Meta fights Ofcom over how many billions count as billions
Social media biz says watchdog's fine formula is 'disproportionate' and should stop counting global revenue
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Zara data breach exposed personal information of 197,000 people
Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service …
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a r…
Nothing says 'business continuity' like a dry wooden broom
No sparks, no glory
Lego throws its own Hail Mary
Movie-inspired set ticks the clever Technic box, but at a price
Former govt contractor convicted for wiping dozens of federal databases
A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. [...]
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor c…
‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more. The post ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Crede…
Bus station display takes the Windows 10 road to nowhere
Spikes deter pigeons, but Microsoft still managed to foul the screen
Ransomware Group Takes Credit for Trellix Hack
RansomHouse has published several screenshots to demonstrate access to internal Trellix services. The post Ransomware Group Takes Credit for Trellix Hack appeared first on Security…
New Linux 'Dirty Frag' zero-day gives root on all major distros
A new Linux zero-day exploit, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. [...]
Custom PC worked in the lab, failed on site – and so did the angry client
It's amazing what happens when you plug everything in
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension. The post Vulnerability in Claude Extension for Chrome …
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Target…
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Co…
Cloudflare to fire 1,100 staff whose jobs just aren’t AI enough
Around 20 percent of staff get an ‘In one hour, you might not work here anymore’ email
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the Uni…
AWS warns of EC2 'impairment' as power loss hits notorious US-EAST-1 region
Extra aircon found to cool overheating datacenter as users complain their resources are... nowhere
HPE drops first Juniper x Aruba collab – self-driving Wi-Fi
NetAdmins can stay in the loop while they learn to trust AI to tackle some scutwork
GNU IFUNC is the real culprit behind CVE-2024-3094
Article URL: https://github.com/robertdfrench/ifuncd-up Comments URL: https://news.ycombinator.com/item?id=48056749 Points: 132 # Comments: 69
Mozilla boasts Mythos boosted Firefox bug cull
Yet it remains unclear if Anthropic's uber model was effective, or if better model middleware is what makes the difference
Canvas login portals hacked in mass ShinyHunters extortion campaign
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of…
Dyna Software's AI assistant promises to massage your toughest ServiceNow configs
The tool is meant to take the place of 80% of the work that requires ServiceNow dev teams
New TCLBanker malware self-spreads over WhatsApp and Outlook
A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. [..…
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud environments.
Fake IT workers rented laptops to Nork scammers, got prison time
Matthew Isaac Knoot and Erick Ntekereze Prince will each do 18 months for hosting laptops used by North Korean IT workers to remotely infiltrate US companies
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'
Security biz Adversa AI argues users of AI tools need clearer warnings
LIU014: Linda Haviv: From Philosophy Major to AI Engineer
Alexis and Kevin sit down with Linda Haviv, an AI/ML Engineer and founder of Coding Crystals. Linda is known for making AI infrastructure accessible, and for a career path that wen…
Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
Musk said that he could have founded OpenAI as a for-profit company, just like the other companies he started or took over. “I deliberately chose this,” he said, “for the public go…
New PCPJack worm steals credentials, cleans TeamPCP infections
A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. [...]