|
Welcome to the CyberInsider Weekly Roundup. Here are our top stories from the week: US offers $10 million for info on Russian hackers targeting Signal accountsThe U.S. Department of State has announced a reward of up to $10 million for information leading to the identification or location of members of UNC5792. This is a Russian state-linked hacking group accused of targeting Signal and WhatsApp accounts belonging to U.S. government officials, military personnel, journalists, and other high-value individuals. The reward, offered through the Rewards for Justice (RFJ) program, accompanies an updated FBI and CISA warning that the campaign has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' encrypted message archives in addition to taking over their accounts.
Chrome extension Adblock for YouTube with 11 million users could be silently weaponizedThe operators of the popular “Adblock for YouTube” Chrome extension could remotely execute JavaScript on websites visited by users through a server-side configuration change. Island researchers who discovered this found no evidence that the architectural weakness has been abused, but they warn that the extension's design creates a significant security risk because it could be activated without a browser update or Chrome Web Store review.
Nissan hit by Oracle PeopleSoft cyberattack exposing internal dataNissan North America has informed employees that a cyberattack targeting Oracle PeopleSoft systems exposed sensitive personnel records, making the automaker one of the latest known victims linked to a broader campaign exploiting a critical vulnerability in the widely used HR platform. The company says it is still investigating the incident but believes attackers accessed personal information belonging to current and former employees in the United States, Canada, Mexico, and Brazil.
WhatsApp opens username reservations ahead of feature rolloutMeta has announced that WhatsApp users can now reserve usernames ahead of a broader launch planned for later this year, introducing a long-awaited privacy feature that allows people to connect without sharing their phone numbers. The company says the feature is designed to give users more control over their personal information while making it easier to start conversations with new contacts.
Mozilla tightens rules for certificate authorities to improve web securityMozilla has released version 3.1 of its Mozilla Root Store Policy (MRSP), introducing new requirements aimed at improving transparency and oversight across the public Web PKI. The updated policy, which takes effect on July 1, 2026, focuses on stronger Certification Authority (CA) documentation and enhanced audit reporting.
Proton launches Lumo 2.0 with advanced reasoning and image generationProton has announced Lumo 2.0, a major upgrade that significantly expands the assistant's capabilities while maintaining the privacy protections that distinguish it from mainstream AI platforms. The new release introduces stronger reasoning models, image recognition and generation, customizable AI assistants, encrypted memory, and enhanced web search, along with a new business offering designed for organizations that handle sensitive data.
Chrome and Firefox Free VPN extensions caught stealing clipboard dataTwo browser extensions masquerading as free VPN services were transformed into clipboard stealers through malicious updates. The Chrome and Firefox add-ons retained working proxy functionality to appear legitimate while secretly monitoring copied data and transmitting it to attacker-controlled servers. The two extensions operate under the VPN Go: Free VPN branding. At the time of the investigation, the Chrome extension had 146 users on the Chrome Web Store, while the Firefox version had 3,499 users on Mozilla Add-ons.
US Supreme Court limits police access to people’s location historyThe US Supreme Court has ruled that law enforcement's acquisition of historical location data through geofence warrants constitutes a Fourth Amendment search, marking a major victory for digital privacy. While the Court stopped short of declaring geofence warrants unconstitutional, it held that police must satisfy the Constitution's warrant requirements before obtaining users' location history from technology companies.
Fake Interpol investigation emails deliver custom ransomware worldwideThreat actors impersonate Interpol to trick small businesses into launching ransomware disguised as evidence in a fake cybercrime investigation. The campaign has targeted organizations across Europe, Asia, the Middle East, and the United States, relying on convincing social engineering rather than sophisticated malware.
Tor releases Arti 2.5.0 with stable CGO encryption and security fixesThe Tor Project has released Arti 2.5.0, promoting its next-generation Counter Galois Onion (CGO) encryption scheme to stable status while also patching two denial-of-service (DoS) vulnerabilities affecting the Rust-based Tor implementation. The release marks a significant milestone for Arti, the Tor Project's next-generation implementation written in Rust, as CGO is now included in full feature builds after spending several months in experimental status. The project has also enabled congestion control by default, promising faster network performance without requiring any additional user configuration.
