HHS Releases Updated Security Risk Assessment Tool
From HHS OCR:
Brazil lesbian dating app shuts down after security flaw exposes sensitive user data
The Record reports: A Brazilian dating app marketed as a safe space for lesbian women shut down this week after several users uncovered a flaw that reportedly could expose sensitive data, including identity verification photos. Sapphos, which launched in early September, required users to verify their identity by submitting a selfie holding a government-issued ID. But on […]
Burger King hacked, systems described as ‘solid as a paper Whopper wrapper in the rain’; Tim Hortons and Popeyes hacked too
What happens when you don’t acknowledge ethical hackers? Sometimes nothing, but sometimes you get a lot of negative coverage. Tom’s Hardware reports: Ethical hackers BobDaHacker and BobTheShoplifter have detailed their claim that they uncovered “catastrophic” vulnerabilities in multiple platforms hosted by Restaurant Brands International (RBI). While RBI may not be a very familiar name, this […]
CISA warns of Apple zero-day used in targeted cyberattacks
The Record reports: A recently disclosed vulnerability affecting Apple products has prompted an order for government organizations to patch the bug. The Cybersecurity and Infrastructure Security Agency (CISA) gave civilian federal agencies until September 11 to implement a fix for CVE-2025-43300 — a vulnerability affecting popular brands of Apple phones, iPads and Macbooks. Apple said on Wednesday that […]
Intel Websites Exploited to Hack Every Intel Employee and View Confidential Data
Cyber Security News reports: A series of critical vulnerabilities across multiple internal Intel websites allowed for the complete exfiltration of the company’s global employee database and access to confidential supplier information. The flaws, stemming from basic security oversights, exposed the personal details of over 270,000 Intel employees and workers. The investigation from Eaton Works revealed […]
In pitch to hacker community, Trump’s NSC cyber lead says AI key to future of cyberdefense
NextGov reports: At DEF CON, Alexei Bulazel said AI-powered tools will give software developers “incredible abilities” to harden networks by adding multilayered checks to the code-scanning process and catching flaws that might otherwise slip through. In the next era of cybersecurity, the best defensive tool may be a line of AI-assisted code, according to President […]
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
“Hey, no fair!” reports Mashable: Windows users should think about reinforcing their antivirus software. And while Microsoft Defender should provide a line of defense against ransomware, a new report claims that hackers have found a way to get around the ransomware tool to infect PCs with ransomware. A GuidePoint Security report (via BleepingComputer) found that hackers are using Akira […]
SonicWall investigates ‘cyber incidents,’ including ransomware targeting suspected 0-day
The Register reports: SonicWall on Monday confirmed that it’s investigating a rash of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs. “SonicWall is actively investigating a recent increase in reported cyber incidents involving a number of Gen 7 firewalls running various firmware versions with […]
Sex toy maker Lovense left millions of users vulnerable to email ID leaks, account takeovers
The Indian Express reports: A cybersecurity researcher has identified critical vulnerabilities in an app developed by sex toy manufacturer Lovense that not only exposed the private email addresses of users but also enabled threat actors to hijack a user’s account on the platform. The anonymous researcher published their findings about the two in-app security flaws […]
Critical SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers (Updated)
The Hacker News reports: A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an “active, large-scale” exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49704 (CVSS score: 8.8), a code injection and remote code execution bug in Microsoft SharePoint Server that was […]