Hack / Data Breach

Wavelet Lab’s xSDR is a tiny M.2 2230 A+E-key software-defined radio (SDR) module built to plug straight into laptops, tablets, embedded PCs, and other compact systems. Just drop this tiny card into a spare M.2 slot, and turn it into a portable cellular network analyzer or penetration testing tool.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning after a cyberattack targeted renewable energy facilities in Poland. The incident shows security weaknesses in internet-connected systems used in energy infrastructure and has prompted global agencies to advise operators to improve their cybersecurity protections.

Discord will soon force all users to complete ID verification or be shut out from age-restricted servers and features. In March, chatters must upload a video showing their faces or other qualified IDs. The company outlined privacy protections following an attempted October 2025 data breach.

Despite several name changes, OpenClaw remains one of the most hyped AI tools. After all, it turns a PC into a fully autonomous AI agent. However, the tool can easily burn through hundreds of dollars in API tokens per day. Even worse, serious security flaws have been discovered.

Madhu Gottumukkala, Acting Director of the Cybersecurity and Infrastructure Security Agency, triggered internal security alerts by uploading sensitive documents to ChatGPT. The incident raises questions about data security at CISA.

Two years of work lost with a single click—that is how Professor Marcel Bucher describes his experience in an article in Nature. He concludes that ChatGPT is a threat to consistent productivity. However, the chatbot offers a backup function that the researcher apparently failed to utilize.

While Apple and Google stress that they cannot unlock customer devices, the situation is different with Windows encryption: Microsoft routinely hands over BitLocker keys from the cloud to law enforcement agencies.

Researchers from Vienna have discovered a massive security vulnerability in WhatsApp, enabling them to identify 3.5 billion users. The lack of query limits allowed for the large-scale collection of usernames, profile pictures and status messages.

In an ironic turn of events, a notorious hacking forum was hacked, resulting in a breach compromising roughly 324,000 accounts. Some of these accounts had public IP addresses tied to them, meaning that law enforcement could use this information to catch malicious actors.

Malwarebytes has confirmed a massive data leak exposing personal information from 17.5 million Instagram accounts. The leaked data could be used for phishing and account takeovers, and users are urged to enable 2FA and stay alert for fake Meta messages.

Reports are spreading that Microsoft Defender is blocking the popular community tool MAS, flagging it as a fake. In contrast, our own tests demonstrate that the script works flawlessly. Have affected users perhaps fallen victim to DNS tampering?

Anyone who has entrusted their darkest secrets to ChatGPT might want to flinch nervously, because a US court is forcing OpenAI to hand over 20 million user logs to the opposing side in a major copyright dispute.

Rainbow Six Siege has reportedly been hacked again. This time, hackers are banning players and writing custom messages inside the game.

Together with Ben Edelman, YouTuber MegaLag proves a systematic obfuscation tactic that deliberately deceives testers and redirects commissions unnoticed. The "dieselgate" principle is applied: honey identifies testers and disables manipulative features.

A leaked set of PlayStation 5 BootROM keys, published online at the end of 2025, has exposed core hardware-level security secrets that researchers say Sony cannot simply patch on existing consoles. While the breach does not enable an immediate jailbreak, experts warn it significantly lowers the bar for future exploits, potentially paving the way for permanent hacks, homebrew software, and widespread piracy risks.

PC players are finally getting an early taste of Bloodborne’s online features on computers, as the rapidly advancing ShadPS4 emulator now supports asynchronous elements and limited co-op play. While the experience remains unstable and incomplete, the breakthrough marks a major step toward full-featured PS4 emulation and a long-awaited unofficial PC option for FromSoftware’s classic.

Once again, several high-profile crimes have taken place during this year's holidays. Hackers pulled off a major coup with a supply chain attack on Trust Wallet, which apparently involved up to $7 million in cryptocurrencies.

A talk at 39C3 has revealed serious security flaws in Xplora smartwatches. Researchers from a German university show how a universal key provides access to the communication of all kids with Xplora watches, and why the manufacturer's previous updates haven’t fixed this.

Hackers may use multiple methods to steal accounts in Ubisoft games like Rainbow Six Siege. A cybersecurity resource describes how the publisher’s help desk has been a liability. Bribery and social engineering have been popular routes to compromise customer support agents.

Servers for Ubisoft’s popular first-person shooter game are currently offline on consoles and PC. A suspected hack granted some Rainbow Six Siege players huge bundles of in-game currency. Other players have witnessed mass bans, prompting Ubisoft to take action while investigating.

A writer for a French website is urging gamers to keep all PlayStation Network details private. An ID number was all a hacker needed to log in twice to the journalist’s account. Even with 2FA active, PSN support requires minimal information to grant strangers access.

Physical disc owners have more reason to avoid the digital gaming age. Complaints continue about hackers compromising Microsoft accounts filled with Xbox games. Even if gamers can prove their identities, they may need to start from scratch and repurchase every title.

Researchers at the University of Vienna have uncovered vulnerabilities within WhatsApp and Signal that allow undetectable user tracking through round-trip time (RTT) measurements. A simple program now available on GitHub demonstrates how easily this weakness can be exploited.

Chatbots come with built-in safeguards designed to prevent them from producing harmful, offensive, or otherwise inappropriate content. But researchers and hackers have shown that, even with multiple patches, AIs can still be vulnerable to certain inputs that bypass those guardrails. One way to explore the basics is through an online game called Gandalf.

