Here's how much the 23andMe data breach settlement could pay you

The 23andMe data breach settlement will pay out $30 million to $50 million in total — Here's how much you could get.

That annoying SMS phish you just got may have come from a box like this

Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said.
ADTmag

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The JavaScript development community faced one of its most sophisticated supply chain attacks in September, when a self-replicating worm infiltrated the npm registry and compromised more than 180 ...
cyberdaily

CISA adds Zimbra Collaboration Suite bug to Known Exploited Vulnerability Catalog

The United States Cybersecurity & Infrastructure Security Agency has listed one new vulnerability in its listing of known exploited vulnerabilities, a pleasant change from recent additions of five at ...
InfoWorld

QR codes become the vehicle for malware in new technique

A newly-discovered malicious package with layers of obfuscation is disguised as a utility library, with malware essentially hiding in plain sight in embedded QR codes.

Hackers exploited Zimbra flaw as zero-day using iCalendar files

Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year.

This new phishing kit turns PDF files into malware - here's how to stay safe

A new PDF phishing kit is being sold on the dark web, promising customers advanced features, a simple interface, and competitive pricing, experts have warned. Security researchers from Varonis spotted ...

Update Chrome now: Google patches new zero-day threat

Chrome faces its sixth zero-day attack in 2025 as Google patches critical V8 engine flaw CVE-2025-10585 discovered by Threat Analysis Group.