An anonymous reader quotes a report from BleepingComputer: The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. The BADBOX botnet is commonly found on Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices. "The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," warns the FBI.

These devices come preloaded with the BADBOX 2.0 malware botnet or become infected after installing firmware updates and through malicious Android applications that sneak onto Google Play and third-party app stores. "Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process," explains the FBI. "Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services4 known to be used for malicious activity."

Once infected, the devices connect to the attacker's command and control (C2) servers, where they receive commands to execute on the compromised devices, such as [routing malicious traffic through residential IPs to obscure cybercriminal activity, performing background ad fraud to generate revenue, and launching credential-stuffing attacks using stolen login data]. Over the years, the malware botnet continued expanding until 2024, when Germany's cybersecurity agency disrupted the botnet in the country by sinkholing the communication between infected devices and the attacker's infrastructure, effectively rendering the malware useless. However, that did not stop the threat actors, with researchers saying they found the malware installed on 192,000 devices a week later. Even more concerning, the malware was found on more mainstream brands, like Yandex TVs and Hisense smartphones. Unfortunately, despite the previous disruption, the botnet continued to grow, with HUMAN's Satori Threat Intelligence stating that over 1 million consumer devices had become infected by March 2025. This new larger botnet is now being called BADBOX 2.0 to indicate a new tracking of the malware campaign. "This scheme impacted more than 1 million consumer devices. Devices connected to the BADBOX 2.0 operation included lower-price-point, 'off brand,' uncertified tablets, connected TV (CTV) boxes, digital projectors, and more," explains HUMAN.

"The infected devices are Android Open Source Project devices, not Android TV OS devices or Play Protect certified Android devices. All of these devices are manufactured in mainland China and shipped globally; indeed, HUMAN observed BADBOX 2.0-associated traffic from 222 countries and territories worldwide."

OpenAI said it disrupted several attempts [non-paywalled source] from users in China to leverage its AI models for cyber threats and covert influence operations, underscoring the security challenges AI poses as the technology becomes more powerful. From a report: The Microsoft-backed company on Thursday published its latest report on disrupting malicious uses of AI, saying its investigative teams continued to uncover and prevent such activities in the three months since Feb. 21.

While misuse occurred in several countries, OpenAI said it believes a "significant number" of violations came from China, noting that four of 10 sample cases included in its latest report likely had a Chinese origin. In one such case, the company said it banned ChatGPT accounts it claimed were using OpenAI's models to generate social media posts for a covert influence operation. The company said a user stated in a prompt that they worked for China's propaganda department, though it cautioned it didn't have independent proof to verify its claim.

An anonymous reader quotes a report from Bloomberg: Corporate investigators found evidence that Chinese hackers broke into an American telecommunications company in the summer of 2023, indicating that Chinese attackers penetrated the US communications system earlier than publicly known. Investigators working for the telecommunications firm discovered last year that malware used by Chinese state-backed hacking groups was on the company's systems for seven months starting in the summer of 2023, according to two people familiar with the matter and a document seen by Bloomberg News. The document, an unclassified report sent to Western intelligence agencies, doesn't name the company where the malware was found and the people familiar with the matter declined to identify it.

The 2023 intrusion at an American telecommunications company, which hasn't been previously reported, came about a year before US government officials and cybersecurity companies said they began spotting clues that Chinese hackers had penetrated many of the country's largest phone and wireless firms. The US government has blamed the later breaches on a Chinese state-backed hacking group dubbed Salt Typhoon. It's unclear if the 2023 hack is related to that foreign espionage campaign and, if so, to what degree. Nonetheless, it raises questions about when Chinese intruders established a foothold in the American communications industry. "We've known for a long time that this infrastructure has been vulnerable and was likely subject to attack," said Marc Rogers, a cybersecurity and telecommunications expert. "What this shows us is that it was attacked, and that going as far back as 2023, the Chinese were compromising our telecom companies." Investigators linked the sophisticated rootkit malware Demodex to China's Ministry of State Security, noting it enabled deep, stealthy access to systems and remained undetected on a U.S. defense-linked company's network until early 2024.

