Category: Security & Privacy

A former employee of the Department of Government Efficiency (DOGE), a government agency overseen by Elon Musk, is facing accusations of stealing a significant amount of Americans’ personal data from the U.S. Social Security Administration (SSA). According to a whistleblower complaint reported by The Washington Post, the individual allegedly stored this data on a thumb drive with intentions to utilize it at a new job.

The report states that the ex-DOGE software engineer informed colleagues at the new workplace about possessing two highly restricted databases containing U.S. citizens’ information. These databases, known as ‘Numident’ and the ‘Master Death File,’ potentially encompass records for over 500 million living and deceased Americans, including sensitive details like Social Security numbers, birth details, citizenship status, race, ethnicity, and parental information.

Furthermore, the individual claimed to have previously held unrestricted ‘God-level’ access to the SSA’s systems, raising concerns about the potential scope of the breach and its implications.

The Social Security Administration, still overseen by DOGE, has refuted the allegations of data theft, attributing them to sensationalism and misinformation. The inspector general’s office, an independent entity, is reportedly investigating the matter.

Source: TechCrunch

Recent revelations by Google have unveiled the utilization of a sophisticated iPhone-hacking toolkit, named ‘Coruna,’ in cyberattacks targeting individuals in Ukraine and China. This toolkit, comprising 23 distinct components, was reportedly developed by U.S. military contractor L3Harris. Originally intended for Western intelligence operations, these tools were later obtained by Russian government operatives and Chinese cybercriminal factions.

Google’s findings indicate that ‘Coruna’ was initially deployed in precise, covert operations by an undisclosed government client of a surveillance vendor, before falling into the possession of Russian spies who targeted Ukrainian individuals. Subsequently, Chinese hackers employed the toolkit in widespread campaigns aimed at financial theft and cryptocurrency acquisition.

According to anonymous sources, former employees of L3Harris have confirmed that ‘Coruna’ was developed within the company’s hacking and surveillance technology division, Trenchant. These insiders, speaking under conditions of confidentiality, recognized ‘Coruna’ as an internal component name closely aligned with the company’s iPhone exploitation tools.

Researchers at mobile cybersecurity firm iVerify, upon scrutinizing ‘Coruna,’ suggested its origin could be traced back to a vendor that supplied such technology to the U.S. government. The intricate technical facets of ‘Coruna’ resonated with these experts, strengthening the hypothesis of its ties to L3Harris.

Source: TechCrunch

A prominent hacking group linked to China, known as Salt Typhoon, has orchestrated a widespread hacking campaign targeting major phone and internet companies worldwide, including top American telecom giants like AT&T and Verizon. The group’s activities have led to the theft of millions of phone records, particularly those of senior government officials, raising concerns about cybersecurity vulnerabilities in critical infrastructure.

The hackers have primarily focused on breaching telecom infrastructure by exploiting weaknesses in Cisco routers and commandeering surveillance devices mandated by U.S. law for monitoring communications. These cyber intrusions have enabled China to access sensitive information such as call records, text messages, and voice data from high-profile U.S. targets, prompting cybersecurity experts to recommend the use of end-to-end encryption for secure communications.

While Salt Typhoon concentrates on telecom espionage, other Chinese-affiliated hacker groups like Volt Typhoon and Flax Typhoon are preparing for potentially disruptive cyberattacks and leveraging botnets of compromised IoT devices for concealing malicious online activities.

The extensive reach of Salt Typhoon’s hacks extends beyond the U.S., affecting over 200 companies globally and highlighting the persistent threat posed by cyber adversaries to international telecommunications networks.

Source: TechCrunch

Dutch intelligence agencies have raised alarms over a significant hacking campaign conducted by Russian government hackers targeting users of Signal and WhatsApp. The campaign is said to particularly focus on government officials, military personnel, and journalists worldwide.

The Netherlands’ Defence Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) disclosed that ‘Russian state actors’ are employing phishing and social engineering tactics, rather than malware, to compromise accounts on the two messaging platforms.

For Signal users, the hackers are posing as the app’s support team, engaging targets directly with messages about suspicious activities or potential data breaches. Once a target is deceived, the hackers request a verification code sent via SMS, ultimately allowing them to register a new device with a new number, impersonate the target, and potentially access their contacts. Despite victims being locked out of their accounts, they can regain access to chat history by re-registering, potentially overlooking the breach.

This revelation underscores the persistent security challenges faced by users of encrypted messaging apps and the evolving tactics employed by state-sponsored threat actors to gain unauthorized access to sensitive user data.

Source: TechCrunch

In a recent collaboration with Mozilla, Anthropic’s AI system, Claude Opus, identified 22 vulnerabilities in the Firefox browser, with 14 deemed as ‘high-severity.’ This discovery underscores the challenges in maintaining the security of open-source software.

