The Breach News

Google Reveals How Certain Websites Secretly Hacked iPhones for Years

Apple users should remain vigilant regarding recent threats, as a new report from Google researchers reveals that iPhones can be compromised simply by visiting seemingly benign websites. This alarming discovery stems from a series of iPhone hacking exploits uncovered by Google’s Project Zero earlier this year. The researchers identified at…

Read MoreGoogle Reveals How Certain Websites Secretly Hacked iPhones for Years

FTC Declares ‘Creepy’ Listening Tool for Targeted Ads Ineffective

The Federal Trade Commission (FTC) announced on Thursday that Cox Media Group (CMG), alongside two other marketing firms, MindSift LLC and 1010 Digital Works, will collectively pay nearly $1 million to resolve allegations of misleading practices. These companies purportedly deceived clients by claiming they could deliver targeted advertising based on…

Read MoreFTC Declares ‘Creepy’ Listening Tool for Targeted Ads Ineffective

Chinese Silk Typhoon Hacker Extradited to the U.S. for Cyberattacks on COVID Research

Chinese National Extradited to the U.S. for Cyber Attacks Linked to Silk Typhoon Group A 34-year-old Chinese citizen, Xu Zewei, has been extradited from Italy to the United States, facing charges related to his alleged involvement with the Silk Typhoon hacking group. The extradition, a significant move in international cybersecurity…

Read MoreChinese Silk Typhoon Hacker Extradited to the U.S. for Cyberattacks on COVID Research

Vulnerabilities in Over Half a Million GPS Trackers Expose Children’s Location Information

Recent research has raised significant concerns regarding the security of widely available GPS tracking devices marketed to ensure the safety of children, elderly individuals, and pets. Cybersecurity experts from Avast have identified vulnerabilities in approximately 600,000 devices sold on major platforms like Amazon, which are priced between $25 and $50.…

Read MoreVulnerabilities in Over Half a Million GPS Trackers Expose Children’s Location Information

Why Secure Data Transfer Is the Overlooked Bottleneck in Zero Trust Security

The landscape of cybersecurity is increasingly challenged by the flawed assumption that once a system is connected, security issues are resolved. This belief—a fundamental premise underlying many security programs—has been revealed as inadequate, contributing to stagnation in Zero Trust initiatives. Recent research from Everfox, drawn from a survey of 500…

Read MoreWhy Secure Data Transfer Is the Overlooked Bottleneck in Zero Trust Security

Exim TLS Vulnerability Exposes Email Servers to Remote Root Code Execution Attacks

A serious remote code execution vulnerability has been identified in Exim, a widely-used open-source email server software. This flaw potentially exposes over half a million email servers to attacks from remote threat actors. The Exim team responded by issuing a patch, updating the software to version 4.92.2, following an early…

Read MoreExim TLS Vulnerability Exposes Email Servers to Remote Root Code Execution Attacks

A Hacker Group is Compromising Open Source Code on an Unmatched Scale

A recent software supply chain attack has underscored the growing prevalence of cyber threats, as hackers have successfully infiltrated legitimate software to embed malicious code. Often a rare occurrence, such incidents have become increasingly frequent, transforming once-trusted applications into potential vulnerabilities within victim networks. A particularly notorious group of cybercriminals,…

Read MoreA Hacker Group is Compromising Open Source Code on an Unmatched Scale

LiteLLM CVE-2026-42208 SQL Injection Exploited Within 36 Hours of Announcement

Critical Vulnerability Discovered in LiteLLM Python Package, Exploitation Initiated Within 36 Hours In a recent cybersecurity incident, a serious vulnerability has been identified in the LiteLLM Python package developed by BerriAI. This flaw, cataloged as CVE-2026-42208, has been linked to an SQL injection issue that can allow malicious actors to…

Read MoreLiteLLM CVE-2026-42208 SQL Injection Exploited Within 36 Hours of Announcement