account security
-
SEC Charges Multiple Firms Over $14 Million Artificial Intelligence Crypto Scam
The U.S. Securities and Exchange Commission has charged several firms and investment clubs in an alleged AI-themed cryptocurrency scam that defrauded retail investors of more than $14 million, accusing operators of using WhatsApp groups and fake trading platforms to solicit funds.
-
Critical vulnerability in n8n workflow platform could allow code execution (CVE-2025-68613)
A critical vulnerability in the n8n workflow automation platform (CVE-2025-68613) with a CVSS score of 9.9 could allow authenticated users to trigger arbitrary code execution; patches are available and Censys reports over 103,000 potentially vulnerable instances.
-
SEC asks court to dismiss lawsuit against SolarWinds and its CISO
The SEC moved to voluntarily dismiss its enforcement action against SolarWinds and CISO Timothy G. Brown on Nov. 20, 2025. The agency had accused the company of overstating cybersecurity practices and failing to disclose risks related to the 2020 supply‑chain compromise, but many allegations were previously dismissed by a federal court.
-
Meta gives researchers a WhatsApp Research Proxy and tightens anti-scraping protections
Meta has given selected bug bounty researchers access to a WhatsApp Research Proxy and launched a pilot to study platform abuse, while adding anti‑scraping protections after a public report showed how contact discovery could be abused to enumerate accounts at scale. Meta also patched a Unity‑related vulnerability affecting Quest devices and said it has paid…
-
Python Software Foundation withdraws $1.5M NSF proposal over DEI restriction
The Python Software Foundation has withdrawn a $1.5 million NSF grant proposal after the agency attached a clause barring recipients from operating programs that “advance or promote diversity, equity, and inclusion,” a condition the PSF said conflicts with its mission.
-
High-severity cache-poisoning vulnerability in BIND 9; patches issued after PoC published
CVE-2025-40778 is a high-severity cache-poisoning vulnerability in BIND 9 that can allow remote attackers to inject forged DNS records. Proof-of-concept code is public and fixed versions are available; administrators are urged to apply patches immediately.
-
Google denies reports that 183 million Gmail accounts were breached
Google said reports that 183 million Gmail accounts were breached are false; the dataset cited appears to be an aggregation of infostealer-sourced credentials shared with Have I Been Pwned, and users are advised to enable two-step verification, use passkeys and change exposed passwords.
-
Meta launches new anti-scam tools for WhatsApp and Messenger
Meta introduced new scam-detection features for Messenger and warnings for WhatsApp to help users spot and avoid scams, said the company, and reported disabling nearly 8 million accounts linked to scam centers while removing more than 21,000 impersonating Pages and accounts.
-
Researchers Say YoLink Smart Hub Vulnerabilities Could Let Attackers Control Locks
Researchers at Bishop Fox have disclosed multiple vulnerabilities in the YoLink Smart Hub v0382 that can bypass authorization, expose credentials over unencrypted MQTT, and allow attackers to control devices including smart locks; the manufacturer has not yet issued a patch.
-
GitHub outlines changes to harden npm after self-replicating worm incident
GitHub said a self-replicating “Shai-Hulud” worm compromised maintainer accounts and injected malicious post-install scripts into npm packages, and outlined changes including required 2FA, short-lived granular tokens and trusted publishing to harden npm’s supply chain.
