consumer

DeepSeek’s popularity exploited by malware peddlers, scammers
As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of …

The U.S. Cyber Trust Mark set to launch
The White House has announced the launch of the U.S. Cyber Trust Mark, a voluntary cybersecurity labeling program for consumer-grade internet-connected devices. “The …

Consumers wrongly attribute all data breaches to cybercriminals
Breaches in 2024 had less impact on consumers’ trust in brands compared to the previous year (a 6.5% decrease from 62% in 2023 to 58% in 2024), according to a recent Vercara …

Black Friday shoppers targeted with thousands of fraudulent online stores
Building fake, fraudulent online stores has never been easier: fraudsters are registering domain names for a pittance, using the SHOPYY e-commerce platform to build the …

FBI forced Flax Typhoon to abandon its botnet
A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director …

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute …

Malware peddlers love this one social engineering trick!
Attackers are increasingly using a clever social engineering technique to get users to install malware, Proofpoint researchers are warning. The message warns of a problem but …

361 million account credentials leaked on Telegram: Are yours among them?
A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials …

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on …

Microsoft, Google widen passkey support for its users
Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out …

UK enacts IoT cybersecurity law
The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop …

Apps secretly turning devices into proxy network nodes removed from Google Play
Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and …
Featured news
Resources
Don't miss
- The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance
- Over 3 million Fortune 500 employee accounts compromised since 2022
- CISOs and boards see things differently
- It’s time to secure the extended digital supply chain
- SysReptor: Open-source penetration testing reporting platform