The Washington Post

A school in Kentucky banned phones. Remarkable things started happening.

The cafeteria at Ballard High School during lunch is a loud place. Students are talking and laughing, playing card games and going out to the courtyard for an informal recess. On Fridays, students ...
Des Moines Register

Popeyes says five Iowa restaurants are using its brand without authorization

Patrons at five Iowa restaurants over the past month may have unknowingly been eating counterfeit Popeyes. Popeyes Louisiana Kitchen, the parent company of the popular fried chicken chain, is suing ...
Wired

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security ...
TechSpot

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...
TechCrunch

Salesloft says Drift customer data thefts linked to March GitHub account hack

Salesloft said a breach of its GitHub account in March allowed hackers to steal authentication tokens that were later used in a mass-hack targeting several of its Big Tech customers. Citing an ...
Infosecurity-magazine.com

Qualys, Tenable Latest Victims of Salesloft Drift Hack

Cybersecurity providers Tenable and Qualys are the latest in a growing list of companies affected by a significant supply chain attack targeting Salesforce customer data. The campaign involved the ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
CoinTelegraph

Trump project floats token burning as WLFI dips 30% after launch

The Trump family-tied decentralized finance project World Liberty Financial has issued a governance proposal to implement a token buyback and burn program using protocol-owned liquidity fees. World ...
ConsumerAffairs

Hackers exploit Salesloft breach to steal cloud data

Experts warn stolen credentials could open the door to wider cyberattacks A major security breach at Salesloft, a company whose AI chatbot is widely used to generate sales leads, has turned into a far ...
CSOonline

Attackers steal data from Salesforce instances via compromised AI live chat tool

A threat actor managed to obtain Salesforce OAuth tokens from a third-party integration called Salesloft Drift and used the tokens to download large volumes of data from impacted Salesforce instances.
Network World

DEF CON research takes aim at ZTNA, calls it a bust

Establish authentication token rotation schedules and demand vendor transparency on security architectures. “In conclusion, well, it turns out there are no magic ZTNA beans, we’ve got the same old bug ...
Engadget

A Lovense security flaw may be letting people take over accounts without a password

Sex toy company Lovense is leaking the email addresses of its app users and allowing account takeovers without asking for a password, according to a security researcher. As reported by TechCrunch, ...