Cybersecurity researchers at Guardio Labs, have unveiled a new attack dubbed SubdoMailing, which is a massive spam operation that leverages hijacked subdomains of major brands and institutions to bombard users with millions of malicious emails daily. The campaign has been ongoing since at least 2022 and has compromised over 8,000 domains and 13,000 subdomains belonging to esteemed companies, educational institutions, and media organizations, including Microsoft, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, and eBay, among others. The campaign's success lies in its ability t ..read more

It's a scenario we're all familiar with - your phone rings, displaying an unknown number on the caller ID. Most of us instinctively ignore these calls, letting them go to voicemail. After all, if it's important, the caller will leave a message. However, what if the call appears to be from a legitimate source like a hospital, the police, or even your own bank? In those cases, many of us, especially parents, would likely answer without hesitation. This difference in our response based solely on the caller ID is exactly what scammers are exploiting to steal hundreds of thousands of dollars from ..read more

We share more personal information online than ever before. From posting vacation photos on Instagram to checking in at a restaurant on Facebook, our online activities leave a trail of digital breadcrumbs about our lives. While this level of sharing can enhance our connections and allow us to document precious memories, it also exposes us to privacy risks that few fully understand. The rise of open source intelligence (OSINT) has made it alarmingly easy for anyone with modest technical skills to piece together these breadcrumbs and uncover startling amounts of personal information about us ..read more

The convenience of seamless access to online accounts and services comes at a price – the risk of falling victim to a devious form of malware known as "infostealers." These malicious programs are designed to steal sensitive information, bypass complex passwords and two-factor authentication, and ultimately compromise your entire digital life. The Evolution of Infostealers Attackers relied on simple keyloggers to capture usernames and passwords as victims typed them on their keyboards. However, two-factor authentication has rendered this approach largely ineffective, as an additional authentic ..read more

Proton, the company behind the popular end-to-end encrypted email service ProtonMail, announced that they will be joining forces with standard notes, a secure and open-source note-taking application. This move represents a significant step forward in Proton's mission to build a comprehensive ecosystem of privacy-focused products and services. For those unfamiliar with Standard Notes, it is a cross-platform note-taking app that boasts robust end-to-end encryption, ensuring that users' notes remain private and accessible only to them. With over 300,000 active users, Standard Notes has garnered ..read more

Telegram, the popular messaging app known for its focus on privacy and security, which is highly questionable, has recently introduced a new feature that has left many users and security experts deeply concerned. The "Peer-to-Peer Login" (P2PL) system, as Telegram calls it, promises users a free premium subscription in exchange for allowing the app to use their phone numbers to relay one-time passwords (OTPs) to other Telegram users. This new system, which is currently being rolled out in select countries for Android users, raises significant privacy and security concerns that all Telegram us ..read more

Last month, Apple announced a significant security upgrade to iMessage, likely the biggest since the app's creation. Dubbed PQ3 (post-quantum cryptographic protocol 3), this new encryption protocol will be used in Apple's default messaging application once users update their systems to iOS 17.4, macOS 14.4, or watchOS 10.4. For those unfamiliar, quantum computers can run algorithms capable of breaking public-key cryptography schemes like RSA and ECDH (Elliptic Curve Diffie–Hellman) much faster than classical computers. While quantum computers are still in their infancy and quantum-resistant e ..read more

The use of virtual private networks (VPNs) in conjunction with the Tor anonymity network is a hotly debated topic. While some privacy advocates like Mental Outlaw argue against using a VPN with Tor, many privacy experts believe there are legitimate reasons to use a VPN before connecting to Tor, especially for certain threat models. What is Tor, and How Does it Work? Tor is free (as in FOSS) software that enables anonymous web browsing by directing your internet traffic through a worldwide volunteer network of servers in order to conceal your location and usage from anyone conducting surveilla ..read more

The Digital Markets Act (DMA) passed by the European Union aims to increase competition and provide more choices for consumers when it comes to digital platforms and devices. This has major implications for tech giants like Apple, which have enjoyed a dominant position in their respective markets. In response to the DMA, Apple has made some changes to its App Store policies and web browser engine requirements for iOS devices sold in the EU. However, many of these changes seem designed to limit developer and consumer choice while still appearing to technically comply with the DMA. Alternative ..read more

The release of Fedora Asahi Remix 39 marks a major milestone in bringing a fully-featured and polished Linux experience to Apple's M-series chips. Developed through close collaboration between the Fedora and Asahi Linux projects, Fedora Asahi Remix provides an integrated Linux distribution tailored for Apple Silicon that delivers on privacy, customizability and graphics support. With its focus on user freedom, security and transparency, Fedora has long been regarded as one of the most privacy-oriented Linux distributions. However, until now Apple Silicon Mac owners have lacked an official dist ..read more