Users Payment Cards to Attackers Device appeared first on Cyber Security News.

Research Shows Next-Generation 9-1-1 Ecosystems Lack Critical Cyber ProtectionsA report from telecom firm Intrado warns that cybersecurity safeguards are lagging behind the rapid deployment of next-generation 911 systems, exposing the emergency ecosystem to attacks ranging from VoIP floods to ransomware amid growing reliance on cloud-based and IP-connected technologies.

The European Commission has taken an important step toward protecting minors online by releasing draft guidelines under Article 28 of the Digital Services Act (DSA). EFF recently submitted feedback to the Commission’s Targeted Consultation, emphasizing a critical point: Online safety for young people must not come at the expense of privacy, free expression, and equitable access to digital spaces. We support the Commission’s commitment to proportionality, rights-based protections, and its efforts to include young voices in shaping these guidelines. But we remain deeply concerned by the growing reliance on invasive age assurance and verification technologies—tools that too often lead to surveillance, discrimination, and censorship. Age verification systems typically depend on government-issued ID or biometric data, posing significant risks to privacy and shutting out millions of people without formal documentation. Age estimation methods fare no better: they’re inaccurate, especially for marginalized groups, and often rely on sensitive behavioral or biometric data. Meanwhile, vague mandates to protect against “unrealistic beauty standards” or “potentially risky content” threaten to overblock legitimate expression, disproportionately harming vulnerable users, including LGBTQ+ youth. By placing a disproportionate emphasis on age assurance as a necessary tool to safeguard minors, the guidelines do not address the root causes of risks encountered by all users,[...]

Most people know that they shouldn’t plug strange flash drives into their computers, but what about a USB cable? A cable doesn’t immediately register as an active electronic device to …read more

The soaring price of copper makes networks tempting targets for thieves.

The shooter allegedly researched several “people search” sites in an attempt to target his victims, highlighting the potential dangers of widely available personal data.

[This is a Guest Diary by Matthew Paul, an ISC intern as part of the SANS.edu BACS program]