Cybersecurity

No gains, just pains as 1.6M fitness phone call recordings exposed online

HelloGym's data security clearly skipped leg day Exclusive  Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially biometric data in the form of audio recordings – was left sitting in an unencrypted, non-password protected database, according to a security…

What the Plex? Streaming service suffers yet another password spill

For the third time in a decade Streaming platform Plex is warning some users to reset their passwords after suffering yet another breach.…

Nokia successor HMD spawns secure device biz with Euro-made smartphone

Ivalo XE handset targets governments and security critical sectors, though Qualcomm silicon keeps it tied to the US Finnish phone maker HMD Global is launching a business unit called HMD Secure to target governments and other security-critical customers, and has its first device ready to go.…

Anthropic’s Claude Code runs code to test if it is safe – which might be a big mistake

AI security reviews add new risks, say researchers App security outfit Checkmarx says automated reviews in Anthropic's Claude Code can catch some bugs but miss others – and sometimes create new risks by executing code while testing it.…

Salt Typhoon used dozens of domains, going back five years. Did you visit one?

Plus ties to the Chinese spies who hacked Barracuda email gateways Security researchers have uncovered dozens of domains used by Chinese espionage crew Salt Typhoon to gain stealthy, long-term access to victim organizations going back as far as 2020.…

PACER buckles under MFA rollout as courts warn of support delays

Busy lawyers on hold for five hours as staff handhold users into deploying the security measure US courts have warned of delays as PACER, the system for accessing court documents, struggles to support users enrolling in its mandatory MFA program.…

The crazy, true story behind the first AI-powered ransomware

tldr; boffins did it interview  It all started as an idea for a research paper. …

Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Pro tip, don't install PowerShell commands without approval A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique called ClickFix, which uses fake fixes and login…

Critical, make-me-super-user SAP S/4HANA bug under active exploitation

9.9-rated flaw on the loose, so patch now A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.…

Knock-on effects of software dev break-in hit schools trust

Affinity Learning Partnership warns staff after Intradev breach A major UK education trust has warned staff that their personal information may have been compromised following a cyberattack on software developer Intradev in August.…

Copyright © 2026 Lugapel