Microsoft accelerates quantum cryptography rollout, targets 2029 transitionMicrosoft has announced that it is accelerating its transition to post-quantum cryptography (PQC) amid growing concerns that cryptographically relevant quantum computers could arrive sooner than previously anticipated. The company now aims to transition critical products and services to quantum-safe cryptography by 2029.
OONI: LaLiga piracy blocks disrupted over 500,000 legitimate sitesThe Open Observatory of Network Interference (OONI) reports that Spain's IP-based anti-piracy blocking campaign against unauthorized LaLiga streams caused widespread collateral damage. Specifically, the actions have temporarily disrupted access to more than half a million legitimate websites during football match broadcasts. The nonprofit's measurements also identified TLS man-in-the-middle (MitM) interception on one Spanish ISP, raising additional privacy and security concerns.
Opera introduces Paste Protect feature to block ClickFix attacksOpera has introduced a new browser security feature called Paste Protect, designed to stop clipboard-based attacks such as ClickFix before users can execute malicious commands. The feature is enabled by default in Opera's desktop browser, and the company says it is the first major browser to offer native protection against these attacks.
Scattered Spider member extradited to the U.S. facing cybercrime chargesThe U.S. Department of Justice has announced the arrest and extradition of an alleged member of the notorious cybercrime group Scattered Spider. According to the Justice Department, Scattered Spider has been involved in more than 100 network intrusions, resulting in over $100 million in ransom payments in addition to millions more in damages suffered by victims.
Google loses final appeal against €4.1 billion Android antitrust fineThe European Union's highest court has upheld a €4.125 billion ($4.8 billion) antitrust fine against Google, bringing to an end the company's appeal over allegations that it abused Android's dominant market position to strengthen its search business. The ruling confirms that Google engaged in anticompetitive practices through a series of contractual restrictions imposed on Android device makers and mobile network operators.
Brave browser introduces Containers for secure account isolationBrave has released version 1.92 of its privacy-focused browser, introducing built-in Containers that let users isolate browser tabs into separate identities for improved workflow and account management. While similar functionality has been available through extensions, Brave’s native system builds on its privacy protections by prioritizing convenience over cross-site tracking prevention.
New macOS malware PamStealer uses PAM to validate stolen dataA previously undocumented macOS infostealer dubbed PamStealer validates victims' macOS passwords through the OS’s Pluggable Authentication Modules (PAM) before stealing them. Jamf Threat Labs researchers, who analyzed a two-stage attack chain combining AppleScript, JavaScript for Automation (JXA), and a Rust payload, report that attackers distribute PamStealer through the fake domain maccyapp[.]com, which impersonates the legitimate Maccy clipboard manager.
AI helps find flaws in FatFs library used in millions of devicesResearchers at runZero have disclosed seven security vulnerabilities in the widely used FatFs filesystem library, warning that the flaws could expose millions of embedded devices to attacks through malicious USB drives, SD cards, and, in some cases, firmware update mechanisms. The vulnerabilities, assigned CVE-2026-6682 through CVE-2026-6688, range in severity from medium to high and affect a software component embedded in numerous IoT, industrial, and consumer products.
Apple AirDrop and Android Quick Share flaws expose users to wireless attacksSecurity researchers have identified six previously undocumented vulnerabilities in Apple AirDrop and Google/Samsung Quick Share after conducting the first comprehensive reverse engineering and security analysis of both proprietary proximity file-sharing protocols. While the flaws range from denial-of-service bugs to authentication and encryption bypasses, the researchers say they demonstrate that wireless file-sharing services expose a broad attack surface that has received little academic scrutiny.
Thanks for reading and stay tuned for next week's news roundup! CyberInsider's digital privacy and security checklist (with exclusive deals):
|