A Chinese government spokesperson denied responsibility for cyberattacks and accused the U.S. and its allies of spreading disinformation and conducting cyber operations against China.

Morgan Stanley has deployed an in-house AI tool called DevGen.AI that has reviewed nine million lines of legacy code this year, saving the investment bank's developers an estimated 280,000 hours by translating outdated programming languages into plain English specifications that can be rewritten in modern code.

The tool, built on OpenAI's GPT models and launched in January, addresses what Mike Pizzi, the company's global head of technology and operations, calls one of enterprise software's biggest pain points -- modernizing decades-old code that weakens security and slows new technology adoption. While commercial AI coding tools excel at writing new code, they lack expertise in older or company-specific programming languages like Cobol, prompting Morgan Stanley to train its own system on its proprietary codebase.

The tool's primary strength, the bank said, lies in creating English specifications that map what legacy code does, enabling any of the company's 15,000 developers worldwide to rewrite it in modern programming languages rather than relying on a dwindling pool of specialists familiar with antiquated coding systems.

An anonymous reader quotes a report from The Register: In a nod to European customers' growing mistrust of American hyperscalers, Amazon Web Services says it is establishing a new organization in the region "backed by strong technical controls, sovereign assurances, and legal protections." Ever since the Trump 2.0 administration assumed office and implemented an erratic and unprecedented foreign policy stance, including aggressive tariffs and threats to the national sovereignty of Greenland and Canada, customers in Europe have voiced unease about placing their data in the hands of big U.S. tech companies. The Register understands that data sovereignty is now one of the primary questions that customers at European businesses ask sales reps at hyperscalers when they have conversations about new services.

[...] AWS is forming a new European organization with a locally controlled parent company and three subsidiaries incorporated in Germany, as part of its European Sovereign Cloud (ESC) rollout, set to launch by the end of 2025. Kathrin Renz, an AWS Industries VP based in Munich, will lead the operation as the first managing director of the AWS ESC. The other leaders, we're told, include a government security official and a privacy official – all EU citizens. The cloud giant stated: "AWS will establish an independent advisory board for the AWS European Sovereign Cloud, legally obligated to act in the best interest of the AWS European Sovereign Cloud. Reinforcing the sovereign control of the AWS European Sovereign Cloud, the advisory board will consist of four members, all EU citizens residing in the EU, including at least one independent board member who is not affiliated with Amazon. The advisory board will act as a source of expertise and provide accountability for AWS European Sovereign Cloud operations, including strong security and access controls and the ability to operate independently in the event of disruption."

The AWS ESC allows the business to continue operations indefinitely, "even in the event of a connectivity interruption between the AWS European Sovereign Cloud and the rest of the world." Authorized ESC staff who are EU residents will have independent access to a replica of the source code needed to maintain services under "extreme circumstances." The services will have "no critical dependencies on non-EU infrastructure," with staff, tech, and leadership all based on the continent, AWS said. "The AWS European Sovereign Cloud will have its own dedicated Amazon Route 53, providing customers with a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services," the company said. "The Route 53 name servers for the AWS European Sovereign Cloud will use only European Top Level Domains (TLDs) for their own names," added AWS. "AWS will also launch a dedicated 'root' European Certificate Authority, so that the key material, certificates, and identity verification needed for Secure Sockets Layer/Transport Layer Security certificates can all run autonomously within the AWS European Sovereign Cloud."

The Register also notes that the sovereign cloud will be "supported by a dedicated European Security Operations Center (SOC), led by an EU citizen residing in the EU." That said, the parent company "remains under American ownership and may be subject to the Cloud Act, which requires U.S. companies to turn over data to law enforcement authorities with the proper warrants, no matter where that data is stored."

An anonymous reader shares a report: Open source software used by hobbyist drones powered an attack that wiped out a third of Russia's strategic long range bombers on Sunday afternoon, in one of the most daring and technically coordinated attacks in the war. In broad daylight on Sunday, explosions rocked air bases in Belaya, Olenya, and Ivanovo in Russia, which are hundreds of miles from Ukraine. The Security Services of Ukraine's (SBU) Operation Spider Web was a coordinated assault on Russian targets it claimed was more than a year in the making, which was carried out using a nearly 20-year-old piece of open source drone autopilot software called ArduPilot.

