A new study shows that open-source AI chatbots, like Meta’s Llama and Google DeepMind’s Gemma, are being used in ways researchers didn’t expect—including by hackers. After tracking thousands of servers running these models worldwide over 293 days, experts found thousands of deployments with security issues, noting hundreds of instances where guardrails had been removed and…
Grubhub confirms it’s been hacked after unauthorized actors gain access to internal systems. The attackers reportedly gained access through credentials stolen during the Salesloft breach last August. Salesloft, a sales engagement platform, suffered a compromise that exposed OAuth tokens for multiple integrated services. Those tokens provided persistent access that attackers exploited months later. Grubhub confirmed…
The Chinese-linked cyberespionage group ‘Mustang Panda’ targeted U.S. government and policy-related officials with phishing emails themed around Venezuela. The campaign, uncovered by Acronis, exploited geopolitical events to infect systems and steal data. The U.S. Department of Justice recognizes Mustang Panda as a hacker group backed by China. Chinese-linked cyberespionage group, identified as ‘Mustang Panda,’…
The exposed dataset contained numerous French records, from population registry data to car insurance information, totalling tens of millions of records. The Cybernews research team believes the database was likely compiled by malicious actors. Key takeaways: Over 45M French records were exposed in an open database likely compiled by malicious data collectors. The leaked data…
Russian technology companies working on air defense, sensitive electronics and other defense applications were targeted in recent weeks by a cyber espionage group using AI-generated decoy documents, according to a cybersecurity analyst. The discovery by cybersecurity firm Intezer shows how AI tools can be easily harnessed for high-stakes operations, senior security researcher Nicole Fishbein said,…
Credit report and identity verification services provider 700Credit has disclosed a data breach impacting more than 5.8 million individuals. 700Credit is the largest provider of credit checks, identity verification, fraud detection, and compliance services for automotive, marine, powersports, and RV dealers in North America. It serves roughly 18,000 dealerships. The incident, the company says, was…
Hackers are hijacking U.S. radio transmission equipment to broadcast bogus emergency messages and obscene language, the Federal Communications Commission said on Wednesday. In a public notice, opens new tab, the FCC said a “recent string of cyber intrusions against various radio broadcasters” had occurred, resulting in the issuance of the U.S. Emergency Alert System’s “Attention Signal.”…
The UAE Cybersecurity Council has warned the public against the dangers of neglecting personal digital footprints, cautioning that every login, post, or interaction online leaves behind a trail that can be exploited by hackers or untrustworthy applications. In a statement carried by the Emirates News Agency (WAM), the council noted that more than 1.4 billion…
Coinbase warns of up to $400 million hit from cyberattack, Internet blames KYC for it The hack involved the payment of multiple contractors and employees working in support roles outside the U.S. to gather information Coinbase has predicted a financial impact of between $180 million and $400 million due to a cyberattack that compromised the account…
A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. Although Crocodilus is a new banking malware, it features fully developed capabilities to take control of the device, harvest data, and remote control. Researchers at fraud prevention company…