The findings, detailed in a TechCrunch report, were promptly addressed in the latest Firefox 148 release, highlighting the critical role of AI in enhancing software security.

Anthropic’s team utilized Claude Opus 4.6 for a focused two-week effort, initially examining the JavaScript engine before expanding their review to other sections of the Firefox codebase. While the vulnerabilities were identified in a codebase known for its robust testing and security standards, the discovery emphasizes the ongoing need for vigilance in open-source projects.

Interestingly, while Claude Opus excelled in pinpointing vulnerabilities, attempts to create proof-of-concept exploits were less successful, with only two successful outcomes after a $4,000 investment in API credits.

This discovery underscores the growing significance of AI tools in fortifying open-source projects against potential threats, despite the inherent challenges they may introduce, such as an influx of erroneous merge requests.

Source: TechCrunch

Healthcare technology provider TriZetto has confirmed a significant data breach where the personal and health information of over 3.4 million individuals was compromised in 2024. The breach, which went undetected for almost a year, has raised concerns about data security in the healthcare sector.

TriZetto, a subsidiary of Cognizant, serves around 200 million people and 875,000 healthcare providers in the U.S. Its platform assists doctors and healthcare providers in processing patients’ insurance for medical services.

The stolen data includes sensitive details such as patients’ names, dates of birth, addresses, Social Security numbers, as well as healthcare-specific information like provider details, demographic data, and insurance details. The breach was identified in October 2025, with unauthorized access traced back to November 2024.

Cognizant stated that the threat to its systems has been neutralized, but the delay in detecting the breach remains unexplained. Several organizations, including OCHIN, a healthcare technology provider to hundreds of care facilities, have confirmed data compromises.

Source: TechCrunch

Italian authorities have confirmed that a journalist, Francesco Cancellato, was hacked with Paragon spyware, shedding light on a wider spyware scandal in Italy. The spyware attack, which also targeted immigration activists Giuseppe Caccia and Luca Casarini, was identified through a technical report that revealed traces of infection on their phones. The report indicated a coordinated effort, suggesting a comprehensive infection campaign.

This revelation marks the first independent verification of Cancellato’s hack, following alerts received in early 2025 regarding the use of Paragon spyware against journalists and civil society members. While Italian judicial authorities uncovered operations against Caccia and Casarini, no evidence of an operation against Cancellato was found previously.

The source of the hack remains unknown, adding to the intrigue surrounding this spyware scandal. The involvement of Paragon Solutions, an Israeli-based company now under American ownership, underscores the international dimensions of cybersecurity threats faced today.

As investigations continue, the case highlights the persistent challenges posed by sophisticated spyware technologies and the importance of robust cybersecurity measures in safeguarding sensitive information.

Source: TechCrunch

Recent reports have surfaced regarding a breach in the FBI’s networks, specifically targeting a system used for managing wiretaps and foreign intelligence surveillance warrants. According to CNN, hackers successfully infiltrated these critical systems, prompting an ongoing investigation by the FBI.

While details remain scarce due to the sensitive nature of the incident, a bureau spokesperson confirmed the detection of suspicious activities and assured the public of a comprehensive technical response. This breach adds to a series of cyber intrusions targeting U.S. government entities and corporations in recent times.

Noteworthy breaches include Chinese hackers compromising the U.S. Treasury and the National Nuclear Security Administration, along with Russian hackers gaining access to sealed records from the U.S. Courts’ filing system. Additionally, the FBI has attributed a series of intrusions to the Chinese government hacking group Salt Typhoon, affecting over 200 U.S. companies, including major telecommunications providers.

These incidents underscore the critical importance of fortifying cybersecurity measures within government agencies and private enterprises to safeguard sensitive information and uphold national security protocols.

Source: TechCrunch

According to a recent report by Google, a significant portion of zero-day vulnerabilities identified in 2025 were aimed at exploiting enterprise technologies, particularly security and networking devices used by large corporations. These zero-day exploits, which are vulnerabilities unknown to software makers at the time of exploitation, targeted crucial devices like firewalls, VPNs, and virtualization platforms.

Google’s findings indicate that 48% of the tracked zero-days focused on technologies utilized by businesses, with a notable emphasis on security and networking equipment. Leading vendors such as Cisco, Fortinet, Ivanti, and VMware were among the prime targets for malicious hackers seeking to breach corporate networks.

Hackers leveraged common vulnerabilities like input validation and incomplete authorization processes to bypass firewall and VPN defenses, highlighting the importance of prompt software updates to mitigate such risks. Additionally, the report highlighted specific incidents, such as the Clop extortion gang’s campaign against Oracle E-Business Suite customers, resulting in the compromise of sensitive human resources data from various organizations.

