Kirsten Doyle

Low-privileged malware can still steal Chrome cookies, despite Google’s latest defenses. In mid-2024, Google introduced AppBound Cookie Encryption, a major shift in how Chrome protects browser cookies from theft. The goal: block infostealers that operate with user-level privileges. The technique, praised as a meaningful upgrade, encrypted cookie keys twice,once using the user’s credentials, and again using the SYSTEM account’s DPAPI. It worked, for a while. However, researchers at CyberArk Labs have now uncovered a path around it. A pair of novel attacks—one using COM hijacking, the other a Padding Oracle Attack, allowed the team to crack cookie encryption as a…

Spanish authorities have arrested five alleged members of a sprawling crypto investment fraud network accused of laundering EUR 460 million in stolen funds. The operation, supported by Europol and law enforcement from the United States, France, and Estonia, is a major step towards taking down one of Europe’s most far-reaching and nefarious financial crime schemes. Three suspects were detained in the Canary Islands and two in Madrid during coordinated raids on 25 June. Investigators carried out five searches in total. Europol deployed a crypto expert to assist on the ground. Authorities say the group lured over 5,000 victims across the…

Multiple security flaws in Bluetooth chips made by Airoha could allow attackers to hijack wireless headphones and earbuds from major brands, including Sony, Beyerdynamic, and Marshall. That’s the warning from German IT security firm ERNW, which published its findings this week. Airoha supplies Bluetooth system-on-chip (SoC) components and reference designs used widely across the audio device industry. But ERNW says both the chips and the accompanying software development kit (SDK) expose a custom protocol with few safeguards. The flaws lie in how Airoha devices handle Bluetooth connections. ERNW found that the vulnerable protocol is exposed via both Bluetooth Low Energy…

The Berlin Commissioner for Data Protection has reported the AI app DeepSeek to Apple and Google for breaching European data protection laws. The watchdog says the app illegally transfers personal data from German users to servers in China, without the safeguards required under the GDPR. At the heart of the issue is DeepSeek, a multifunctional chatbot developed by Hangzhou DeepSeek Artificial Intelligence, based in Beijing. The company operates the service via German-language apps available on both the Google Play Store and Apple App Store. For all its penetration of the European market, DeepSeek does not have an EU physical presence. …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), together with the FBI, NSA, and Defense Cyber Crime Center, have issued a joint alert urging U.S. critical infrastructure operators to be on guard. Despite the news of a Middle Eastern ceasefire and negotiations, Iranian-aligned cyberhackers and hacktivist groups remain active, and remain a threat. The warning is straightforward: Iranian cyber threat actors are highly likely to attack American networks in the very near future. Their preferred tactics remain the same, disruption, defacement, data leaks. What is new is that their focus is shifting to infrastructure and supply chains, particularly those linking…

Social media has become a daily part of life for billions worldwide. It connects us, informs us, and entertains us. Yet as artificial intelligence (AI) grows more advanced, the risks we face online have multiplied. Deepfakes, AI-generated scams, and new attack methods exploit our trust and carelessness. The importance of knowing about these threats and how they work and modifying our online habits accordingly cannot be overstated. We talked to cybersecurity experts and asked them how social media users can protect themselves in such an unpredictable and dynamic landscape. They shared practical advice on detecting AI trickery, securing accounts with…

A British national accused of operating under the alias “IntelBroker” has been charged in the U.S. with a sweeping cybercrime campaign that caused more than $25 million in damages worldwide. Kai West, 25, allegedly led a prolific hacking operation that targeted over 40 organizations, including a U.S. telecom provider, a municipal health agency, and an internet service company. The scheme, prosecutors say, ran from 2023 to 2025. West, who also used the name “Kyle Northern,” is said to have operated a hacking group known as CyberN[——], selling stolen data on an underground forum. Information for sale included customer records, marketing…

Cisco has released urgent security fixes for two vulnerabilities affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC). Both flaws, CVE-2025-20281 and CVE-2025-20282, carry a CVSS severity rating of 10.0. Through this exploit, an attacker could gain root access to systems that control identity and access management. Access would enable lateral movement, privilege elevation, and persistence for an extended duration. These two vulnerabilities are unrelated but as severe as each other. Both affect different API elements in ISE releases 3.3 and 3.4. (CVE-2025-20281 affects ISE and ISE-PIC releases 3.3 and later, while CVE-2025-20282 affects version 3.4 alone.) Cisco…

Ahold Delhaize USA has confirmed that personal, financial, and health information belonging to over 2.2 million individuals was compromised during a cybersecurity breach in November last year. Details of the breach were formally disclosed in a filing with the Maine Attorney General’s office on 26 June 2025. The incident, attributed to an external system intrusion, is now known to have affected exactly 2,242,521 individuals, including 95,463 residents of Maine. The breach happened on 5 November and was discovered the following day. While Ahold Delhaize acknowledged the attack at the time, this latest filing unveils the scale and sensitivity of the…

More than 2,000 government-issued laptops, phones and tablets were lost or stolen across Whitehall departments over the past year, as reported by The Guardian. The estimated replacement cost? £1.3 million. The broader cost to national security is a lot harder to calculate. Departments including the Ministry of Defence (MoD), the Department for Work and Pensions, and the Cabinet Office reported hundreds of missing devices in 2024 and early 2025. In just the first five months of this year, the MoD alone reported 103 laptops and 387 phones gone missing. The Home Office, Treasury, and Bank of England were among other…