Security List - 2024 2023 2021 2020 2019 2018
DATE | NAME | Info | CATEG. | WEB |
| 6.5.24 | The Risk of Default Configuration: How Out-of-the-Box Helm Charts Can Breach Your Cluste | Have you ever used pre-made deployment templates to quickly spin up applications in Kubernetes environments? While these “plug-and-play” options greatly simplify the setup process, they often prioritize ease of use over security. | Security | Microsoft blog |
| 6.5.24 | Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks | Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations | Security | The Hacker News |
| 30.4.25 | Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About | Everyone has cybersecurity stories involving family members. Here's a relatively common one. The conversation usually goes something like this: "The strangest | Security | The Hacker News |
| 25.4.25 | Microsoft Entra account lockouts caused by user token logging mishap | Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. | Security | |
| 23.4.25 | Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito | Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. | Security | The Hacker News |
| 21.4.25 | Chrome extensions with 6 million installs have hidden tracking code | A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. | Security | BleepingComputer |
| 20.4.25 | Microsoft: Office 2016 and Office 2019 reach end of support in October | Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025. | Security | BleepingComputer |
| 20.4.25 | Jira Down: Atlassian users experiencing degraded performance | Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products. | Security | BleepingComputer |
| 20.4.25 | 41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That | Your dashboards say you're secure—but 41% of threats still get through. Picus Security's Adversarial Exposure Validation uncovers what your stack is missing with continuous attack simulations and automated pentesting. | Security | |
| 20.4.25 | CISA extends funding to ensure 'no lapse in critical CVE services' | CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. | Security | BleepingComputer |
| 20.4.25 | MITRE warns that funding for critical CVE program expires today | MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. | Security | |
| 20.4.25 | Cybersecurity firm buying hacker forum accounts to spy on cybercriminals | Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. | Security | |
| 20.4.25 | SSL/TLS certificate lifespans reduced to 47 days by 2029 | The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. | Security | BleepingComputer |
| 20.4.25 | Enhancing your DevSecOps with Wazuh, the open source XDR platform | Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. | Security | |
| 15.4.25 | Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds | Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people | Security | The Hacker News |
| 6.4.25 | Oracle privately confirms Cloud breach to customers | Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. | Security | BleepingComputer |
| 6.4.25 | Genetic data site openSNP to close and delete data over privacy concerns | The openSNP project, a platform for sharing genetic and phenotypic data, will shut down on April 30, 2025, and delete all user submissions over privacy concerns and the risk of misuse by authoritarian governments. | Security | BleepingComputer |
| 5.4.25 | Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans | A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited. | Security | |
| 5.4.25 | VMware Workstation auto-updates broken after Broadcom URL redirect | VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. | Security | BleepingComputer |
|
23.3.25 |
Cloudflare now blocks all unencrypted traffic to its API endpoints | Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. | Security | |
|
23.3.25 |
Microsoft: Exchange Online bug mistakenly quarantines user emails | Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users' emails. | Security | |
|
19.3.25 |
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security | Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition | Security | The Hacker News |
|
16.3.25 |
Microsoft says button to restore classic Outlook is broken | Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the "Go to classic Outlook" button, which should help them switch back to the classic Outlook. | Security | BleepingComputer |
|
16.3.25 |
Mozilla warns users to update Firefox before certificate expires | Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. | Security | BleepingComputer |
| 11.3.25 | Google paid $12 million in bug bounties last year to security researchers | Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024. | Security | BleepingComputer |
| 1.3.25 | Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language | Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the | Security | The Hacker News |
28.9.24 | Automattic blocks WP Engine’s access to WordPress resources | WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform, urging impacted users to choose other hosting providers. | Security | BleepingComputer |
25.9.24 | Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent | Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection | Security | The Hacker News |
24.9.24 | Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns | Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective | Security | The Hacker News |
24.9.24 | Kaspersky deletes itself, installs UltraAV antivirus without warning | Starting Thursday, Kaspersky deleted its anti-malware software from computers across the United States and replaced it with UltraAV's antivirus solution without warning. | Security | |
21.9.24 | Clickbaity or genius? 'BF cheated on you' QR codes pop up across UK | A new wave of QR codes has popped up across UK claiming to share a video of a boyfriend who "cheated" on a girl named Emily last night. Clickbaity or genius? | Security | |
21.9.24 | Tor says it’s "still safe" amid reports of police deanonymizing users | The Tor Project is attempting to assure users that the network is still safe after a recent investigative report warned that law enforcement from Germany and other countries are working together to deanonymize users through timing attacks. | Security | |
