Italy’s competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. […]
NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data
The package provides legitimate functionality to evade detection, while stealing users’ data and deploying a backdoor.
The post NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data appeared first on SecurityWeek.
Italy Antitrust Agency Fines Apple $116 Million Over Privacy Feature; Apple Announces Appeal
Italy’s antitrust authority fined Apple $116 million after determining that operating one of its privacy features restricted App Store competition.
The post Italy Antitrust Agency Fines Apple $116 Million Over Privacy Feature; Apple Announces Appeal appeared first on SecurityWeek.
Baker University says 2024 data breach impacts 53,000 people
Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. […]
574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings
Authorities in Senegal, Ghana, Benin, and Cameroon dismantled BEC, ransomware, and other cyber-fraud networks.
The post 574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings appeared first on SecurityWeek.
U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme
The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud.
The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website are
The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website are
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances.
The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. The package has about 57,000 weekly downloads, according to statistics on npm.
“Under certain
The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. The package has about 57,000 weekly downloads, according to statistics on npm.
“Under certain
3.5 Million Affected by University of Phoenix Data Breach
The University of Phoenix is one of the many victims of the recent Oracle EBS hacking campaign attributed to the Cl0p ransomware group.
The post 3.5 Million Affected by University of Phoenix Data Breach appeared first on SecurityWeek.
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns.
To that end, the agency has added to its Covered List Uncrewed aircraft systems (UAS) and UAS critical components produced in a foreign country, and all communications and video surveillance equipment and services pursuant
To that end, the agency has added to its Covered List Uncrewed aircraft systems (UAS) and UAS critical components produced in a foreign country, and all communications and video surveillance equipment and services pursuant
Cyberattack Disrupts France’s Postal Service and Banking During Christmas Rush
A cyberattack knocked France’s national postal service offline, blocking and delaying package deliveries and online payments.
The post Cyberattack Disrupts France’s Postal Service and Banking During Christmas Rush appeared first on SecurityWeek.