New Unc0ver jailbreak released, works on all recent iOS versions

New "Unc0ver" jailbreak unlocks devices, even those running the current iOS 13.5 release.

Chrome: 70% of all security bugs are memory safety issues

Google software engineers are looking into ways of eliminating memory management-related bugs from Chrome.

25 million user records leak online from popular math app Mathway

The Mathway user data has been previously on sale on the dark web, hacker forums, and Telegram channels for the past two weeks.

Windows malware opens RDP ports on PCs for future remote access

Security experts believe the malware's operators are very likely to sell access to infected hosts to other hacker groups.

Privilege escalation vulnerability patched in Docker Desktop for Windows

The security flaw could be used to trick the service into connecting to malicious processes.

Silent Night Zeus financial botnet sold in underground forums

The botnet is being spread through the RIG exploit kit and COVID-19 spam campaigns.

Ransomware deploys virtual machines to hide itself from antivirus software

The operators of the RagnarLocker ransomware are running Oracle VirtualBox to hide their presence on infected computers inside a Windows XP virtual machine.

New Spectra attack breaks the separation between Wi-Fi and Bluetooth

Technical details to be presented in August at the Black Hat 2020 security conference.

RSA Conference moves 2021 event from February to May

RSA plays it safe for 2021 after ignoring COVID-19 warnings earlier this year and getting at least two attendees infected.

Hackers tried (and failed) to install ransomware using a zero-day in Sophos firewalls

Sophos acted quickly to put out a patch that stopped the hackers' attempts to deploy ransomware on enterprise networks protected by Sophos firewall devices.

Thousands of Israeli sites defaced with code seeking permission to access users' webcams

The hacks have been linked back to a local Israeli WordPress hosting provider.

Japan investigates potential leak of prototype missile data in Mitsubishi hack

The country is analyzing how such a leak could impact national security.

Video game developers under siege by cyberattacks seeking to plunder in-game cash

The Winnti Group is targeting gaming vendors once more with a new backdoor.

BlockFi discloses failed hack attempt after SIM swapping incident

BlockFi says a hacker SIM swapped an employee to gain access to its platform, but the hacker failed in their attempt to steal BlockFi customer funds.

Hacker leaks 40 million user records from popular Wishbone app

UPDATE: The Wishbone database leaks online after a hacker began selling it earlier this week.

Bank of America blames PPP applications leak on faulty SBA test server

BofA says SBA test platform allowed others to view details for its customers' PPP loan applications.

Signal to move away from using phone numbers as user IDs

Signal launches profile PINs, the first step in supporting Signal user accounts that are not tied to phone numbers.

‘Flight risk’ employees involved in 60% of insider cybersecurity incidents

The majority of staff planning their exit also take sensitive information with them, research suggests.

Adobe issues out-of-band patch to fix remote code execution flaw in animation software

Information leaks have also been patched up in Premiere Rush, Audition, and Premiere Pro.

NXNSAttack technique can be abused for large-scale DDoS attacks

New vulnerability in DNS server software can be leveraged for DDoS attacks with an 1620x amplification factor.

Hacker arrested in Ukraine for selling billions of stolen credentials

Hacker "Sanix" has been selling billions of hacked user credentials on hacker forums and Telegram channels.

WolfRAT targets WhatsApp, Facebook Messenger app users on Android devices

Updated: The new malware is unstable and appears to be a slapdash effort based on leaked DenDroid code.

Chrome 83 released with enhanced privacy controls, tab groups feature

Chrome 83 is one of the feature-rich Chrome releases in recent years.

Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks

A firmware patch has been released last year, in November.

France defends 'centralized' coronavirus tracing app, insists privacy held sacred

The country says StopCovid could be valuable in preventing a second COVID-19 wave.

FBI warns about attacks on Magento online stores via old plugin vulnerability

FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin.

Supreme Court rejects lawsuit claiming Facebook provided terrorist forum support

The case accused Facebook of being materially responsible for user-generated terrorist content.

Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack

New BIAS attack works against Bluetooth devices and firmware from Apple, Broadcom, Cypress, Intel, Samsung, and others.

FBI criticizes Apple for not helping crack Pensacola shooter's iPhones

Apple said back in January that it helped within hours and handed over to the FBI gigabytes of information.

Mercedes-Benz onboard logic unit (OLU) source code leaks online

Daimler allowed anyone to register on one of its on-premise GitLab servers.