20.9.24 | Over 1,000 ServiceNow instances found leaking corporate KB data | Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. | Security | |
14.9.24 | Navigating Endpoint Privilege Management: Insights for CISOs and Admins | Understanding endpoint privilege management is key to defending organizations from advanced attacks. Learn more from ThreatLocker on using endpoint privilege management to better secure your org's systems. | Security | |
14.9.24 | Flipper Zero releases Firmware 1.0 after three years of development | After three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable digital hacking device. | Security | |
12.9.24 | WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers | WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes | Security | The Hacker News |
8.9.24 | Microsoft Office 2024 to disable ActiveX controls by default | After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. | Security | |
8.9.24 | Microsoft removes revenge porn from Bing search using new tool | Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. | Security | |
24.8.24 | Phrack hacker zine publishes new edition after three years | Phrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine's history. | Security | |
21.8.24 | GitHub Actions artifacts found leaking auth tokens in popular projects | Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. | Security | |
11.8.24 | Microsoft 365 anti-phishing feature can be bypassed with CSS | Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` | Security | |
9.8.24 | Crowdstrike: Delta Air Lines refused free help to resolve IT outage | The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. | Security | |
9.8.24 | Countdown is on: Last chance for discount registration at Mandiant’s mWISE 2024 | There is only a few days left to get $300 off the standard conference price at mWISE. Learn more from mWise 2024 about how to get the discount and the upcoming cybersecurity sessions. | Security | |
7.8.24 | CrowdStrike Reveals Root Cause of Global System Outages | Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that | Security | The Hacker News |
4.8.24 | DigiCert to delay cert revocations for critical infrastructure | DigiCert urges critical infrastructure operators to request a delay if they cannot reissue their certificates, as required by an ongoing certificate mass-revocation process announced on Tuesday. | Security | |
27.7.24 | Google Chrome now asks for passwords to scan protected archives | Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. | Security | |
26.7.24 | Google rolls back decision to kill third-party cookies in Chrome | Google has scrapped its plan to kill third-party cookies in Chrome and will instead introduce a new browser experience to allows users to limit how these cookies are used. | Security | |
25.7.24 | CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices | Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash | Security | The Hacker News |
23.7.24 | Google Abandons Plan to Phase Out Third-Party Cookies in Chrome | Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years | Security | The Hacker News |
22.7.24 | Microsoft releases Windows repair tool to remove CrowdStrike driver | Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday. | Security | |
20.7.24 | CrowdStrike update crashes Windows systems, causes outages worldwide | A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. | Security | |
20.7.24 | Exchange Online adds Inbound DANE with DNSSEC for security boost | Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. | Security | |
19.7.24 | Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide | Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty | Security | |
18.7.24 | June Windows Server updates break Microsoft 365 Defender features | Microsoft has confirmed that Windows Server updates from last month's Patch Tuesday break some Microsoft 365 Defender features that use the network data reporting service. | Security | |
15.7.24 | Banks in Singapore to phase out one-time passwords in 3 months | The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. | Security | |
15.7.24 | Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months | Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication | Security | The Hacker News |
14.7.24 | Google increases bug bounty rewards five times, up to $151K | Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw. | Security | |
5.7.24 | Proton launches free, privacy-focused Google Docs alternative | Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool. | Security | |
5.7.24 | Google now pays $250,000 for KVM zero-day vulnerabilities | Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits. | Security | |
2.7.24 | Google Chrome to let Isolated Web App access sensitive USB devices | Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. | Security | |
30.6.24 | Google to Block Entrust Certificates in Chrome Starting November 2024 | Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its | Security | The Hacker News |
29.6.24 | Polyfill claims it has been 'defamed', returns after domain shut down | The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites.. The Polyfill service claims that it has been "maliciously defamed" and been subject to "media messages slandering Polyfill." | Security | |
29.6.24 | Cloudflare: We never authorized polyfill.io to use our name | Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack. | Security | |
| 16.6.24 | Microsoft: New Outlook security changes coming to personal accounts | Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as part of its 'Secure Future Initiative,' including the deprecation of basic authentication (username + password) by September 16, 2024. | Security | |
| 16.6.24 | Mozilla Firefox can now secure access to passwords with device credentials | Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics | Security | |
| 15.6.24 | AWS adds passkeys support, warns root users must enable MFA | Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. | Security | |
