RSS Hacker News
  • Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack February 22, 2025
    Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. […]
  • OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns February 22, 2025
    OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool. The social media listening tool is said to likely originate from China and is powered by one of Meta's Llama models, with the accounts in question using the AI company's […]
  • Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands February 21, 2025
    Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys […]
  • Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations February 21, 2025
    An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it's also providing "boutique" solutions in order
  • Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3 February 21, 2025
    The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite […]
  • Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025 February 21, 2025
    In today’s rapidly evolving digital landscape, weak identity security isn’t just a flaw—it’s a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into […]
  • AI-Powered Deception is a Menace to Our Societies February 21, 2025
    Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where it’s said, ‘The first casualty is the truth.’  […]
  • Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks February 21, 2025
    Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments […]
  • CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks February 21, 2025
    A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was […]
  • North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware February 20, 2025
    Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima,