The single sign-on account hijacking threat and what can we do about it?
Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …
Phishers targeting LinkedIn users via hijacked accounts
A new phishing campaign has been spotted hitting LinkedIn users via direct messages and the LinkedIn InMail feature. They are sent from legitimate LinkedIn Premium accounts …
Telecoms don’t protect users from government overreach
The data stored on our mobile phones, laptops, and especially our online services can, when aggregated, paint a detailed picture of our lives—where we go, who we see, what we …
Fake LinkedIn emails phishing job seekers
Fake LinkedIn emails are hitting inboxes, trying to get recipients to hand over their CVs. The scammers are trying to impersonate the popular employment-oriented social …
Locky hidden in image file hitting Facebook, LinkedIn users
Malware masquerading as an image file is still spreading on Facebook, LinkedIn, and other social networks. Check Point researchers have apparently discovered how cyber crooks …
Fake executive social media accounts threaten enterprises
New research has uncovered numerous duplicative Twitter and LinkedIn accounts among Fortune 500 leaders, raising concerns about potential security vulnerabilities. Analysts at …
Stolen LinkedIn data used in malware campaign hitting European users
European LinkedIn users are being targeted with highly personalized malicious emails. It is more than likely that the attackers are misusing the compromised LinkedIn user data …
LinkedIn users’ data on sale on the dark web
A hacker has put up a batch of info about 167 million LinkedIn accounts for sale on dark web marketplace The Real Deal. Of these, some 117 million records contain email …
Fake recruiters on LinkedIn are targeting infosec pros
“There’s a group of fake recruiters on LinkedIn mapping infosec people’s networks. Not sure what their goal is yet, just a heads-up to others,” …
Users force LinkedIn to bring back connections download tool used by scrapers
LinkedIn users have rejected a new data export process set up by the company, which would allow them to export their connections’ information with a delay of 24 or, …
Why LinkedIn chose to keep its bug bounty program private
Bug bounty programs have become de rigueur for tech and Internet companies that want to improve the security of their products by (partly) outsourcing bug discovery. But while …
Researchers create searchable database of intelligence operators
The researchers behind Transparency Toolkit, a venture whose goal is to develop source software to collect and analyze publicly available data on surveillance and human rights …
Featured news
Resources
Don't miss
- $20 per zero-day is already the WordPress plugin reality
- Deleted Google API keys keep working for up to 23 minutes, researchers warn
- Meet Fractal, an OS made for microarchitecture reverse engineering
- Microsoft open-sources tools for designing and testing AI agents
- GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise