Latest Cybersecurity News

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough.

LinkedIn secretely scans for 6,000+ Chrome extensions, collects data

BleepingComputerApr 3, 20265m5

LinkedIn secretely scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data.

LinkedIn secretly scans for 6,000+ Chrome extensions, collects data

BleepingComputerApr 3, 20265m5

LinkedIn secretly scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data.

Hims & Hers warns of data breach after Zendesk support ticket breach

BleepingComputerApr 3, 20263m5

Hims & Hers warns of data breach after Zendesk support ticket breach

Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform.

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

The Hacker News

The Hacker NewsApr 3, 20265m5

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 targeted European governments from mid-2025 using PlugX and OAuth abuse, enabling cyber espionage against EU and NATO entities.

Apple Breaks Precedent, Patches DarkSword for iOS 18

Apple Breaks Precedent, Patches DarkSword for iOS 18

Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe mobile OS-cracking tool.

Die Linke German political party confirms data stolen by Qilin ransomware

BleepingComputerApr 3, 20262m5

Die Linke German political party confirms data stolen by Qilin ransomware

The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak.

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

The Hacker News

The Hacker NewsApr 3, 20263m5

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic logs.

Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting

Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting

As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises.

Evolution of Ransomware: Multi-Extortion Ransomware Attacks

BleepingComputerApr 3, 20264m5

Evolution of Ransomware: Multi-Extortion Ransomware Attacks

Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers.

Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication

Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication

"Skull vibration harmonics generated by vital signs" can be used to sign in to VR, AR, and MR headsets, according to emerging research.