NFCShare Android malware has expanded from targeting a single German bank to hitting financial institutions across Italy and Spain, using fake banking app updates hosted on GitHub to steal credit card data via NFC.
A Texas farmer donated 88 acres for a public park. The city sold it to a data center developer for $10 million. Now residents are fighting back — and raising questions about who really controls donated land.
The FCC waived Amazon’s deadline to launch half of its 3,232-satellite broadband constellation, keeping Project Kuiper’s path to compete with Starlink alive — but launch vehicle troubles continue to plague the project.
A breach at Nelnet Servicing exposed names, addresses, and Social Security numbers for 2.5 million student loan borrowers — and the timing couldn’t be worse with loan forgiveness scams already circulating.
Zcash is recovering after a critical vulnerability in its Orchard shielded pool could have allowed counterfeit token creation. Founder Zooko Wilcox proposed the Ironwood upgrade to let users independently verify the circulating supply.
Over 17 Humanity Protocol wallets were drained of $19 million on Tuesday, crashing the H token by more than 80%. The attack vector remains unknown, but on-chain analysts suspect a shared vulnerability across wallets interacting with the protocol.
A federal judge blocked the Trump administration’s $100,000 H1-B visa fee, ruling it violated the Administrative Procedure Act and Constitution. The fee threatened rural Alaska schools that rely on visa teachers and would have dramatically increased hiring costs for tech giants.
Researchers have traced mysterious GPS interference across Europe to Russia’s Kosmos 2546 satellite, part of the EKS early-warning constellation. The space-based jamming signals affected receivers from Norway to Spain — raising concerns about continental-scale navigation attacks.
A single-character typo in the Linux kernel’s nf_tables code (CVE-2026-23111) turns any unprivileged local account into root — and working exploits are now public. Full technical write-ups from Exodus Intelligence and FuzzingLabs detail Debian, Ubuntu, and RHEL exploitation paths.
The Shai-Hulud supply-chain campaign compromised 19 scientific PyPI packages (Dynamo, Spateo, CoolBox, U-FISH, and more) with malware that steals developer secrets — cloud keys, publishing tokens, SSH keys, and AI tool configs. The payload triggers on any Python invocation.
