DoubleVerify detects hidden iOS ad fraud
Wednesday, December 3, 2025 by Trey Abbe
DoubleVerify’s Fraud Lab has discovered a new fraud scheme lurking on customers’ mobile devices. It uses innocent-seeming iOS gaming apps to charge advertisers for phony ad impressions.
Operated by independent cybercriminals using a shared framework called UniSkyWalking, the scheme, which our Fraud Lab has dubbed SkyWalk, is sophisticated, coordinated and...
Airline data breach hits WestJet exposing over 1M passengers
Thursday, October 30, 2025 by Russ Scritchfield
Canada’s second-largest airline, WestJet, disclosed that a data breach earlier this year compromised the personal information of approximately 1.2 million passengers. The airline reported the incident in a filing with Maine’s attorney general, confirming that 240 residents in the state were affected.
Details of the information compromised
The informati...
Perforce reveals uncertainty around AI data privacy
Tuesday, October 28, 2025 by Austin Harris
Perforce Software’s 2025 State of Data Compliance and Security Report has revealed a striking disconnect between enterprise AI ambitions and the understanding of data privacy risks. According to the report, a large majority of organizations support using sensitive data in AI development but simultaneously express significant concerns about its security. This parad...
Phishing sites seized by Microsoft in major crackdown
Tuesday, September 23, 2025 by Richard Harris
Microsoft has intensified its efforts to combat cybercrime by targeting Raccoon0365, a subscription-based phishing service that enabled wide-scale credential theft. Working through the U.S. District Court in Manhattan, the company successfully obtained approval to seize nearly 340 internet domains associated with fraudulent login pages.
The campaign represents one of...
Salesforce data breach linked to Tenable via Salesloft Drift
Friday, September 12, 2025 by Richard Harris
A recent Salesforce data breach involving the Salesloft Drift integration has affected multiple organizations, including cybersecurity company Tenable. The company confirmed that limited customer contact and support case data were exposed but emphasized that no core product data was compromised.
Scope of exposed information
Tenable reported that information access...
Salesforce breach let hackers steal Google customer data
Monday, August 25, 2025 by Richard Harris
In June, one of Google’s corporate Salesforce instances was affected by activity consistent with the UNC6040 campaign described in the post. Google responded by conducting an impact analysis and implementing mitigation steps. The affected instance stored contact information and related notes for small and medium-sized businesses. Investigators confirmed that data ...
Tea App cybersecurity incident update
Thursday, August 14, 2025 by Russ Scritchfield
The Tea App has issued an update regarding the cybersecurity incident that occurred on July 25, 2025. During the course of an ongoing investigation, it was discovered that some users’ direct messages (DMs) were accessed as part of the initial breach. As a precautionary measure, the company has disabled DM functionality and taken the affected system offline.
Tea...
KNP ransomware attack
Wednesday, August 6, 2025 by Russ Scritchfield
One of the UK's oldest transport companies, KNP Logistics Group, collapsed under the weight of a ransomware attack that began with a single guessed password. The company, founded in 1865 and known primarily through its “Knights of Old” fleet, had survived world wars, economic upheavals, and generational shifts in the freight industry. But it could not su...
McDonalds AI Hiring Bot Breach
Thursday, July 17, 2025 by Russ Scritchfield
Security researchers uncovered a critical vulnerability in McDonald’s AI-powered hiring system, McHire, revealing how a simple password flaw could have exposed applicant data, but importantly, no candidate information was leaked or made publicly available, and only five records were briefly accessed by researchers who responsibly reported the issue.
In a supers...
iOS sleep app leaked sensitive user information
Tuesday, May 27, 2025 by Austin Harris
An iPhone app designed to combat insomnia, Sleep Journey: Insomnia Helper, exposed tens of thousands of users, revealing their names, alcohol habits, and other private data.
Stress is hardly a cure for insomnia. Meanwhile, an iOS app meant to help users fall asleep could become a headache instead. The Cybernews research team discovered that Sleep Journey: Insomnia He...
DataKrypto launches new AI models
Friday, May 9, 2025 by Richard Harris
DataKrypto launched a new solution that protects AI models and the data of businesses using them. Based on the company’s patented FHE technology, the solution, FHEnom for AI, addresses a critical security gap and delivers unprecedented AI protection.
FHEnom for AI is a zero-knowledge framework that safeguards both customized open-source AI models (adapted for s...