Face masks prompt London police to consider pause in rollout of facial recognition cameras

The controversial scheme may be halted due to the widespread adoption of face coverings.

FBI: ProLock ransomware gains access to victim networks via Qakbot infections

The FBI also warns that the ProLock decryptor doesn't always work correctly, even after victims pay the ransom.

Illinois blames ‘glitch’ for exposure of PUA applicant Social Security numbers, private data

Sensitive unemployment benefit claimant information was made public on an online portal.

Supercomputers hacked across Europe to mine cryptocurrency

Confirmed infections have been reported in the UK, Germany, and Switzerland. Another suspected infection was reported in Spain.

Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump

The REvil ransomware gang published last night 2.4 GB of Lady Gaga's legal documents.

Hackers preparing to launch ransomware attacks against hospitals arrested in Romania

Hackers were planning to use COVID-19-themed emails to infect Romanian hospitals with ransomware and disrupt operations.

Hackers target the air-gapped networks of the Taiwanese and Philippine military

Third state-sponsored malware strain disclosed this week that can jump the air gap and reach isolated networks.

Mikroceen RAT backdoors Asian government networks in new attack wave

The backdoor paved the way for the deployment of other malware including Gh0st RAT.

This new, unusual Trojan promises victims COVID-19 tax relief

QNodeService’s codebase may have helped it avoid detection by traditional antivirus solutions.

UK electricity middleman hit by cyber-attack

Elexon said the incident only impacted its internal IT network, employee laptops, and company email server.

Google to block ads that use too many system resources starting August 2020

New "Heavy Ad Intervention" will save battery life and network bandwidth usage on mobile data plans.

Russian hacker group using HTTP status codes to control malware implants

New Turla cyber-espionage operation targets diplomatic entities in Europe with new COMpfun malware.

COVID-19 blamed for 238% surge in cyberattacks against banks

Disarray caused by the pandemic has become a breeding ground for financially-motivated attacks.

A cybercrime store is selling access to more than 43,000 hacked servers

The MagBo portal provides access to hacked servers, with some belonging to local and state government, hospitals, and financial organizations.

Microsoft adds initial support for DNS-over-HTTPS (DoH) in Windows Insiders

DoH support now available in current Windows 10 Insiders Fast Ring distributions.

US formally accuses China of hacking US entities working on COVID-19 research

DHS CISA and the FBI issue joint statement on recent Chinese cyber-attacks against COVID-19-related targets.

PrintDemon vulnerability impacts all Windows versions

PrintDemon vulnerability impacts Windows versions released as far back as 1996. Patches available.

New Ramsay malware can steal sensitive documents from air-gapped networks

Ramsay can infect air-gapped computers, collect Word, PDF, and ZIP files in a hidden folder, and then wait for exfiltration.

Adobe issues patches for 36 vulnerabilities in DNG, Reader, Acrobat

May’s patch round includes fixes for remote code execution flaws.

Windows 10 to get PUA/PUP protection feature

PUA/PUP-blocking option to be added in Windows 10 May 2020 update.

DHS CISA and FBI share list of top 10 most exploited vulnerabilities

Office is the most exploited technology, followed by Apache Struts.

Huawei denies involvement in buggy Linux kernel patch proposal

Huawei says employee submitted code as part of a personal project, not on behalf of the company.

Google removed 813 creepware apps from the Android Play Store

The applications were discovered with a new algorithm called CreepRank, developed by a team of academics.

Microsoft May 2020 Patch Tuesday fixes 111 vulnerabilities

Third-largest Patch Tuesday in Microsoft's history started rolling out earlier today.

On the three-year anniversary of WannaCry, US exposes new North Korean malware

US cyber-security officials expose today three new North Korean malware strains named COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH.

Texas courts slammed by ransomware attack

Officials say they will not bow to any blackmail or ransom demands.

WordPress plugin Page Builder by SiteOrigin patched against code execution attacks

The vulnerabilities impacted over one million websites.

Android app promised to serve news updates, served ESET with a DDoS attack instead

The app managed to slither into Google Play and was downloaded at least 50,000 times.

Astaroth malware hides command servers in YouTube channel descriptions

Astaroth continues to evolve into a dangerous threat. Luckily, it's only spreading in Brazil only, right now.

Iran reports failed cyber-attack on Strait of Hormuz port

Iranian officials said hackers infiltrated and damaged a small number of computers at the port of Shahid Rajaei in the city of Bandar Abbas.