The remaining 52% of zero-day vulnerabilities affected consumer and end-user products, with operating systems and mobile devices facing an increased number of exploits compared to previous years. This escalation in zero-day attacks underscores the critical need for robust cybersecurity measures across both enterprise and consumer technology landscapes.

Source: TechCrunch

Meta, the tech company behind AI smart glasses, is facing a privacy lawsuit following revelations that subcontractors were reviewing footage containing sensitive content like nudity and intimate moments, raising significant privacy concerns.

An investigation revealed that workers at a Kenya-based subcontractor were accessing footage from customers’ glasses, including instances of nudity, sexual activities, and private moments. Despite Meta’s claims of blurring faces in images, reports suggest that this feature did not consistently protect users’ privacy.

The UK’s Information Commissioner’s Office has launched an investigation into the matter, and now Meta faces legal action in the US. The lawsuit alleges that Meta misled consumers by promising privacy and control over shared footage, while failing to disclose that overseas workers were reviewing potentially intimate content.

Represented by the Clarkson Law Firm, plaintiffs Gina Bartone and Mateo Canu argue that Meta’s advertising, such as ‘designed for privacy, controlled by you,’ created false expectations regarding the protection of users’ privacy. The lawsuit accuses Meta and its manufacturing partner Luxottica of America of violating consumer protection laws.

With over seven million people expected to own Meta’s smart glasses by 2025, concerns are raised about the scale of potential privacy violations as users’ footage is routinely reviewed without an opt-out option. Meta explained that contractors review shared content to enhance user experience, as outlined in its privacy policy.

Source: TechCrunch

TikTok has announced that it will not be implementing end-to-end encryption for direct messages (DMs) on its platform, as reported by the BBC. The social media company cited concerns that such encryption could compromise user safety by hindering access for police and safety teams when necessary.

By opting out of end-to-end encryption, TikTok aims to prioritize user protection, especially among younger demographics, to prevent potential harm. The company assured that DMs are still safeguarded with standard encryption protocols similar to those used by services like Gmail. Access to direct messages is restricted to authorized personnel and is subject to specific conditions, such as responding to legitimate law enforcement requests or user reports of harmful activities.

While end-to-end encryption is commonly employed by popular apps such as Signal, WhatsApp, and Apple’s Messages, TikTok’s stance on this technology raises questions about the balance between user privacy and platform safety.

Source: TechCrunch

Law enforcement agencies in the U.S. and Europe have successfully taken down LeakBase, a prominent online platform used by cybercriminals to illicitly share stolen passwords and hacking tools. The site, which had over 142,000 members and 215,000 messages exchanged among users, had been in operation since 2021, amassing a vast collection of breached databases containing millions of compromised account credentials, credit card details, and banking information.

This recent crackdown is part of a broader effort to combat platforms facilitating the trade of pilfered login details, which are frequently used in unauthorized access to individuals’ accounts for data and cryptocurrency theft. Europol confirmed global enforcement actions against approximately 100 entities, with specific measures taken against the top 37 active participants on the forum. The FBI, in a decisive move, assumed control over LeakBase’s domain, effectively halting its operations and leading to the preservation of the forum’s contents and user data.

Source: TechCrunch

Recent reports have shed light on the significant role that cyber operations played in supporting the military campaign against Iran. U.S. and Israeli forces engaged in a coordinated bombing campaign targeting key Iranian figures and locations, and cyber operations were instrumental in disrupting communications, facilitating surveillance, and conducting psychological operations during the conflict.

General Dan Caine, chairman of the joint chiefs of staff, acknowledged the impact of coordinated cyber operations in disrupting Iran’s networks prior to the attacks, impairing the enemy’s ability to communicate effectively. This highlights the evolving nature of warfare, where cyber capabilities are increasingly integrated with traditional military actions.

One notable instance involved Israel leveraging cyber tactics alongside kinetic strikes, targeting Iranian state-owned broadcasting channels. By hijacking broadcasts and airing speeches from political leaders, Israel aimed to influence Iranian sentiment and encourage opposition to the regime.

Furthermore, Israeli intelligence reportedly utilized data from hacked traffic cameras in Tehran to aid in targeting Iran’s supreme leader. The infiltration of surveillance systems and mobile networks underscores the strategic importance of cyber capabilities in modern conflicts.

These developments underscore the expanding role of cyber operations in military strategies, blurring the lines between physical and digital warfare. As nations continue to invest in cyber capabilities, the integration of technology in warfare is likely to become more pronounced.

Source: TechCrunch