https://localmess.github.io/ We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes. These native Android apps receive browsers’ metadata, cookies and commands from the Meta Pixel Read more about Meta, yandex caught spying on android users web activity using Covert Web-to-App Tracking via unprotected Localhost since 2017[…]

A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in billions from companies, Read more about Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump[…]

If you use the internet, you’ve probably had at least some personal information go missing. It’s just the nature of the web. But this latest discovery, as reported by Wired, is something different. Security researcher Jeremiah Fowler found a public online database housing over 180 million records (184,162,718 to be exact) which amounted to more Read more about Someone Found Over 180 Million User Records for all kinds of platforms in an Unprotected Online Database[…]

A “significant amount of personal data” belonging to legal aid applicants dating back to 2010 in the UK was stolen by cybercriminals, the Ministry of Justice (MoJ) confirmed today. The announcement follows the initial news from May 6 of an attack on the UK’s Legal Aid Agency (LAA), an MoJ-sponsored organization that allows legal aid Read more about UK Legal Aid Agency attack involved ‘significant’ data theft[…]

Data breaches are most often the work of external bad actors, but sometimes the call comes from inside the house. Cryptocurrency exchange Coinbase has disclosed that hackers paid off support agents—both employees and contractors located outside the U.S.—who had access to company systems to provide customer data and then demanded a $20 million ransom not Read more about Three Steps Coinbase Users Should Take After a Hack (bribe of support agents) Compromised One Million Accounts[…]

GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure. “On May 5, 2025, Global Crossing Airlines Group learned of unauthorized activity within its computer networks and systems supporting portions of its business applications, which the company determined to be the result of a cybersecurity incident,” Read more about Charter airline helping Trump’s deportation campaign pwned[…]

TeleMessage, a communications app used by former Trump national security adviser Mike Waltz, has suspended services after a reported hack exposed some user messages. The breach follows controversy over Waltz’s use of the app to coordinate military updates, including accidentally adding a journalist to a sensitive Signal group chat. From the report: In an email, Read more about Messaging App Used by Mike Waltz, Trump Deportation Airline GlobalX Both Hacked in Separate Breaches[…]

In a recent discovery, SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor publicized a database allegedly belonging to Boulanger Electroménager & Multimédia purportedly exposing 5 Million of their customers. What is Boulanger Electroménager & Multimédia? Boulanger Electroménager & Multimédia is a French company that specializes in the sale of Read more about 1 Million customers from French Boulanger’s Customers Exposed Online for free[…]

[…]The IT break-in occurred between April 20 and April 22, last year, according to a notification filed this month with the US state’s attorney general’s office. California Cryobank spotted unauthorized activity on certain computers on April 21, isolated the affected machines, and launched an investigation. The sperm bank hasn’t disclosed how many individuals were affected, Read more about Personal info feared stolen from sperm bank California Crybank[…]

The Pennsylvania State Education Association (PSEA) says a July 2024 “security incident” exposed sensitive personal data on more than half a million individuals, including financial and health info. The nonprofit, which represents more than 178,000 education professionals in the US state of Pennsylvania, confirmed data was stolen during a July 6 attack. According to The Read more about Cyberattack on nonprofit affects over 500k PA school workers[…]

According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high Read more about Thousands of TP-Link routers have been infected by a botnet to spread malware[…]

As explained by the researchers in a blog post, they have essentially found a way to turn any device such as a phone or laptop into an AirTag “without the owner ever realizing it.” After that, hackers could remotely track the location of that device. […] Although AirTag was designed to change its Bluetooth address Read more about Apple’s Find My exploit lets hackers track any Bluetooth device[…]

Cryptocurrency exchange Bybit has experienced $1.46 billion worth of “suspicious outflows,” according to blockchain sleuth ZachXBT. The wallet in question appears to have sent 401,346 ETH ($1.1 billion) as well as several other iterations of staked ether (stETH) to a fresh wallet, which is now liquidating mETH and stETH on decentralized exchanges, etherscan shows. The Read more about Bybit Loses $1.5B in Hack of single cold wallet[…]

Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip Read more about Apple chips can be hacked to leak secrets from Gmail, iCloud, and more in a browser[…]

Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday. The journalists and other civil society members were being alerted of a possible breach of their devices, with Read more about WhatsApp says journalists and civil society members were targets of Israeli spyware[…]

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data. The non-profit organization provides primary medical, dental, and mental health services to more than 145,000 active patients. CHC said in a Thursday filing with Maine’s attorney general that unknown Read more about US healthcare provider data breach impacts 1 million patients[…]