ArduPilot's original creators were in awe of the attack. "That's ArduPilot, launched from my basement 18 years ago. Crazy," Chris Anderson said in a comment on LinkedIn below footage of the attack. On X, he tagged his the co-creators Jordi Munoz and Jason Short in a post about the attack. "Not in a million years would I have predicted this outcome. I just wanted to make flying robots," Short said in a reply to Anderson. "Ardupilot powered drones just took out half the Russian strategic bomber fleet."

ArduPilot is an open source software system that takes its name from the Arduino hardware systems it was originally designed to work with. It began in 2007 when Anderson launched the website DIYdrones.com and cobbled together a UAV autopilot system out of a Lego Mindstorms set.

Apple has filed an appeal with the European Union's General Court in Luxembourg challenging the bloc's order requiring greater iOS interoperability with rival companies' products under the Digital Markets Act. The EU executive in March directed Apple to make its mobile operating system more compatible with competitors' apps, headphones, and virtual reality headsets by granting developers and device makers access to system components typically reserved for Apple's own products.

Apple contends the requirements threaten its seamless user experience while creating security risks, noting that companies have already requested access to sensitive user data including notification content and complete WiFi network histories. The company faces potential fines of up to 10% of its worldwide annual revenue if found in violation of the DMA's interoperability rules designed to curb Big Tech market power.

An anonymous reader shared this report from The Hacker News: Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).

Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. "These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump," Saeed Abbasi, manager of product at Qualys TRU, said...

Red Hat said CVE-2025-4598 has been rated Moderate in severity owing to the high complexity in pulling an exploit for the vulnerability, noting that the attacker has to first win the race condition and be in possession of an unprivileged local account... Qualys has also developed proof-of-concept code for both vulnerabilities, demonstrating how a local attacker can exploit the coredump of a crashed unix_chkpwd process, which is used to verify the validity of a user's password, to obtain password hashes from the /etc/shadow file.
Advisories were also issued by Gentoo, Amazon Linux, and Debian, the article points out. (Though "It's worth noting that Debian systems aren't susceptible to CVE-2025-4598 by default, since they don't include any core dump handler unless the systemd-coredump package is manually installed.")

Canonical software security engineer Octavio Galland explains the issue on Canonical's blog. "If a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace... In order to successfully carry out the exploit, an attacker must have permissions to create user, mount and pid namespaces with full capabilities." Canonical's security team has released updates for the apport package for all affected Ubuntu releases... We recommend you upgrade all packages... The unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service:

- Applies new security updates every 24 hours automatically.
- If you have this enabled, the patches above will be automatically applied within 24 hours of being available.

With over 200 million people, Brazil is the world's fifth-largest country by population. Now it's testing a program that will allow Brazilians "to manage, own, and profit from their digital footprint," according to RestOfWorld.org — "the first such nationwide initiative in the world."

The government says it's partnering with California-based data valuation/monetization firm DrumWave to create "data savings account" to "transform data into economic assets, with potential for monetization and participation in the benefits generated by investing in technologies such as AI LLMs." But all based on "conscious and authorized use of personal information." RestOfWorld reports: Today, "people get nothing from the data they share," Brittany Kaiser, co-founder of the Own Your Data Foundation and board adviser for DrumWave, told Rest of World. "Brazil has decided its citizens should have ownership rights over their data...." After a user accepts a company's offer on their data, payment is cashed in the data wallet, and can be immediately moved to a bank account. The project will be "a correction in the historical imbalance of the digital economy," said Kaiser. Through data monetization, the personal data that companies aggregate, classify, and filter to inform many aspects of their operations will become an asset for those providing the data...

Brazil's project stands out because it brings the private sector and the government together, "so it has a better chance of catching on," said Kaiser. In 2023, Brazil's Congress drafted a bill that classifies data as personal property. The country's current data protection law classifies data as a personal, inalienable right. The new legislation gives people full rights over their personal data — especially data created "through use and access of online platforms, apps, marketplaces, sites and devices of any kind connected to the web." The bill seeks to ensure companies offer their clients benefits and financial rewards, including payment as "compensation for the collecting, processing or sharing of data." It has garnered bipartisan support, and is currently being evaluated in Congress...

