Security This Week

Anthropic ditches its core safety promise in the middle of an AI red line fight with the Pentagon

Exploitable Flaws Found in Cloud-Based Password Managers

iPhone Lockdown Mode is so good even the FBI can't crack it

Hacking Moltbook: The AI Social Network Any Human Can Control

How to get Doom running on a pair of earbuds

New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale

New China Linked VoidLink Linux Malware Targets Major Cloud Providers

ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants

MongoDB warns admins to patch severe vulnerability immediately

PornHub extorted after hackers steal Premium member activity data

Attackers hit React defect as researchers quibble over proof

An ingenious Apple Service hoax is convincing users their account is under attack

Anthropic claims of Claude AI-automated cyberattacks met with doubt

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

No one pays ransomware demands anymore - so attackers have a new goal. Also: Ransomware Surge in Europe: Cybercriminals Exploit GDPR Penalties, Target Key Sectors

AWS crash causes $2,000 Smart Beds to overheat and get stuck upright

Skynet-1A: Military Spacecraft Launched 56 Years Ago Has Been Moved By Persons Unknown

Carl, Duane, and Patrick recorded this week's episode in front of a live audience at CyberSecurity Intersection, a cyber conference held at Universal Studio in Orlando, FL the week of October 5.

Japan's beer giant Asahi Group cannot resume production after cyberattack

U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

Hackers left empty-handed after massive NPM supply-chain attack

Salt Typhoon pwned 'nearly every American'

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

Security researcher driven by free nuggets unearths McDonald's security flaw — changing 'login' to 'register' in URL prompted site to issue plain text password for a new account

BitUnlocker – Multiple 0-days to Bypass BitLocker and Extract All Protected Data

Federal court filing system hit in sweeping hack

Minnesota National Guard activated, state of emergency declared after cyberattack against St. Paul

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

Russian alcohol retailer WineLab closes stores after ransomware attack

Call of Duty: WW2 pulled from PC following reports of remote code exploit trolling players with 'Notepad pop-ups, PC shutdowns' and desktop wallpaper of a lawyer

Quantum tech is coming — and with it a risk of cyber doomsday

Russian hackers bypass Gmail MFA using stolen app passwords.

https://www.malwarebytes.com/blog/news/2025/06/google-bug-allowed-phone-number-of-almost-any-user-to-be-discovered

BADBOX 2.0 Android malware infects millions of consumer devices

Meta found 'covertly tracking' Android users through Instagram and Facebook

Signal says no to Windows 11's Recall screenshots

Chinese ‘kill switches' found hidden in US solar farms

You can now submit your claims for Apple's $95 million Siri spying settlement

Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Funding Expires for Key Cyber Vulnerability Database

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Protect Yourself from Identity Theft and Fraud

National Security Officials Were Warned in February That Signal Was Vulnerable to Attack

Millions Of RSA Keys Expose Serious Flaws That Can Be Exploited