Filings: business services giant Conduent, which was spun off from Xerox in 2017, confirms that a 2024 data breach has impacted over 10.5M people
Bill Toulas / BleepingComputer :
Apple announces a “major evolution” of the Apple Security Bounty program, doubling its top award to $2M for exploit chains that could be abused for spyware
$2M Top Payout Usman Qureshi / iPhone in Canada : Apple Doubles Security Bounty Rewards to $2 Million Bill Toulas / BleepingComputer : Apple now offers $2 million for zero-click RCE vulnerabilities Ti...
Researchers detail a now-fixed flaw in Perplexity's Comet AI browser that let an attacker use an indirect prompt injection to manipulate it into taking actions
Brave and Guardio's security audits call out paid AI browser Victor Tangermann / Futurism : Using an AI Browser Lets Hackers Drain Your Bank Account Just by Showing You a Public Reddit Post Marcus Sch...
A Citizen Lab report finds that two European journalists had their iPhones hacked with Paragon spyware; Apple fixed the zero-day used in the spyware in February
Act Now To Prevent Attacks Markus Kasanmascheff / WinBuzzer : Apple Confirms iPhone Flaw Was Used to Spy on Journalists Kevin Poireault / Infosecurity : European Journalists Targeted by Paragon Spywar...
Researchers say a Next.js flaw that existed for several years could have let hackers bypass middleware-based authentication; Vercel patched the flaw on March 18
Next.js version 15.2.3 has been released to address a security vulnerability (CVE-2025-29927). zhero_web_security : Next.js and the corrupt middleware: the authorizing artifact National Vulnerability ...
The US FTC orders Marriott and Starwood to implement a robust customer data security scheme after Starwood's 2014 to 2018 breaches and Marriott's 2018 breach
Bill Toulas / BleepingComputer :
The US DOJ charges two Russians for operating $1B+ money laundering services for cybercriminals; one is accused of operating the Joker's Stash marketplace
Bill Toulas / BleepingComputer :
A Telegram for Android zero-day, patched on July 11, let attackers send malicious Android APK payloads as video files; the exploit was for sale from June 6
Bill Toulas / BleepingComputer :
AT&T says it will begin notifying consumers about a data breach where cybercriminals stole phone records of “nearly all” of its cellular and landline customers
Item 1.05 Material Cybersecurity Incidents. On April 19, 2024, AT&T Inc. … AT&T : AT&T Addresses Illegal Download of Customer Data CNN : Nearly all AT&T cell customers' call and text records exposed ...
Infosys McCamish Systems, which provides consulting, IT, and outsourcing services, says LockBit stole sensitive info of 6M+ people in a 2023 ransomware attack
Bill Toulas / BleepingComputer :