If approved, the bill will allow companies to collect data more quickly and precisely, while giving users more clarity over how their data will be used, according to Antonielle Freitas, data protection officer at Viseu Advogados, a law firm that specializes in digital and consumer laws. As data collection becomes centralized through regulated data brokers, the government can benefit by paying the public to gather anonymized, large-scale data, Freitas told Rest of World. These databases are the basis for more personalized public services, especially in sectors such as health care, urban transportation, public security, and education, she said.
This first pilot program involves "a small group of Brazilians who will use data wallets for payroll loans," according to the article — although Pedro Bastos, a researcher at Data Privacy Brazil, sees downsides. "Once you treat data as an economic asset, you are subverting the logic behind the protection of personal data," he told RestOfWorld. The data ecosystem "will no longer be defined by who can create more trust and integrity in their relationships, but instead, it will be defined by who's the richest."

Thanks to Slashdot reader applique for sharing the news.

Journalists from Der Spiegel and Danwatch were able to use proxy servers in Belarus, Kazakhstan, and Russia to circumvent network restrictions and access documents about Russia's nuclear weapon sites, reports Cybernews.com.

"Data, including building plans, diagrams, equipment, and other schematics, is accessible to anyone in the public procurement database." Journalists from Danwatch and Der Spiegel scraped and analyzed over two million documents from the public procurement database, which exposed Russian nuclear facilities, including their layout, in great detail. The investigation unveils that European companies participate in modernizing them. According to the exclusive Der Spiegel report, Russian procurement documents expose some of the world's most secret construction sites. "It even contains floor plans and infrastructure details for nuclear weapons silos," the report reads.
Some details from the Amsterdam-based Moscow Times: Among the leaked materials are construction plans, security system diagrams and details of wall signage inside the facilities, with messages like "Stop! Turn around! Forbidden zone!," "The Military Oath" and "Rules for shoe care." Details extend to power grids, IT systems, alarm configurations, sensor placements and reinforced structures designed to withstand external threats...

"Material like this is the ultimate intelligence," said Philip Ingram, a former colonel in the British Army's intelligence corps. "If you can understand how the electricity is conducted or where the water comes from, and you can see how the different things are connected in the systems, then you can identify strengths and weaknesses and find a weak point to attack."
Apparently Russian defense officials were making public procurement notices for their construction projects — and then attaching sensitive documents to those public notices...

Apple's end-to-end iCloud encryption product ("Advanced Data Protection") was famously removed in the U.K. after a government order demanded backdoors for accessing user data.

So now a Google software engineer wants to build an open source version of Advanced Data Protection for everyone. "We need to take action now to protect users..." they write (as long-time Slashdot reader WaywardGeek). "The whole world would be able to use it for free, protecting backups, passwords, message history, and more, if we can get existing applications to talk to the new data protection service." "I helped build Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018, and Google is way ahead of Apple in this area. I know exactly how to build it and can have it done in spare time in a few weeks, at least server-side... This would be a distributed trust based system, so I need folks willing to run the protection service. I'll run mine on a Raspberry PI...

The scheme splits a secret among N protection servers, and when it is time to recover the secret, which is basically an encryption key, they must be able to get key shares from T of the original N servers. This uses a distributed oblivious pseudo random function algorithm, which is very simple.

In plain English, it provides nation-state resistance to secret back doors, and eliminates secret mass surveillance, at least when it comes to data backed up to the cloud... The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys. There are cases where rational folks would agree to hand over that data, and I hope we can end the encryption wars and develop sane policies that protect user data while offering a compromise where lives can be saved.
"I've got the algorithms and server-side covered," according to their original submission. "However, I need help." Specifically...

• Running protection servers. "This is a T-of-N scheme, where users will need say 9 of 15 nodes to be available to recover their backups."
• Android client app. "And preferably tight integration with the platform as an alternate backup service."
• An iOS client app. (With the same tight integration with the platform as an alternate backup service.)
• Authentication. "Users should register and login before they can use any of their limited guesses to their phone-unlock secret."

