Apple has agreed to pay $95 million to settle a class action lawsuit that accused the company of invading users' privacy through its voice-activated assistant, Siri.

This settlement affects U.S.-based individuals who either currently own or have owned a device with Siri (such as an iPhone, iPad, Apple Watch, MacBook, iMac, HomePod, iPod touch, or Apple TV) and whose private voice conversations were unintentionally captured by Siri and shared with third parties. This could have...

A new security breach has affected over 2.6 million Chrome users through popular browser extensions. Attackers tricked extension developers with a fake email, convincing them to grant special permissions to a malicious app. Once approved, the attackers added harmful code to trusted extensions, allowing them to steal personal data like login details and browsing information.

The first sign of the attack came from cybersecurity firm Cyberhaven, whose employee was...

Belgian and Dutch authorities have arrested eight suspects linked to a "phone phishing" gang that targeted victims across at least ten European countries. The operation, coordinated by Europol and Eurojust on December 6, 2024, involved 17 searches in Belgium and the Netherlands, resulting in the seizure of cash, firearms, luxury watches, jewelry, and electronic devices. The suspects, aged 23 to 66 and based mainly in Rotterdam and Almere, impersonated police officers or bank staff to...

Cybersecurity researchers have warned about a new phishing attack that uses corrupted Microsoft Office files and ZIP archives to bypass email security. According to ANY.RUN, this attack evades antivirus software, prevents files from being analyzed in secure environments (like sandboxes), and gets past Outlook's spam filters, allowing harmful emails to reach your inbox. The attack involves sending emails with intentionally damaged attachments, such as ZIP files or Office documents, which...

The North Korea-linked hacker group Sapphire Sleet is believed to have stolen over $10 million in cryptocurrency through social engineering attacks over six months. Microsoft found that multiple North Korean groups were using fake LinkedIn profiles, posing as recruiters or job seekers to scam people and fund the regime.

Active since at least 2020, Sapphire Sleet shares ties with other hacking groups like APT38 and BlueNoroff. In November 2023, Microsoft revealed the group set up fake...

Cybercriminals are using a new method called Ghost Tap to steal money from victims' accounts on a large scale. This technique relies on near-field communication (NFC) technology and allows thieves to steal funds from stolen credit cards linked to mobile payment services like Google Pay and Apple Pay.

ThreatFabric, a Dutch security company, explained to The Hacker News that criminals can use Google Pay or Apple Pay to transmit payment information anywhere in the world within seconds....

A new phishing tool called GoIssue is being used to target GitHub users with fake emails designed to steal login details. The tool, created by a hacker known as cyberdluffy, collects email addresses from public GitHub profiles and sends mass emails that look legitimate, tricking users into sharing their personal information or giving access to their code. Priced as low as $150, GoIssue allows attackers to reach many people at once, increasing the chances of success.

In some cases,...

A new strain of Android banking malware called ToxicPanda has infected over 1,500 Android devices, enabling cybercriminals to carry out fraudulent banking transactions.

According to researchers Michele Roviello, Alessandro Strino, and Federico Valentini from Cleafy, the main goal of ToxicPanda is to steal money by taking over bank accounts on compromised devices. This is done using a method known as on-device fraud (ODF), where the malware bypasses...

Recent reports indicate that North Korean hackers known as Jumpy Pisces have teamed up with the Play ransomware group between May and September 2024. This is notable as it marks the first collaboration between a state-sponsored group from North Korea and a ransomware network.

Jumpy Pisces, associated with North Korea’s Reconnaissance General Bureau, has previously used other ransomware strains. In August, three U.S. organizations were targeted by the group, but no ransomware was...

Hackers are trying to misuse the open-source EDRSilencer tool to interfere with endpoint detection and response (EDR) systems and hide their malicious activities.

Trend Micro has reported that these hackers are attempting to use EDRSilencer in their attacks to avoid being detected.

EDRSilencer, which is based on the NightHawk FireBlock tool from MDSec, is meant to block outgoing traffic from EDR processes using the Windows Filtering Platform (WFP).

It can stop various...