September 9, 2025

Defense Dept didn’t protect social media accounts, left stream keys out in public

'The practice… has since been fixed,' Pentagon official tells The Reg The US Department of Defense, up until this week, routinely left its social media accounts wide open to hijackers via stream keys - unique, confidential identifiers generated by streaming platforms for broadcasting content. If exposed, these keys…

No gains, just pains as 1.6M fitness phone call recordings exposed online

HelloGym's data security clearly skipped leg day Exclusive  Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially biometric data in the form of audio recordings – was left sitting in an unencrypted, non-password protected database, according to a security…

What the Plex? Streaming service suffers yet another password spill

For the third time in a decade Streaming platform Plex is warning some users to reset their passwords after suffering yet another breach.…

Nokia successor HMD spawns secure device biz with Euro-made smartphone

Ivalo XE handset targets governments and security critical sectors, though Qualcomm silicon keeps it tied to the US Finnish phone maker HMD Global is launching a business unit called HMD Secure to target governments and other security-critical customers, and has its first device ready to go.…

Anthropic’s Claude Code runs code to test if it is safe – which might be a big mistake

AI security reviews add new risks, say researchers App security outfit Checkmarx says automated reviews in Anthropic's Claude Code can catch some bugs but miss others – and sometimes create new risks by executing code while testing it.…

Copyright © 2026 Lugapel