We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

security lapses

Another messaging app used by the White House is in hot water
AppWizard
May 7, 2025

Another messaging app used by the White House is in hot water

Former National Security Adviser Mike Waltz has come under scrutiny for using TeleMessage, an app that has recently experienced a security breach resulting in the theft of sensitive data, including direct messages and group chats. High-ranking officials from the Trump administration, including Waltz, Vice President J.D. Vance, Secretary of State Marco Rubio, and Director of National Intelligence Tulsi Gabbard, were reported to have used the app. A photograph captured Waltz during a Cabinet meeting appearing to use TeleMessage to access Signal messages, raising concerns due to his previous controversy involving a chat room on Signal that included a journalist. The security vulnerabilities of TeleMessage have been criticized, particularly as it lacks the robust encryption features of Signal. The app was initially marketed as a solution for preserving messages for government record-keeping, but its reliability has been questioned.
Hackers release playable PC builds of Pokémon Legends Arceus and more following Game Freak gigaleak
AppWizard
October 22, 2024

Hackers release playable PC builds of Pokémon Legends Arceus and more following Game Freak gigaleak

GameFreak has been reported to have significant security lapses, particularly the use of chmod 777, which grants full access to files and directories, contrary to the principle of least privilege. This oversight raises concerns about the company's overall security protocols and reflects a broader issue of incompetence in managing sensitive data within the gaming industry. The incident underscores the need for companies to reassess their security measures and foster a culture of diligence and accountability.
Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
Winsage
August 17, 2024

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove – Check Point Research

Check Point Research (CPR) has identified a new malware variant called Styx Stealer, which extracts sensitive information from users, including browser data, instant messaging sessions from Telegram and Discord, and cryptocurrency assets. Styx Stealer is linked to the developer Sty1x, associated with the threat actor Fucosreal and the Agent Tesla malware. An operational security failure by the developer led to the accidental leak of sensitive data, allowing CPR to trace the malware back to its creator. Styx Stealer inherits functionalities from Phemedrone Stealer, capable of extracting saved passwords, cookies, auto-fill data, and information from browser extensions and cryptocurrency wallets. It can also capture session data from Telegram and Discord, gather system information, and take screenshots. The malware features auto-start capabilities, clipboard monitoring, and enhanced evasion techniques, and is marketed through a subscription model. In March 2024, a spam campaign distributing a malicious TAR archive containing Agent Tesla malware targeted various industries. CPR identified 54 customers who purchased Styx Stealer and Styx Crypter products, generating approximately ,500 in revenue over two months, with payments accepted in cryptocurrencies like Bitcoin and Monero. Styx Stealer employs evasion techniques to avoid detection, including checks for debugging tools and virtual machine environments.
A former security architect demonstrates 15 different ways to break Copilot: "Microsoft is trying, but if we are honest here, we don't know how to build secure AI applications"
Winsage
August 14, 2024

A former security architect demonstrates 15 different ways to break Copilot: “Microsoft is trying, but if we are honest here, we don’t know how to build secure AI applications”

Michael Bargury, a former security architect at Microsoft, identified vulnerabilities in Microsoft 365 Copilot that could be exploited by hackers to access sensitive user credentials during his presentation at the Black Hat USA 2024 conference. He highlighted the increasing difficulty for users to recognize phishing threats due to sophisticated tactics, particularly those enhanced by AI. Microsoft announced a strategic pause on new features for Copilot to focus on security improvements, which CEO Satya Nadella emphasized as the company's top priority. The company has faced scrutiny over security lapses and is integrating security deliverables into the compensation packages of its top executives to enhance accountability in protecting user data.
Microsoft’s global sprawl comes under fire after historic outage
Winsage
July 20, 2024

Microsoft’s global sprawl comes under fire after historic outage

Microsoft experienced outages impacting its email, cloud storage, and video conferencing products, leading to calls for the federal government to diversify its vendors. Lawmakers requested briefings on the incident and Microsoft's regulatory troubles are increasing globally. The company has deep lobbying resources to manage the fallout and is engaging with policymakers about the incident. The FTC, led by Lina Khan, is investigating consolidation among cloud computing services, including Microsoft's purchase of Activision.
Arkansas lawsuit labels Temu shopping app as 'dangerous malware'
AppWizard
June 27, 2024

Arkansas lawsuit labels Temu shopping app as ‘dangerous malware’

Temu, an online shopping platform launched in the US in 2022, is owned by PDD Holdings, a Chinese company that shifted its headquarters to Ireland. Google briefly removed the separate shopping app called Pinduoduo from the Play Store in March 2023 due to malware concerns. Arkansas Attorney General Tim Griffin filed a lawsuit against Temu, alleging that it is dangerous malware that sells user data to third parties. The lawsuit also raises security concerns over Temu's Chinese ties, claiming that its leadership team consists of former Chinese Communist Party officials. Griffin seeks to enjoin the platform's deceptive trade practices and privacy violations, as he believes Temu is designed to gain unrestricted access to user data.
Search