| 14.6.24 | Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit | Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble | Security | The Hacker News |
| 9.6.24 | LastPass says 12-hour outage caused by bad Chrome extension update | LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. | Security | |
| 8.6.24 | Google Chrome reduced cookie requests to improve performance | Google shared details on a recently introduced Chrome feature that changes how cookies are requested, with early tests showing increased performance across all platforms. | Security | |
| 8.6.24 | Microsoft deprecates Windows NTLM authentication protocol | Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. | Security | |
6.6.24 | Google Maps Timeline Data to be Stored Locally on Your Device for Privacy | Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, | Security | |
5.6.24 | 4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets | You're probably familiar with the term "critical assets". These are the technology assets within your company's IT infrastructure that are | Security | The Hacker News |
| 3.6.24 | Kaspersky releases free tool that scans Linux for known threats | Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. | Security | |
3.6.24 | Google Chrome change that weakens ad blockers begins June 3rd | Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. | Security | |
29.5.24 | Ad blocker users say YouTube videos are now skipping to the end | Many users report that YouTube videos automatically skip to the end or muting video if they are using an ad blocker, making it impossible for them to watch the video. | Security | |
25.5.24 | LastPass is now encrypting URLs in password vaults for better security | LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access. | Security | |
25.5.24 | Bitbucket artifact files can leak plaintext authentication secrets | Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. | Security | |
11.5.24 | Zscaler takes "test environment" offline after rumors of a breach | Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. | Security | |
| 6.5.24 | Microsoft rolls out passkey auth for personal Microsoft accounts | Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. | Security | |
| 3.5.24 | Google Announces Passkeys Adopted by Over 400 Million Accounts | Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more | Security | The Hacker News |
| 30.4.24 | Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM | It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever- | Security | The Hacker News |
| 27.4.24 | Google Meet opens client-side encrypted calls to non Google users | Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. | Security | |
| 26.4.24 | Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny | Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address | Security | The Hacker News |
| 17.4.24 | UK e-visa rollout starts today for millions: no more physical immigration cards | Starting today, millions living in the UK will receive email invitations to sign up for an e-visa account that will replace their physical immigration documents like Biometric Residence Permits (BRPs). The move is, according to the Home Office, "a key step in creating a modernised and digital border." | Security | |
| 17.4.24 | Google to crack down on third-party YouTube apps that block ads | YouTube announced yesterday that third-party applications that block ads while watching YouTube videos violates its Terms of Service (ToS), and it will soon start taking action against the apps. | Security | |
| 16.4.24 | OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt | Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes | Security | The Hacker News |
| 16.4.24 | AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs | New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud | Security | The Hacker News |
| 16.4.24 | OpenTable won't add first names, photos to old reviews after backlash | OpenTable has reversed its decision to show members' first names and profile pictures in past anonymous reviews after receiving backlash from members who felt it was a breach of privacy. | Security | BleepingComputer |
| 13.4.24 | Chrome Enterprise gets Premium security but you have to pay for it | Google has announced a new version of its browser for organizations, Chrome Enterprise Premium, which comes with extended security controls for a monthly fee per user. | Security | |
| 13.4.24 | Google Workspace rolls out multi-admin approval feature for risky changes | Google is rolling out a new Workspace feature that requires multiple admins to approve high-risk setting changes to prevent unauthorized or accidental modifications that could reduce security. | Security | |
| 11.4.24 | Implementing container security best practices using Wazuh | Maintaining visibility into container hosts, ensuring best practices, and conducting vulnerability assessments are necessary to ensure effective security. In this article Wazuh explores how its software can help implement best security practices for containerized environments. | Security | |
| 4.4.24 | Google agrees to delete Chrome browsing data of 136 million users | Google has agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. | Security | |
| 2.4.24 | Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement | Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the | Security | The Hacker News |
| 24.3.24 | Opera sees big jump in EU users on iOS, Android after DMA update | Opera has reported a substantial 164% increase in new European Union users on iOS devices after Apple introduced a new feature to comply with the EU's Digital Markets Act (DMA). | Security | |
| 23.3.24 | Flipper Zero makers respond to Canada’s ‘harmful’ ban proposal | The makers of Flipper Zero have responded to the Canadian government's plan to ban the device in the country, arguing that it is wrongfully accused of facilitating car thefts. | Security | |
| 23.3.24 | Misconfigured Firebase instances leaked 19 million plaintext passwords | Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. | Security | |
