Unidentified attackers apparently extracted data via a poorly secured API and then deleted it, affecting thousands of photographers and their customers.
The Megalodon campaign infiltrated over 5,700 GitHub repositories with malicious CI/CD workflows and stole sensitive credentials, using fake identities and hidden Base64 payloads to harvest cloud credentials, SSH keys, and API keys at scale.
Security vulnerabilities in Windows drivers can be exploited without the original hardware, facilitating BYOVD attacks to disable security systems, with new analysis demonstrating how hardware-gating can be bypassed and presenting a significant security risk.
Developers have closed security vulnerabilities in Apache Airflow CNCF Kubernetes Provider and Apache Airflow Amazon Provider, which allow attackers to access and manipulate the database following successful attacks.
Exa, Modal and TurboPuffer become AI infrastructure unicorns, demonstrating the strategic value of focused infrastructure solutions for productivity and performance.
Unsubstantiated claims have circulated in the US for months alleging that WhatsApp can access completely encrypted content, and Texas has now filed a lawsuit.
Cox Media Group, MindSift, and 1010 Digital must pay the FTC nearly one million dollars for deceiving customers with an “Active Listening” AI advertising solution that supposedly eavesdropped on conversations but merely resold purchased email lists without user consent.
Trump postponed an AI regulation after intervention by David Sacks, who argued that voluntary federal model testing would stifle innovation and enlarge China’s advantage.