National Public Data (NPD) has recently confirmed that it is suffering a data breach following reports of 2.9 billion personal information records being compromised, but the company has recently announced that the incident only affects 1.3 million people in the US.  The information that was suspected of being breached included names, email addresses, phone numbers, social security numbers, and mailing addresses.

Researchers at Graz University of Technology (TU Graz) analyzed smartphones from ten manufacturers, finding that the Android kernels used are vulnerable to "one-day exploits" despite the implementation of protection mechanisms. Only 29 to 55 percent of the 994 smartphones tested by the research team could prevent attacks, depending on manufacturer and model. In contrast, the Generic Kernel Image (GKI) version 6.1 provided by Google could prevent about 85 percent of attacks. In comparison to the GKI, manufacturer kernels were up to 4.6 times worse at defending against attacks.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement (PSA) titled "Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting." It is the latest in their PSA series aimed at putting potential cyber-related election day disruptions during the 2024 election cycle into context for the American people.

As Artificial Intelligence (AI) agents advance, it may become harder to distinguish AI-powered users from real humans online. In a new white paper, researchers from MIT, OpenAI, Microsoft, and other technology and academic institutions propose using "personhood credentials" to enable someone to prove they are an actual human online while protecting their privacy. MIT News interviewed co-authors of the paper, Nouran Soliman and Tobin South, about why personhood credentials are important, the risks posed by such credentials, and how to safely implement them.

Over 5.3 billion people are expected to use digital wallets such as Apple Pay, Google Pay, and PayPal by the year 2026. Although these wallets are supposed to provide greater security than traditional payment methods, the reliance on outdated authentication methods and a preference for convenience over security make digital wallets vulnerable, according to new research led by computer engineers at the University of Massachusetts Amherst. This article continues to discuss the study "In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping."

The US cybersecurity agency CISA recently warned that a fresh critical-severity vulnerability in SolarWinds Web Help Desk has been exploited in attacks.  The bug is tracked as CVE-2024-28986 (CVSS score of 9.8) and is described as a Java deserialization remote code execution (RCE) issue that could allow attackers to run commands on the host machine.  This week, SolarWinds announced a hotfix addressing the vulnerability and noted that authentication is required for successful exploitation without mentioning its in-the-wild exploitation.