A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. […]
Category Added in a WPeMatico Campaign
Poland arrests suspect linked to Phobos ransomware operation
Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. […]
Ireland now also investigating X over Grok-made sexual images
Ireland’s Data Protection Commission (DPC), the country’s data protection authority, has opened a formal investigation into X over the use of the platform’s Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. […]
Washington Hotel in Japan discloses ransomware infection incident
The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. […]
Eurail says stolen traveler data now up for sale on dark web
Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. […]
Man arrested for demanding reward after accidental police data leak
Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received “something in return.” […]
Infostealer malware found stealing OpenClaw secrets for first time
With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens, and other secrets. […]
Passwords to passkeys: Staying ISO 27001 compliant in a passwordless era
Password-based authentication is increasingly risky as organizations adopt passkeys to strengthen security and meet ISO/IEC 27001 requirements. Passwork explains how to align passwordless adoption with Annex A controls, risk assessments, and secure implementation practices. […]
CISA gives feds 3 days to patch actively exploited BeyondTrust flaw
CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days. […]
Google patches first Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. […]