Tea App cybersecurity incident update
Thursday, August 14, 2025 by Russ Scritchfield
The Tea App has issued an update regarding the cybersecurity incident that occurred on July 25, 2025. During the course of an ongoing investigation, it was discovered that some users’ direct messages (DMs) were accessed as part of the initial breach. As a precautionary measure, the company has disabled DM functionality and taken the affected system offline.
Tea...
Google OOS Rebuild announced
Friday, August 8, 2025 by Austin Harris
Google has unveiled OSS Rebuild, a new initiative aimed at enhancing trust and transparency across open source package ecosystems. As software supply chain attacks continue to threaten widely-used dependencies, OSS Rebuild offers a scalable and low-friction solution that supports reproducible builds, independent verification, and provenance generation, all without burde...
KNP ransomware attack
Wednesday, August 6, 2025 by Russ Scritchfield
One of the UK's oldest transport companies, KNP Logistics Group, collapsed under the weight of a ransomware attack that began with a single guessed password. The company, founded in 1865 and known primarily through its “Knights of Old” fleet, had survived world wars, economic upheavals, and generational shifts in the freight industry. But it could not su...
CoinDCX launches bounty after security breach
Friday, August 1, 2025 by Richard Harris
CoinDCX, one of the largest cryptocurrency exchanges in India, has issued an official statement following a sophisticated security incident on July 19, 2025, which affected one of its internal operational accounts used solely for liquidity provisioning on a partner exchange. The company emphasized that no customer funds were impacted and that all assets remain secure in...
Better code quality starts with AI developer tools says Greptile
Thursday, July 31, 2025 by Richard Harris
Greptile, the provider of AI-powered code review solutions, recently announced its vision for transforming software development through artificial intelligence (AI) developer tools, emphasizing the growing necessity of integrating these technologies into modern development workflows to improve code quality.
Better code quality starts with AI developer tools says Grep...
Microsoft SharePoint hit by widespread zero-day attacks
Wednesday, July 30, 2025 by Austin Harris
The Cybersecurity and Infrastructure Security Agency (CISA) has reported active exploitation of a newly identified remote code execution (RCE) vulnerability affecting on-premise Microsoft SharePoint servers. The vulnerability, cataloged as CVE-2025-53770, is a variant of the previously known CVE-2025-49706 and presents significant risks to organizations by enabling unau...
iOS fitness app Fitify exposes 138K user private photos
Friday, July 25, 2025 by Austin Harris
Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time. After Cybernews contacted the company, the unprotected instance was closed.
iOS fitness app Fitify exposes 138K user private photos: Key takeawa...
McDonalds AI Hiring Bot Breach
Thursday, July 17, 2025 by Russ Scritchfield
Security researchers uncovered a critical vulnerability in McDonald’s AI-powered hiring system, McHire, revealing how a simple password flaw could have exposed applicant data, but importantly, no candidate information was leaked or made publicly available, and only five records were briefly accessed by researchers who responsibly reported the issue.
In a supers...