"Are you up for this challenge? Are you ready to plunge into this with me?"


In the comments he says anyone interested can ask to join the "OpenADP" project on GitHub — which is promising "Open source Advanced Data Protection for everyone."

An anonymous reader quotes a report from the BBC: A lack of action by big tech firms is enabling the "industrial scale theft" of premium video services, especially live sport, a new report says. The research by Enders Analysis accuses Amazon, Google, Meta and Microsoft of "ambivalence and inertia" over a problem it says costs broadcasters revenue and puts users at an increased risk of cyber-crime. Gareth Sutcliffe and Ollie Meir, who authored the research, described the Amazon Fire Stick -- which they argue is the device many people use to access illegal streams -- as "a piracy enabler." [...] The device plugs into TVs and gives the viewer thousands of options to watch programs from legitimate services including the BBC iPlayer and Netflix. They are also being used to access illegal streams, particularly of live sport.

In November last year, a Liverpool man who sold Fire Stick devices he reconfigured to allow people to illegally stream Premier League football matches was jailed. After uploading the unauthorized services on the Amazon product, he advertised them on Facebook. Another man from Liverpool was given a two-year suspended sentence last year after modifying fire sticks and selling them on Facebook and WhatsApp. According to data for the first quarter of this year, provided to Enders by Sky, 59% of people in UK who said they had watched pirated material in the last year while using a physical device said they had used a Amazon fire product. The Enders report says the fire stick enables "billions of dollars in piracy" overall. [...]

The researchers also pointed to the role played by the "continued depreciation" of Digital Rights Management (DRM) systems, particularly those from Google and Microsoft. This technology enables high quality streaming of premium content to devices. Two of the big players are Microsoft's PlayReady and Google's Widevine. The authors argue the architecture of the DRM is largely unchanged, and due to a lack of maintenance by the big tech companies, PlayReady and Widevine "are now compromised across various security levels." Mr Sutcliffe and Mr Meir said this has had "a seismic impact across the industry, and ultimately given piracy the upper hand by enabling theft of the highest quality content." They added: "Over twenty years since launch, the DRM solutions provided by Google and Microsoft are in steep decline. A complete overhaul of the technology architecture, licensing, and support model is needed. Lack of engagement with content owners indicates this a low priority."

Billions of stolen cookies are being sold on the dark web and Telegram, with over 1.2 billion containing session data that can grant cybercriminals access to accounts and systems without login credentials, bypassing MFA. The Register reports: More than 93.7 billion of them are currently available for criminals to buy online and of those, between 7-9 percent are active, on average, according to NordVPN's breakdown of stolen cookies by country. Adrianus Warmenhoven, cybersecurity advisor at NordVPN, said: "Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide. Most people don't realize that a stolen cookie can be just as dangerous as a password, despite being so willing to accept cookies when visiting websites, just to get rid of the prompt at the bottom of the screen. However, once these are intercepted, a cookie can give hackers direct access to all sorts of accounts containing sensitive data, without any login required."

The vast majority of stolen cookies (90.25 percent) contain ID data, used to uniquely identify users and deliver targeted ads. They can also contain data such as names, home and email addresses, locations, passwords, phone numbers, and genders, although these data points are only present in around 0.5 percent of all stolen cookies. The risk of ruinous personal data exposure as a result of cookie theft is therefore pretty slim. Aside from ID cookies, the other statistically significant type of data that these can contain are details of users' sessions. Over 1.2 billion of these are still up for grabs (roughly 6 percent of the total), and these are generally seen as more of a concern.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as "pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. "Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024," reads a statement from the U.S. Department of the Treasury, which sanctioned Funnull and its 40-year-old Chinese administrator Liu Lizhi. "Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses."

The Treasury Department said Funnull's operations are linked to the majority of virtual currency investment scam websites reported to the FBI. The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans. Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms. Victims are coached to invest more and more money into what appears to be an extremely profitable trading platform, only to find their money is gone when they wish to cash out. The scammers often insist that investors pay additional "taxes" on their crypto "earnings" before they can see their invested funds again (spoiler: they never do), and a shocking number of people have lost six figures or more through these pig butchering scams.

