Pulse of Truth

In his talk for this year’s annual open source conference FOSDEM, Curl creator Daniel Stenberg promised to show his audience The post Curl’s Daniel Stenberg on Securing 180,000 Lines of C Code appeared first on The New Stack.

Francisco Rodrigues / CoinDesk: DefiLlama: Bybit experienced a “bank run” of over $4B after the ~$1.5B hack, leading to a ~$5.5B total outflow; CEO says “about 50%” of funds were withdrawn  —  Major cryptocurrency exchange Bybit has seen total outflows of over $5.5 billion after it suffered …

Google continues its rollout of gradually disabling uBlock Origin and other Manifest V2-based extensions in the Chrome web browser as part of its efforts to push users to Manifest V3-based extensions. [...]

Meta’s copyright defense may hinge on court ignorance of torrenting terminology.

Legal discovery targets names of Altice users hit with copyright notices.

Report sheds new light on the tactics allowing attackers to move at breakneck speed.

Experts warn that the carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards. D3 Lab researchers reported that on February 19, 2025, the carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards. Experts speculate that B1ack’s Stash used the free card release as a marketing strategy. The […]

HP rescinds European support call strategy due to "feedback."

Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets. [...]

Microsoft’s quantum chip engineers just discovered a brand new state of matter, and Bitcoin’s security could get lost in the flux. The post Microsoft’s new state of matter is a quantum threat to bitcoin appeared first on Protos.

Users will now be more vulnerable to data breaches from bad actors, Apple says, after Home Office orderBusiness live – latest updatesApple has taken the unprecedented step of removing its strongest data security tool from customers in the UK, after the government demanded “backdoor” access to user data.UK users will no longer have access to the advanced data protection (ADP) tool, which uses end-to-end encryption to allow only account holders to view items such as photos or documents they have stored online in the iCloud storage service. UK users will now be more vulnerable to data breaches from bad actors, and other threats to customer privacy, Apple said. It will also mean that all data is accessible by Apple, which can share it with law enforcement if they have a warrant. Continue reading...

Pegasus spyware, once considered a tool for targeting journalists and activists—is now being deployed against executives in the private sector, including finance, real estate, and logistics.  In a December 2024 investigation, 11 new Pegasus infections were detected among 18,000 devices scanned globally, signaling a shift in espionage tactics toward corporate espionage.  The findings, detailed in […] The post Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors appeared first on Cyber Security News.

Don't think this is SaaS and you can relax: Redmond wants a few of you to check your websites Microsoft has fixed a security flaw in its Power Pages website-building SaaS, after criminals got there first – and urged users to check their sites for signs of exploitation.…

Researchers say there's dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data Hundreds of thousands of internal messages from the Black Basta ransomware gang were leaked by a Telegram user, prompting security researchers to bust out their best Russian translations post haste.…

An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. [...]

Are you scared to walk down the streets of NYC and also have too much money? There's an app for that.

The third quarter of 2024 saw a dramatic shift in the types of malware detected at network perimeters, according to a new WatchGuard report. The report’s key findings include a 300% increase quarter over quarter of endpoint malware detections, highlighted by growing threats that exploit legitimate websites or documents for malicious purposes as threat actors turn to more social engineering tactics to execute their attacks. While Microsoft documents like Word and Excel have long been … More → The post 300% increase in endpoint malware detections appeared first on Help Net Security.

Bug bounty programs, where external agents are invited to search and report vulnerabilities (bugs) in exchange for rewards (bounty), have become a major tool for companies to improve their systems. We suggest augmenting such programs by inserting artificial bugs to increase the incentives to search for real (organic) bugs. Using a model of crowdsearch, we identify the efficiency gains by artificial bugs, and we show that for this, it is sufficient to insert only one artificial bug. Artificial bugs are particularly beneficial, for instance, if the designer places high valuations on finding organic bugs or if the budget for bounty is not sufficiently high.

[...]

Yet, as prizes paid for finding artificial and organic bugs may optimally differ, the designer may want to prove to the finders of the artificial bug, or even to all participants, that an artificial bug found was indeed inserted on purpose and was artificially designed by the designer at the start of the bug bounty program. Even more importantly, if the artificial bug is not found during the crowdsearch, it is important that the designer can prove that an artificial bug has been inserted before the crowdsearch started. This would ensure, or reaffirm, the credibility of the bug bounty program with artificial bugs.

A flea market buyer found medical information about hundreds of patients on second hand decommissioned hard drives.

A contractor for the Air Force and other government agencies wanted to get a good deal on some Graykeys from us (we're journalists FYI).

Half of engineers don’t strongly trust the data they rely on the most in their central system of record, according The post 50% of Engineers Lack Trust in the Data They Rely on Most appeared first on The New Stack.

A new report cites text messages that appear to show the crypto mogul bragging about exerting some sort of control over the Argentinian leader.

The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. [...]

Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.