Forwarded from The Hacker News
20% of breaches in 2025 started with unpatched software.
And patch management? It’s broken.
With SaaS sprawl + BYOD, IT teams can’t keep up. Shadow apps and personal devices are a hacker’s dream.
Here’s what needs to change ↓ https://thehackernews.com/expert-insights/2025/08/why-traditional-approaches-to-patch.html
And patch management? It’s broken.
With SaaS sprawl + BYOD, IT teams can’t keep up. Shadow apps and personal devices are a hacker’s dream.
Here’s what needs to change ↓ https://thehackernews.com/expert-insights/2025/08/why-traditional-approaches-to-patch.html
Forwarded from Hacker News
Australian Competition and Consumer Commission
Google admits anti-competitive conduct involving Google Search in Australia
The ACCC has today commenced Federal Court proceedings against Google Asia Pacific over anti-competitive understandings that Google admits it reached in the past with Telstra and Optus regarding the pre-installation of Google Search on Android mobile phones.
Forwarded from Hacker News
Andrew Moore
Secure Boot, TPM and Anti-Cheat Engines
Anti-cheat engines are now requiring users to have Secure Boot and a fTPM enabled in order to play online multiplayer games. Will this decrease the amount of cheating, or is it a futile attempt at curbing an ever-growing problem?
Forwarded from Android Security & Malware
Exposes and Analyzes of ERMAC V3.0 Banking Trojan Full Source Code Leak
https://hunt.io/blog/ermac-v3-banking-trojan-source-code-leak
https://hunt.io/blog/ermac-v3-banking-trojan-source-code-leak
hunt.io
ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis
Hunt.io uncovers the complete ERMAC V3.0 source code, revealing its infrastructure, vulnerabilities, and expanded form injection capabilities.
Forwarded from The Hacker News
🚨 New supply-chain attacks hit open-source repos.
• PyPI: termncolor & colorinal delivered multi-stage malware with Windows & Linux backdoors.
• npm: fake packages posed as dev tools & job tests, stealing iCloud Keychain, browser data, wallets.
Details → https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html
• PyPI: termncolor & colorinal delivered multi-stage malware with Windows & Linux backdoors.
• npm: fake packages posed as dev tools & job tests, stealing iCloud Keychain, browser data, wallets.
Details → https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html
Forwarded from The Hacker News
🚨 Compliance isn’t optional. Fail GDPR, HIPAA, or PCI DSS → massive fines, lawsuits, even shutdowns.
The scary part? Most don’t even know where they’re failing.
Here’s how Wazuh helps fix it:
✅ Real-time alerts
✅ Compliance dashboards
✅ Active response
Read this now → https://thehackernews.com/2025/08/wazuh-for-regulatory-compliance.html
The scary part? Most don’t even know where they’re failing.
Here’s how Wazuh helps fix it:
✅ Real-time alerts
✅ Compliance dashboards
✅ Active response
Read this now → https://thehackernews.com/2025/08/wazuh-for-regulatory-compliance.html
Forwarded from The Hacker News
46% of security leaders lose sleep over growing regulatory complexity.
Move beyond checkbox compliance and turn GRC into a strategic advantage with this new Tines guide.
What's in the guide:
🔸 Common challenges for security and compliance teams today
🔸 Four areas where GRC teams can leverage workflow orchestration and automation for immediate impact
🔸 Case study stories from Druva, Path AI, and more
Get the full guide here: https://thn.news/automating-grc-guide
Move beyond checkbox compliance and turn GRC into a strategic advantage with this new Tines guide.
What's in the guide:
🔸 Common challenges for security and compliance teams today
🔸 Four areas where GRC teams can leverage workflow orchestration and automation for immediate impact
🔸 Case study stories from Druva, Path AI, and more
Get the full guide here: https://thn.news/automating-grc-guide
Forwarded from cKure
■■□□□ 🧊 Hidden Firefox AI process consuming CPU resources?
Firefox browser users have encountered serious performance issues after the release of version 141. Initially, suspicion fell on the new "Smart Tab Grouping" feature using AI, but an official Mozilla investigation (Bug 1982278) showed that the abnormally high CPU load is caused by another component, namely the hidden pilot experiment "Semantic Search in History" (places.semanticHistory). The "Smart Tab Grouping" has nothing to do with this.
Everything was fine just yesterday. Today I opened Firefox, and as a result, there were sharp spikes in CPU load and power consumption. My fans shouldn't be this loud if I don't have more than 15 tabs open.
After unsuccessfully restarting Firefox, I opened the task manager and found that a process called "Inference" fluctuates from 0.05% to 130% CPU usage, which explains the spikes in CPU load and power consumption.
Killing the process solves the fluctuation problem but causes Firefox to crash, requiring a restart.
What is going on? This problem never existed until today.
— users complain on Reddit.
😱 Official Mozilla representatives have acknowledged the issue. The fix will be included in Firefox 143 (ctodea writes Target Milestone: → 143 Branch).
💡For full control and disabling of all local AI services, advanced users should experiment with some settings:
In about:config the parameter browser.ml.enable is set to false.
*The browser.ml.enable parameter is the main, kind of master key to all under-the-hood machine learning in Firefox. Setting this value to false completely deactivates the local AI engine (Inference process), making it impossible for any dependent features to work, including smart tab groups and the chatbot.
In about:config the parameter browser.tabs.groups.smart.enabled is set to false.
*Disables only the smart tab grouping feature. This step is not a guaranteed solution to the CPU overload problem, as the main source of the error lies in another component. Meanwhile, the AI engine itself (Inference process) remains active for other potential tasks.
In about:config the parameter browser.ml.chat.enabled is set to false.
*The browser.ml.chat.enabled parameter is a direct system switch that controls the activation and visibility of the AI chat integrated into Firefox.
Source: Telegram | Russian OSINTPlease open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from cKure
■■■□□ This Spyware Campaign Is Targeting Android Users Via Messaging Apps.
https://lifehacker.com/tech/this-spyware-campaign-is-targeting-android-users-via-messaging-apps
https://lifehacker.com/tech/this-spyware-campaign-is-targeting-android-users-via-messaging-apps
Lifehacker
This Spyware Campaign Is Targeting Android Users Via Messaging Apps
A new spyware campaign, referred to as LunaSpy, is targeting Android users by posing as antivirus delivered via messenger apps. Once installed on your device, it does everything from recording your screen to stealing your passwords.