Cybersecurity

Smashing Security podcast #428: Red flags, leaked chats, and a final farewell 

Smashing Security podcast #428: Red flags, leaked chats, and a final farewell 

The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself – after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes.

Plus, Carole takes us down memory lane as she hangs up her co-host mic after 428 glorious episodes. Expect tea, tears, and Tom Lehrer.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Scammers Unleash Flood of Slick Online Gaming Sites 

Scammers Unleash Flood of Slick Online Gaming Sites 

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps 

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps 

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets.
The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant 

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant 

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free.
“Because the ransomware is now considered dead, we released the decryptor for public download,” Gen Digital researcher Ladislav Zezula said.
FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according to data from

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits 

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits 

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices.
“The flaws, affecting the device’s ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,”

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools 

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools 

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities.
The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to

Product Walkthrough: A Look Inside Pillar’s AI Security Platform 

Product Walkthrough: A Look Inside Pillar’s AI Security Platform 

In this article, we will provide a brief overview of Pillar Security’s platform to better understand how they are tackling AI security challenges.
Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new ways of detecting AI threats, beginning

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome 

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome 

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month.
The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components that could result in a sandbox escape via

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero 

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero 

Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks.
DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims’ accounts and gain

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware 

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware 

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025.
“Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to Auto-Color

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X