Privacy
-
ChatGPhish flaw can turn ChatGPT summaries into phishing lures
Researchers disclosed ChatGPhish, a ChatGPT flaw that can render malicious links, images and QR codes inside summaries of web pages. The technique may leak browser details and create a new phishing surface during normal browsing.
-
Google Chrome rolls out cookie theft protection for all users
Google said Chrome’s Device Bound Session Credentials feature is now generally available and rolling out to all users. The change is designed to bind session cookies to a device and make stolen cookies harder to reuse for account takeovers.
-
Fake LinkedIn emails abuse Adobe service in phishing campaign
A phishing campaign is using fake LinkedIn business emails and Adobe Target to hide credential theft, with attackers disguising HTML attachments as PDFs and redirecting victims to a real LinkedIn page after login.
-
Apple releases quantum-resistant cryptographic code and verification tools
Apple has released quantum-resistant cryptographic code and verification tools for its corecrypto library, including ML-KEM and ML-DSA. The company said the work found a bug that could have broken digital signatures.
-
Europol says it took down First VPN in cybercrime crackdown
European authorities shut down First VPN, a service used by cybercriminals to hide activity, and arrested the alleged administrator in Ukraine, Europol said. Officials also seized servers and domains and identified thousands of users linked to crime.
-
Ukraine says it identified 18-year-old suspect in infostealer case tied to 28,000 accounts
Ukraine said it identified an 18-year-old suspect in Odesa in an infostealer case tied to 28,000 customer accounts, with 5,800 used for unauthorized purchases totaling about $721,000.
-
Google adds Android intrusion logging to help investigate spyware attacks
Google introduced an opt-in Android intrusion logging feature for suspected spyware cases. The encrypted logs are stored for 12 months, can be downloaded by users, and are rolling out to devices with the Android 16 December update and later.
-
Skoda says customer data stolen in online shop breach
Škoda Auto said attackers breached its online shop, stole customer personal data and accessed login credentials after exploiting a software flaw. The company said payment card details were not stored on the compromised systems.
-
Instructure reaches ransom agreement after Canvas data breach
Instructure said it reached an agreement with an unauthorized actor after a Canvas breach that exposed data tied to thousands of schools and universities, including about 275 million records. The company said stolen data was returned and no customers will be separately extorted.
-
Apple adds beta end-to-end encryption to RCS chats in iOS 26.5
Apple released iOS 26.5 with beta end-to-end encryption for RCS chats on iPhone and Android, enabled by default for supported users. The update also fixes more than 50 vulnerabilities in iOS and iPadOS.