| 16.3.24 | Former telecom manager admits to doing SIM swaps for $1,000 | A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. | Security | |
| 16.3.24 | McDonald's IT systems outage impacts restaurants worldwide | McDonald's restaurants are suffering global IT outages that prevent employees from taking orders and accepting payments, causing some stores to close for the day. | Security | |
| 16.3.24 | Tech support firms Restoro, Reimage fined $26 million for scare tactics | Tech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services. | Security | |
| 15.3.24 | Google Introduces Enhanced Real-Time URL Protection for Chrome Users | Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users | Security | The Hacker News |
| 13.3.24 | Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship | The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. | Security | |
| 13.3.24 | Google paid $10 million in bug bounty rewards last year | Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. | Security | |
| 13.3.24 | Tuta Mail adds new quantum-resistant encryption to protect email | Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. | Security | |
| 6.3.24 | Passwords are Costing Your Organization Money - How to Minimize Those Costs | Getting rid of passwords completely isn't a realistic option for most orgs, but there are things you can do to make them more secure. Learn more from Specops Software on maximizing security while mitigating costs. | Security | |
| 3.3.24 | News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian... | BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices. | Security | |
| 3.3.24 | GitHub enables push protection by default to stop secrets leak | GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. | Security | |
| 1.3.24 | GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories | GitHub on Thursday announced that it's enabling secret scanning push protection by default for all pushes to public repositories. "This means that | Security | The Hacker News |
| 29.2.24 | PayPal files patent for new method to detect stolen cookies | PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks. | Security | |
| 25.2.24 | RCMP investigating cyber attack as its website remains down | The Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach. | Security | |
| 25.2.24 | Apple adds PQ3 quantum-resistant encryption to iMessage | Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks. | Security | |
| 23.2.24 | New Google Chrome feature blocks attacks against home networks | Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. | Security | |
| 23.2.24 | Wyze investigating 'security issue' amid ongoing outage | Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning. | Security | |
| 23.2.24 | Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage | Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging | Security | The Hacker News |
| 18.2.24 | DuckDuckGo browser gets end-to-end encrypted sync feature | The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. | Security | |
| 17.2.24 | 5 Steps to Improve Your Security Posture in Microsoft Teams | Microsoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture. | Security | |
| 10.2.24 | Canada to ban the Flipper Zero to stop surge in car thefts | The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. | Security | |
| 10.2.24 | Microsoft: Outlook clients not syncing over Exchange ActiveSync | Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. | Security | |
| 9.2.24 | How to Apply Zero Trust to your Active Directory | With cyberattacks happening everyday, how can we apply zero trust principles towards keeping our Active Directory secure? Learn more from Specops Software on how to apply zero trust principles. | Security | |
| 4.2.24 | Check if you're in Google Chrome's third-party cookie phaseout test | Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. | Security | |
2.2.24 | Microsoft says Outlook apps can’t connect to Outlook.com | Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account. | Security | |
1.2.24 | Role of Wazuh in building a robust cybersecurity architecture | Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions. | Security | |
| 1.2.24 | How to secure AD passwords without sacrificing end-user experience | To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. | Security | |
26.1.24 | Perfecting the Defense-in-Depth Strategy with Automation | Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom | Security | The Hacker News |
20.1.24 | Haier hits Home Assistant plugin dev with takedown notice | Appliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub. | Security | |
20.1.24 | Have I Been Pwned adds 71 million emails from Naz.API stolen account list | Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. | Security | |
19.1.24 | Latest Adblock update causes massive YouTube performance hit | Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. | Security | |
12.1.24 | Bitwarden adds passkey support to log into web password vaults | The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs. | Security | |
12.1.24 | Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy | Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute 1 , "only 59% of organizations say | Security | The Hacker News |
11.1.24 | Criminal IP and Tenable Partner for Swift Vulnerability Detection | Cyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans. | Security | |
7.1.24 | Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy | Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, "only 59% of organizations say their | Security | The Hacker News |
4.1.24 | PornHub blocks North Carolina, Montana over new age verification laws | Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Carolina as new age verifications laws go into effect. | Security | |
4.1.24 | Steam drops support for Windows 7 and 8.1 to boost security | Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. | Security | |
4.1.24 | The biggest cybersecurity and cyberattack stories of 2023 | 2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. | Security | |
3.1.24 | Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' | Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought.. | Security |