Security trade-offs and Xs vulnerabilities
Friday, March 21, 2025 by Richard Harris
The latest cyberattack on X raises an important question: Was this an external attack or a result of internal instability? While hacktivist group Dark Storm has claimed responsibility for the distributed denial-of-service (DDoS) attack, it is just as crucial to examine X’s own security posture, particularly in light of the drastic staffing cuts that followed Elon ...
Cybersecurity supply chain risk management predictions for 2025
Thursday, January 16, 2025 by Austin Harris
DTS CEO and President Edward Tuorinsky shares his cybersecurity prediction for shaping the 2025 business landscape.
Cybersecurity in 2025 is like that party game where you whisper a phrase to the person next to you. One mistake is passed along to others, with funny outcomes. The stakes are higher, and the results are less amusing when data breaches or hacks travel al...
Emerging features to consider for mobile app development
Wednesday, November 13, 2024 by Richard Harris
In an era where mobile applications are ubiquitous, with a staggering 8.93 million apps vying for attention across various app stores, distinguishing your app from the competition is paramount. While aesthetics undoubtedly play a role in user attraction, it is the functionality and features of an app that truly captivate and retain users. Whether you are embarking on yo...
AI regulations in software development
Tuesday, August 27, 2024 by Richard Harris
AI is rapidly changing the software development field, making clear regulations essential to prevent risks like data breaches and ensure ethical practices. These regulations are also key to reshaping developer roles while preserving the need for human expertise.
AI regulations in software development
The implementation of formal AI policies within companies is cri...
DevOps threats report released from GitProtect io
Monday, August 12, 2024 by Brittany Hainzinger
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities,
and, as a result, data loss are the reality that DevSecOps teams have to face...even every
few days.
The State of DevOps threats report - teams affected every few days
GitProtect.io recently presented its studies on the most severe incidents affecting tools like GitHub...
Rise in cyberattacks is alarming folks
Friday, June 28, 2024 by Austin Harris
A recent study has uncovered a startling rise in cyberattacks from 2022 to 2023. Throughout 2023, the United States experienced an alarming 3,205 data breaches, marking a dramatic 78% surge from the 1,801 incidents reported in 2022.
The study conducted by data collection experts SOAX utilized data from the Identity Theft Resource Center on the number of data vi...
Leaked data from Shopify plugins developed by Saara
Wednesday, March 27, 2024 by Austin Harris
The Cybernews research team discovered that a vast amount of sensitive data of shoppers was exposed to threat actors by the e-commerce giant’s Shopify plugin developer Saara, with millions of orders being leaked.
Key findings from the Cybernews report, covering the data breach on the Shopify plugins developed by Saara
Researchers discovered a publicly acc...
Software delivery lifecycle security predictions from OpsMx
Wednesday, December 20, 2023 by Richard Harris
Heading into 2024, enterprises face mounting security concerns related to data breaches, evolving privacy regulations, and their increasing reliance on the cloud and software service providers. As such, they are under increasing pressure to secure the software delivery lifecycle and better understand where the threats are coming from and what their vulnerabilities are. ...
API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
Detect hard coded secrets with new capabilities from Cycode
Thursday, August 10, 2023 by Austin Harris
Cycode announced the expansion of its hard-coded secrets detection in cloud-based workplaces, as well as a collaboration with Azure DevOps pipelines to ensure end-to-end supply chain integrity and a new IDE plug-in for seamless integration with VS Code.
Building upon its existing code-to-cloud coverage, Cycode now extends its secrets scanning capabilities to encompas...
SBOM mandate to improve cybersecurity in the US
Friday, March 17, 2023 by Austin Harris
The number of cyberattacks waged against government sectors worldwide increased by 95% in the second half of 2022 compared to the same time period in 2021. (1) The global cost of cyberattacks is expected to grow exponentially from $8.44 trillion in 2022 to $23.84 trillion by 2027. (2) To support the nation’s critical infrastructure and Federal Government networks,...
Identity will hold the keys to the kingdom for cybercriminals
Wednesday, February 8, 2023 by Brittany Hainzinger
In 2023, identity will continue to hold the keys to the kingdom for cybercriminals. This is a continuation from 2022, with the Verizon Data Breach Investigations Report (DBIR) attributing 80% of basic web application attacks to the use of stolen credentials like passwords. Security incidents usually involve a variety of techniques, from social engineering to supply chai...
Data privacy training kit from CybeReady
Monday, February 6, 2023 by Austin Harris
CybeReady published the company’s Data Privacy CISO Toolkit as Data Privacy Week is set to arrive in January. Access to the Data Privacy CISO Toolkit is free of charge and offered to support data privacy training this month.
