The Balancer Protocol suffered a $128 million exploit in its V2 pools due to a precision rounding error. While the team investigates, a phishing attempt offered the hacker a “white-hat bounty” to return funds. Despite audits, crypto heists, like this Balancer hack, remain a challenge, with North Korea leading the threat board.

Law enforcement agencies across the U.S. have made hundreds of Flock Safety searches using terms like “Roma” and “g*psy,” often with no crime mentioned. This perpetuates harmful stereotypes and systemic racism, transforming license plate readers into tools of discriminatory policing. It’s time to audit these searches and hold agencies accountable.

Apple and Google’s app store control is old news, but governments now play the same game, pressuring these tech giants into compliance. With Google’s new developer registration program, it’s like a VIP lounge for app makers—if VIP stands for Very Intrusive Process. Taking back control of tech has never been more urgent.

Hackers hack truckers by using remote monitoring and management tools to swipe cargo and run off with truckloads of goods. These cyber bandits infiltrate freight companies, bid on shipments, and intercept the loads. It’s a digital heist on wheels, turning trucking into a high-stakes game of catch the cargo crook.

SleepyDuck, a mischievous remote access trojan, disguises itself as a popular Solidity extension on Open VSX. Using an Ethereum smart contract, it remains active even if its main server is taken down. With over 53,000 downloads, this crafty malware highlights the importance of vigilance when downloading extensions from open-source registries.

EFF seeks a visionary leader to fill the shoes of Cindy Cohn and navigate the stormy seas of tech and law. If you’ve got the strategic chops and a knack for keeping the internet free from authoritarian creepiness, this might be your calling! Help us find our next executive director and keep EFF’s legacy alive.

Yuriy Rybtsov, also known as MrICQ, a suspected Jabber Zeus developer, was extradited from Italy to the US to face cybercrime charges. After a decade-long global chase, he is now in a Nebraska prison. The Jabber Zeus gang allegedly stole millions from victims’ accounts using the Zeus banking trojan.

The Cybersecurity Startup Accelerator is back! Cloud and AI security startups have two weeks to apply for this golden opportunity. Fast-track access to investors and mentors from AWS, CrowdStrike, and Nvidia awaits. Don’t miss your shot at glory; applications close November 15!

Nawaat’s suspension is a bureaucratic sucker punch to free speech, slipping a shutdown order under the door like a passive-aggressive roommate. This isn’t just a hiccup; it’s a warning shot, an authoritarian sneak attack with Decree 88 as the weapon of choice. The silencing of Nawaat sends shivers down democracy’s spine.

Online scams are now the unofficial national sport, with text scam losses soaring to $470 million in 2024. Enter the Cyber Civic Engagement program, aiming to transform everyday folks into cybersecurity superheroes. Because let’s face it, the internet shouldn’t feel like a haunted house ride.

Microsoft security researchers have stumbled upon a backdoor malware, SesameOp, that cleverly uses the OpenAI Assistants API as a covert command-and-control channel. It’s like the malware equivalent of whispering in your ear while pretending to be a helpful assistant.

Cybersecurity researchers identified a new malicious extension, SleepyDuck, in the Open VSX registry, targeting Solidity developers. The extension cunningly updates its command and control address using an Ethereum contract, giving hackers more control than a toddler with a remote. This discovery adds another quack to the malware pond.

Operation ForumTroll: where phishing emails and zero-day exploits team up to ruin your day. Dante, the surveillance tool, is like a bad penny from Memento Labs, the artist formerly known as Hacking Team. With a name like ForumTroll APT, you’d think they’d be trolling forums, not governments.

Cybercriminals are back in style, reviving old-school cargo heists with a digital twist. Proofpoint researchers reveal how these crooks are teaming up with organized crime groups to swipe goods in transit. By hacking broker load boards, they lure logistics companies into bidding on fake loads, only to redirect shipments their way.

Three former employees have been indicted for allegedly hacking five U.S. companies in BlackCat ransomware attacks. The trio, including a former ransomware negotiator and incident response manager, could face up to 30 years in prison. Who knew negotiating with ransomware could lead to such a lengthy “contract”?

Yuriy Igorevich Rybtsov, alleged Jabber Zeus developer, has been extradited to the US. Known as MrICQ, he’s accused of helping the cybercrime group siphon millions through fraudulent bank transfers. Looks like Italy couldn’t keep this Zeus in their pantheon!

The US Cybersecurity and Infrastructure Security Agency has released Microsoft Exchange Server Security Best Practices guidance. This blueprint aims to fortify server environments by limiting unauthorized access points, enabling multi-factor authentication, and embracing zero-trust principles. Because, let’s face it, trusting everything on the internet is like trusting a cat with a goldfish.

Threat actors are targeting freight brokers with malicious emails to deploy RMM tools like ScreenConnect. Their aim? Hijack cargo and make off with the goods like modern-day digital pirates. Proofpoint reports nearly two dozen campaigns since August, each sending up to a thousand messages. It’s cargo theft, but with a high-tech twist!

AI’s impact on security is a pressing concern, as even the best LLMs can generate flawed code two-thirds of the time. Over-relying on AI with minimal human oversight creates a false sense of security, increasing risk. Developers must stay vigilant and prioritize accountability to prevent AI-assisted code from becoming a villain in disguise.

Uncovering Windows Graphics Device Interface flaws is like finding a surprise in a cereal box, but instead of a toy, it’s a potential security breach! Crafty EMF+ files could spell trouble, making Microsoft’s patches the hero of the day, saving systems from remote code execution and information disclosure.