Bill Toulas
Author Bio
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.
-
Massive surge of NFC relay malware steals Europeans’ credit cards
Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people's payment card information in the past few months.
- October 30, 2025
- 04:17 PM
-
0
-
BPO giant Conduent confirms data breach impacts 10.5 million people
American business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to notifications filed with the US Attorney General's offices.
- October 30, 2025
- 02:38 PM
-
0
-
Ex-L3Harris exec guilty of selling cyber exploits to Russian broker
Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant, has pleaded guilty in U.S. District Court to stealing and selling confidential cybersecurity information to a Russian vulnerability exploit broker.
- October 30, 2025
- 12:43 PM
-
0
-
Malicious NPM packages fetch infostealer for Windows, Linux, macOS
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems.
- October 29, 2025
- 07:16 PM
-
0
-
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
- October 29, 2025
- 04:44 PM
-
1
-
Canada says hacktivists breached water and energy facilities
The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions.
- October 29, 2025
- 03:03 PM
-
1
-
PhantomRaven attack floods npm with credential-stealing packages
An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials.
- October 29, 2025
- 12:26 PM
-
0
-
Python rejects $1.5M grant from U.S. govt. fearing ethical compromise
The Python Software Foundation (PSF) has withdrawn its $1.5 million grant proposal to the U.S. National Science Foundation (NSF) due to funding terms forcing a compromise on its commitment to diversity, equity, and inclusion..
- October 28, 2025
- 06:16 PM
-
14
-
Advertising giant Dentsu reports data breach at subsidiary Merkle
Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data.
- October 28, 2025
- 05:16 PM
-
0
-
Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions
The Australian Competition and Consumer Commission (ACCC) is suing Microsoft for allegedly misleading 2.7 million Australians into paying for the Copilot AI assistant in the Microsoft 365 service.
- October 28, 2025
- 01:59 PM
-
4
-
TEE.Fail attack breaks confidential computing on Intel, AMD, NVIDIA CPUs
Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel's SGX and TDX, and AMD's SEV-SNP.
- October 28, 2025
- 01:00 PM
-
2
-
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning.
- October 28, 2025
- 09:15 AM
-
0
-
New Herodotus Android malware fakes human typing to avoid detection
A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software.
- October 28, 2025
- 06:00 AM
-
1
-
Ransomware profits drop as victims stop paying hackers
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands.
- October 27, 2025
- 03:22 PM
-
1
-
Italian spyware vendor linked to Chrome zero-day attacks
A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team.
- October 27, 2025
- 12:37 PM
-
0