Data Privacy Week was inaugurated by the National Cybersecurity Alliance (NCA) because of the importance of privacy data. The occasion beg...
Security practices of apps in the Google Play Store
Monday, September 26, 2022 by Brittany Hainzinger
Data removal company Incogni analyzed the top 1,000 paid and unpaid apps available on the Google Play Store to discover the apps’ privacy and security practices.
Key privacy findings:
1 in 2 apps (55.2%) share your data with third parties.
Free apps share, on average, seven times more data points than paid apps.
The worst categ...
Triller calls on US gov to ban TikTok
Tuesday, July 19, 2022 by Austin Harris
Triller calls on CFIUS, President Joe Biden, Congress the Department Of Defense to ban TikTok calling it the largest security threat to America today in an open letter by CEO and Chairman of Triller Mahi De Silva.
As the CEO of a global company whose mission is to help creators take control of their destiny in the creator economy, leveraging transformative adaptive t...
Monetary losses from corporate data breaches in the US
Friday, June 17, 2022 by Austin Harris
Data breaches in today’s technology-driven world can affect hundreds of millions, if not billions, at once. Companies must ensure that data is adequately protected. However, some of the largest breaches have occurred in the last decade.
But which state in the United States has suffered the most monetary losses as a result of corporate data breaches?
Interest...
Data privacy predictions from Ground Labs
Monday, January 17, 2022 by Austin Harris
As Ground Labs Co-Founder, Stephen Cavey leads a global team empowering enterprise partners to discover, manage and secure sensitive data across their organizations.
Stephen has deep security domain expertise with a focus on electronic payments and data security compliance. He is a frequent speaker at industry events such as PrivSec Global, and his expert analy...
Offshore software developers risks and advantages
Thursday, October 28, 2021 by Vivien F. Peaden
The onset of COVID-19 has hastened CEOs’ prioritization of digital transformation to future-proof their organizations. This paradigm change is driving the IT outsourcing spend to improve operational agility, integrate new technologies, and achieve cost-savings and faster time-to-market.
Risks and advantages of using offshore software developers
The pandemic ...
Protecting source code
Wednesday, October 6, 2021 by Nigel Thorpe
Earlier this year, EA (Electronic Arts), reported a cyberattack and the theft of some 780GB of source code for games such as FIFA 21 and the proprietary Frostbite game engine used for many other high-profile games such as Battlefield. The threat actors responsible for the EA data breach put the stolen data up for sale on an underground hacking forum for $28 million, pro...
Vanta launches Automated ISO 27001 Certification and HIPAA Compliance
Tuesday, July 13, 2021 by Brittany Hainzinger
Vanta announced public availability for two new certification standards that help secure the internet and protect consumer data. Vanta provides automated compliance audits and continuous security monitoring through a robust SaaS platform, enabling companies to achieve industry standardization in weeks instead of months.
The rise of data leaks and privacy concerns hav...
Zero trust framework no longer optional 2021 predictions
Tuesday, January 12, 2021 by Brittany Hainzinger
There’s no doubt that COVID-19 and the shift to remote work have accelerated Zero Trust adoption in the enterprise. In 2021 and the following years, implementing a Zero Trust approach will become essential to protecting every enterprise, regardless of industry. This is due to the increasing volume of cyberthreats that organizations and individuals face on a regula...
Zero trust security will prevail in 2021
Wednesday, January 6, 2021 by Brittany Hainzinger
Zero-trust security (when organizations stop trusting their people and services in an IT environment) will become the prevailing model for organizations in 2021. With more companies moving to distributed architectures, technology teams need a scalable way to make security foolproof while managing a growing number of microservices and greater complexity. Companies s...
5 mistakes businesses make in application development
Friday, October 23, 2020 by Mayur S Shah
5 Mistakes Businesses Make While Prioritizing Speed Over Security in Application Development
Earlier this year, the Democratic party in Iowa announced its plans to use a smartphone app to calculate and transmit their caucus results. One would think that by using technology to improve the speed of governance, what could possibly go wrong? A lot, apparently. The a...
HackNotice announces threat intelligence platform
Friday, September 18, 2020 by Brittany Hainzinger
HackNotice announced the launch of HackNotice Teams, a cybersecurity management platform powered by actionable threat intelligence and an industry solution to foster a company-wide culture of security. Built on HackNotice Premium’s technology, HackNotice Teams scours the dark web to alert employees of vulnerabilities, compromised information, and data breaches in ...
