The world
is leaking.
We built
the drain.

Easter festivities are muted in Kharkiv as Ukrainians expect fighting to flare up again after a weekend truce. Source: BBC News

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023 Source: The Hacker News

Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant Source: The Hacker News

The US president accused Iran of "doing a very poor job" with the waterway as Israel and Lebanon to begin peace talks. Source: BBC News

Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant Source: The Hacker News

CYBER THREAT ASSESSMENT CVE-2025-31277 represents a critical buffer overflow condition affecting Apple's broad product ecosystem, specifically Safari, iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. The vulnerability permits arbitrary memory corruption through processing of maliciously crafted web content, creating potential vectors for code execution across multiple device classes and operating environments. Exploitation requires user interaction limited to web browsing activity, reducing operational difficulty for threat actors. CISA has catalogued this vulnerability within the Known Exploited Vulnerabilities database, indicating documented active exploitation in operational environments.

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Source: Threatpost

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Source: Threatpost

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Source: Threatpost

Animals that cross borders often encounter conservation systems that stop at them. Migratory species move through jurisdictions with little regard for political boundaries, relying on habitats spread across large distances and governed by different rules. The result is patchy protection, overlapping threats, and declining populations. Seabirds make this problem clear. They range across entire […] Source: Conservation news

Animals that cross borders often encounter conservation systems that stop at them. Migratory species move through jurisdictions with little regard for political boundaries, relying on habitats spread across large distances and governed by different rules. The result is patchy protection, overlapping threats, and declining populations. Seabirds make this problem clear. They range across entire […] Source: Conservation news

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Source: Threatpost

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Source: Threatpost

This article is the result of a collaboration with Josimar. You can find Josimar’s corresponding piece here. A European academic used a false name to represent an opaque Asian-facing bookmaker that is sponsoring Croatia’s national football team in the run up to the 2026 FIFA World Cup. Croatia’s national governing body of football, the Croatian […] The post Croatia’s Football Team Signed Deal With Gambling Sponsor Whose Rep Used Fake Name appeared first on bellingcat . Source: bellingcat

This article is the result of a collaboration with Josimar. You can find Josimar’s corresponding piece here. A European academic used a false name to represent an opaque Asian-facing bookmaker that is sponsoring Croatia’s national football team in the run up to the 2026 FIFA World Cup. Croatia’s national governing body of football, the Croatian […] The post Croatia’s Football Team Signed Deal With Gambling Sponsor Whose Rep Used Fake Name appeared first on bellingcat . Source: bellingcat

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. Source: Threatpost

Munition remnants pictured at the site of a strike that killed at least 17 people in the town of Tiné, Chad, last week appear to match a weapon previously used by Sudan’s Rapid Support Forces (RSF) in the war with Sudanese government forces – despite RSF denials of involvement in the incident. Photographs showed what […] The post Munition Remnants Pictured at Site of Deadly Chad Strike Match Weapon Previously Used by Sudan’s RSF appeared first on bellingcat . Source: bellingcat

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Source: Threatpost

Munition remnants pictured at the site of a strike that killed at least 17 people in the town of Tiné, Chad, last week appear to match a weapon previously used by Sudan’s Rapid Support Forces (RSF) in the war with Sudanese government forces – despite RSF denials of involvement in the incident. Photographs showed what […] The post Munition Remnants Pictured at Site of Deadly Chad Strike Match Weapon Previously Used by Sudan’s RSF appeared first on bellingcat . Source: bellingcat

Munition remnants pictured at the site of a strike that killed at least 17 people in the town of Tiné, Chad, last week appear to match a weapon previously used by Sudan’s Rapid Support Forces (RSF) in the war with Sudanese government forces – despite RSF denials of involvement in the incident. Photographs showed what […] The post Munition Remnants Pictured at Site of Deadly Chad Strike Match Weapon Previously Used by Sudan’s RSF appeared first on bellingcat . Source: bellingcat