A Canadian political data firm called AggregateIQ left a large code repository downloadable online, according to a security researcher, exposing the political data and microtargeting tools that various Republican campaigns used to try to influence voters in the United States' 2016 election cycle.

The exposed data reveals AIQ's ties to the embattled data analytics firm Cabridge Analytica -- and, by extension, its ties to the campaigns of conservative Texas politicians Sen. Ted Cruz and Gov. Greg Abbott. They also reveal AggregateIQ (AIQ)'s connection to Ukrainian steel magnate Serhiy Taruta, head Ukraine's newly formed Osnova party. 

The Trump administration has announced criminal charges and sanctions against nine Iranians accused of participating in a government-sponsored hacking scheme to steal sensitive information from hundreds of universities, private companies and US government agencies.

The nine defendants, accused of working at the behest of the Iranian government-tied Islamic Revolutionary Guard Corps, hacked the computer systems of about 320 universities in the United States and abroad to steal expensive research that was then used or sold for profit, prosecutors said. 

The Trump administration on Thursday blamed the Russian government for a campaign of cyber attacks stretching back at least two years that targeted the U.S. power grid, marking the first time the United States has publicly accused Moscow of hacking into American energy infrastructure.

Beginning in March 2016, or possibly earlier, Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a U.S. security alert published Thursday. 

Often, the best way to get something is to simply ask for it. That’s probably what the Israeli government thought when it sent an email to several American researchers and firms who make so-called zero-days, tools that take advantage of vulnerabilities in software that are unknown to the company that makes the software.

Experts have obtained a copy of the letter, which more than half a dozen sources described as unsolicited and unusual in how blunt and direct it was. Experts confirmed that at least five American firms received the letter, and multiple sources told us it was sent to many more.

Linux users running KDE Plasma desktop environments need to apply patches to fix a bug that can lead to malicious code execution every time a user mounts a USB thumb drive on his computer.

The KDE Plasma team has released versions 5.8.9 and 5.12.0 to address the issue, tracked as CVE-2018-6791 and categorized as an "arbitrary command execution" vulnerability. According to a description of the bug, USB thumb drives that contain the characters `` or $() in the volume label will execute the text contained within these characters as shell commands. This means that an attacker can place malicious code in a USB thumb drive's name.

Thousands of websites, including those belonging to NHS services, the Student Loans Company and several English councils, have been infected by malware that forces visitors’ computers to mine cryptocurrency while using the site.

Late on Sunday, the website of the UK’s data protection watchdog, the Information Commissioner’s Office, was taken down to deal with the issue after it was reportedly infected by the malware. The cryptojacking script was inserted into website codes through BrowseAloud, a popular plugin that helps blind and partially-sighted people access the web. More than 5,000 websites have been flooded by the malware. 

A computer security exploit developed by the US National Security Agency and leaked by hackers last year is now being used to mine cryptocurrency, and according to cybersecurity experts the number of infections is rising.

Last April, a hacking group called the Shadow Brokers leaked EternalBlue, a Windows exploit that was developed by the NSA. Less than a month later, EternalBlue was used to unleash a devastating global ransomware attack called WannaCry that infected more than 230,000 computers in 150 countries. A month later, in June, the EternalBlue exploit was again used to cripple networks across the world in an even more sophisticated attack. 

Donald Trump’s national security team is looking at options to counter the threat of China spying on US phone calls that include the government building a super-fast 5G wireless network. The official said the option was being debated at a low level in the administration and was six to eight months away from being considered by the president himself. 

The 5G network concept is aimed at addressing what officials see as China’s threat to US cyber security and economic security. The Trump administration has taken a harder line on policies initiated by predecessor Barack Obama on issues ranging from Beijing’s role in restraining North Korea to Chinese efforts to acquire US strategic industries. 

Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company.

The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major citie. 

A Defense Department report found that 165 defense contractors had their initial security clearances revoked last year after further investigation linked the recipients to problematic or illicit activity, including questionable financial transactions, influence by foreign governments and even felonies like pedophilia.

The report, which will be released Wednesday, shows how it is possible for people who have been compromised or who have criminal backgrounds to slip through the cracks of the preliminary background investigation and obtain access to sensitive national security-related information.