A newly discovered variant of the ClickFix malware masquerades as a critical Windows Update, using a fake full-screen update prompt to trick users into pasting a malicious command that grants attackers administrative access. Huntress researchers found that the malware leverages hidden code in PNG pixel data to deploy powerful infostealers like Rhadamanthys and LummaC2, targeting credentials, financial data, and crypto wallets primarily via booby-trapped adult websites.

On the surface, the internet seems to be decentralized. In reality, only a few global players ensure the functionality of websites and apps. Cloudflare, one of the largest, was rendered unavailable for hours on Tuesday, November 18th. What initially seemed like an attack turned out to be a simple mistake.

China-based gangs reportedly stole over $1 billion from Americans using advanced smishing scams that exploit SIM farms and mobile wallets. Here is how the cross-border scheme operates and what you can do to protect yourself.

Sony is again facing criticism for failing to secure PlayStation Network accounts. Another popular trophy hunter can no longer log in to his PSN account after a successful hack. Some gamers believe poorly trained customer support agents leak or sell protected information.

Recent Pokémon Legends: Z-A leaks seem trivial compared to new Teraleak revelations. The 2024 hack of Game Freak has returned with discoveries about old and new Pokémon games. Gamers can find out about removed content and what to expect in an upcoming 10th-gen title.

Hackers claim to have stolen 1.5 TB of Discord-related data, including a mammoth 2,185,151 images of government-issued IDs and selfies submitted for age verification after compromising third‑party customer service provider Zendesk, and are now attempting to extort the platform.

AT&T will pay out $177 million after two major data breaches exposed the personal data of more than 170 million customers. Affected users can claim up to $7,500, but only if they file before the December 18, 2025, deadline.

Discord has revealed that 70,000 of its users may have had their government IDs stolen in its recent security breach. The company is in the process of emailing impacted account holders.

Xbox console users are now witnessing the ramifications of the UK Online Safety Act. Gamers participating in the Xbox Insider program may notice prompts to verify their ages. Despite privacy concerns, the checks are mandatory to retain access to multiplayer features.

Activision seems to be firing on all cylinders when it comes to nabbing the growing menace of cheating across its platforms, awarding cheaters bans across the board on PC thanks to a mix of upgraded anti-cheat software and driver-based measures.

Discord has confirmed a data breach through one of its third-party customer service vendors, exposing user names, emails, and limited billing info. The company says affected users will be contacted directly by the service.

Volvo confirms an employee data leak occurred as a result of the Miljödata ransomware attack. Affected by the breach is the car manufacturer's staff in the United States and one more country; Lund University employees may also be at risk.

Boyd Gaming has confirmed a recent cyberattack in a regulatory filing, noting that employee information was affected. The company said its casino and hospitality operations remain unaffected as investigations continue.

BlockBlasters, a verified title on Steam, was removed after it stole players' cryptocurrency to the tune of an estimated $150,000 over a period of one month. The game, released in July 2025, reportedly stole from 261 user accounts, including that of a Twitch streamer who was collecting donations for his cancer treatment.

CheckMag From building a pico projector that mere mortals might actually be able to achieve, to running a web server on a Vape battery, the hacker community never ceases to amaze. Here are two of the week's best hacks.

Less than two months after demonstrating a “Face Swap” vulnerability, researchers have revealed an even bigger Windows vulnerability. German security firm ERNW has revealed a more advanced attack against Windows Hello that allows attackers to inject their own face templates into victims' accounts.

Threat actors have found a way to bypass link restrictions on promoted posts on X, using the platform's Grok AI assistant. The exploit essentially tricks the AI assistant into promoting malicious links on the platform by hiding them in a From field beneath the post.

Sony has announced that third parties have found a vulnerability in FeliCa contactless IC cards shipped prior to 2017, including the popular Suica cards used in Tokyo for travel on the JR East train network. This breach allows hackers to read and modify card data.

ESET researchers have identified PromptLock, a proof-of-concept ransomware that uses a locally hosted language model to generate attack scripts on demand.

Recently, a customer was scammed via a support number shown by Google’s AI overview. This wasn’t the first such case so be weary of the numbers served by these overviews.

A new version of the Bad Update exploit has been released, bringing a much higher success rate and improved stability to the Xbox 360 jailbreak process. Popular YouTubers such as MrMario2011 and Modern Vintage Gamer have confirmed these improvements. While the process remains unchanged, it is now far more practical for daily use, making homebrew more accessible to stock and non-moddable consoles.

Microsoft has rushed out an emergency patch to block two zero-day exploits that have compromised SharePoint servers worldwide.

Gamers Nexus reports that Asus faces multiple security issues in 2025, with active exploits targeting its routers and flaws affecting utilities like DriverHub, MyAsus, and Armory Crate. The coverage warns that persistent backdoors and low-level code vulnerabilities make firmware updates and the removal of unnecessary ASUS software essential for user safety.

ERNW has discovered a significant architectural flaw in Microsoft’s Windows Hello for Business that allows attackers with administrative access to swap facial identities, enabling them to log into another user's account with their own face.

Fans usually check the official Stellar Blade X account for the latest news on the PC and PS5 game. However, instead, a crypto scammer has asked followers to invest in a new coin. While the posts have disappeared, the game's developer has yet to regain access.

The loophole identified by a Mozilla researcher could allow phishing emails and compromised password warnings to get through to AI summaries generated by Gemini. But it looks like Google is working towards mitigating these gaps.