lemmydev2

Clearing your cookies is not enough to protect your privacy online. New research led by Texas A&M University has found that websites are covertly using browser fingerprinting—a method to uniquely identify a web browser—to track people across browser sessions and sites.

MacKenzie Sigalos / CNBC: The DOJ announces the seizure of $225.3M in crypto linked to “pig butchering” scams, marking “the largest cryptocurrency seizure in US Secret Service history”  —  The Justice Department announced Wednesday the largest-ever U.S. seizure of cryptocurrency linked to so-called …

Noele Illien / Bloomberg: UBS confirms data was stolen in a cyberattack on supplier Chain IQ, which said it and 19 other companies were targeted; Swiss media says it impacts 130K+ staff  —  UBS Group AG said that information about the company had been stolen in a cyber attack on one of its suppliers …

A critical supply chain vulnerability dubbed “GerriScary” (CVE-2025-1568) that could have allowed attackers to inject malicious code into at least 18 major Google projects, including ChromiumOS, Chromium, Dart, and Bazel. The vulnerability uncovered by Tenable security researcher Liv Matan exploits the misconfigurations in Google’s Gerrit code collaboration platform, enabling unauthorized users to compromise trusted software […] The post Google’s Gerrit Code Platform Vulnerability Allows Hack of 18 Google Projects Including ChromiumOS appeared first on Cyber Security News.

Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable Authentication Modules (PAM) configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15, and allows an unprivileged local attacker – for example, an attacker who logs in via a remote SSH session – to gain the “allow_active” privileges … More → The post Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) appeared first on Help Net Security.

Research by: Jaromír Hořejší (@JaromirHorejsi), Antonis Terefos (@Tera0017) Key Points Introduction Minecraft is a popular video game with a massive global player base, with over 200 million monthly active players. The game has also sold over 300 million copies, making it one of the best-selling video games ever. Minecraft supports mods (user-created modifications), which enrich the […] The post Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data appeared first on Check Point Research.

Barracuda observed a big spike in spam emails generated using AI tools, making up the majority detected in April 2025

After an attack on Iran’s Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex.

It was discovered that libblockdev incorrectly handled mount options when resizing certain filesystems. A local attacker with an active session on the console can use this issue to escalate their privileges to root.

In a concerning development for mobile payment security, cybersecurity experts have identified a sophisticated new malware strain named “SuperCard” that exploits Android devices to steal payment card data. This malicious application, a modified version of the legitimate NFCGate program, intercepts Near Field Communication (NFC) traffic during contactless payments, effectively turning compromised phones into relay devices […] The post New SuperCard Malware Using Hacked Android Phones to Relay Data from Users Payment Cards to Attackers Device appeared first on Cyber Security News.

[This is a Guest Diary by Matthew Paul, an ISC intern as part of the SANS.edu BACS program]

Despite widespread anticipation about AI’s positive impact on workforce productivity, most employees feel they were overpromised on its potential, according to GoTo. In fact, 62% believe AI has been significantly overhyped. However, this is likely because employees aren’t making the most of what these tools have to offer. 86% admit they’re not using AI tools to their full potential, and 82% say they aren’t very familiar with how AI can be used practically in their … More → The post Employees are using AI where they know they shouldn’t appeared first on Help Net Security.