KrebsOnSecurity's January story on Funnull was based on research from the security firm Silent Push, which discovered in October 2024 that a vast number of domains hosted via Funnull were promoting gambling sites that bore the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean state-sponsored hacking group Lazarus. Silent Push found Funnull was a criminal content delivery network (CDN) that carried a great deal of traffic tied to scam websites, funneling the traffic through a dizzying chain of auto-generated domain names and U.S.-based cloud providers before redirecting to malicious or phishous websites. The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

Lovable, a Swedish startup that allows users to create websites and apps through natural language prompts, failed to address a critical security vulnerability for months after being notified, according to a new report. A study by Replit employees found that 170 of 1,645 Lovable-created applications exposed sensitive user information including names, email addresses, financial data, and API keys that could allow hackers to run up charges on customers' accounts.

The vulnerability, published this week in the National Vulnerabilities Database, stems from misconfigured Supabase databases that Lovable's AI-generated code connects to for storing user data. Despite being alerted to the problem in March, Lovable initially dismissed concerns and only later implemented a limited security scan that checks whether database access controls are enabled but cannot determine if they are properly configured.

An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove.

The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their investigation of a broader campaign, dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report. The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini.

GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.

An anonymous reader quotes a report from TechCrunch: LexisNexis Risk Solutions, a data broker that collects and uses consumers' personal data to help its paying corporate customers detect possible risk and fraud, has disclosed a data breach affecting more than 364,000 people. The company said in a filing with Maine's attorney general that the breach, dating back to December 25, 2024, allowed a hacker to obtain consumers' sensitive personal data from a third-party platform used by the company for software development.

Jennifer Richman, a spokesperson for LexisNexis, told TechCrunch that an unknown hacker accessed the company's GitHub account. The stolen data varies, but includes names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver license numbers. It's not immediately clear what circumstances led to the breach. Richman said LexisNexis received a report on April 1, 2025 "from an unknown third party claiming to have accessed certain information." The company would not say if it had received a ransom demand from the hacker.

A security researcher has discovered an exposed database containing 184 million login credentials for major services including Apple, Facebook, and Google accounts, along with credentials linked to government agencies across 29 countries. Jeremiah Fowler found the 47-gigabyte trove in early May, but the database contained no identifying information about its owner or origins.

The records included plaintext passwords and usernames for accounts spanning Netflix, PayPal, Discord, and other major platforms. A sample analysis revealed 220 email addresses with government domains from countries including the United States, China, and Israel. Fowler told Wired he suspects the data was compiled by cybercriminals using infostealer malware. World Host Group, which hosted the database, shut down access after Fowler's report and described it as content uploaded by a "fraudulent user." The company said it would cooperate with law enforcement authorities.

The recent surge in cyberattacks is pushing cyber insurers toward a fundamental reassessment of premium pricing, Bloomberg reports, with industry analysts warning of an impending "inflection point" that could reshape the market. Marks & Spencer's impending $404 million hit to its operating profit from a recent hack underscores claims that will "attract intense scrutiny from insurers," according to cybersecurity expert Adam Casey.

While incidents like this might not trigger immediate premium hikes across the board, they might likely contribute to an upward pricing trend. Panmure Liberum analyst Abid Hussain said that premiums have recently been falling as policy coverage has tightened, but the industry now faces a critical decision point. "There's going to be another step change, either in the policy wording or in the premiums, or both," Hussain said.

Multiple readers shared the following report about the executive departures at CISA: Virtually all of the top officials at the Cybersecurity and Infrastructure Security Agency (CISA) have departed the agency or will do so this month, according to an email obtained by Cybersecurity Dive, further widening a growing void in expertise and leadership at the government's lead cyber defense force at a time when tensions with foreign adversaries are escalating.

Five of CISA's six operational divisions and six of its 10 regional offices will have lost top leaders by the end of the month, the agency's new deputy director, Madhu Gottumukkala, informed employees in an email on Thursday. [...] The exits of these leaders could undermine the efficiency and strategic clarity of CISA's partnerships with critical infrastructure operators, private security firms, foreign allies, state governments and local emergency managers, experts say.