News
- Microsoft, Facebook, and Snapchat logins exposed in public database with 184 million records
- Credentials for banks, health services, and government portals found across numerous countries
- Emails, passwords, and direct login links could be accessed by anyone online
Login credentials for Microsoft, Facebook, Google, and dozens of other platforms were found in a public, unsecured database, raising concerns about targeted phishing campaigns and identity theft.
The discovery was made by Jeremiah Fowler, a security researcher known for tracking down exposed databases.
This unsecured data dump had over 184 million unique records containing emails, usernames, passwords, and direct login URLs to everything from email providers and Microsoft services to Instagram, Roblox, and more.
Save up to 52% off Lifelock Identity Theft Protection!
Your personal info is in endless places. And any one of them could accidentally expose you to identity theft. That's why LifeLock monitors hundreds of millions of data points a second for identity theft. LifeLock. For the threats you can't control.
Preferred partner (What does this mean?)View Deal
Attribution troublesFowler said he also found credentials linked to banking and financial platforms, health services, and government portals spanning “numerous countries.”
To verify the data, he reached out to some of the email addresses listed, and confirmed that at least a portion of the exposed information was real.
The implications are severe: anyone with access to the database could quietly take over accounts, steal personal information, or launch highly targeted phishing attacks.
Fowler says the IP address indicated that the database was connected to two domain names - one parked and unavailable, and the other unregistered and available for purchase.
The Whois registration was set to private, making it impossible to identify the true owner of the database. Fowler managed to reach out to the hosting provider, and soon after public access was restricted.
The provider did not disclose the information about the owner.
With that in mind, Fowler says it’s difficult to determine if the database was generated by a malicious actor, or a legitimate one. Still, he leans towards the former, claiming to have seen “multiple signs” the data was harvested with infostealers.
Infostealers are usually distributed via phishing, malicious websites, or tainted updates. They can harvest sensitive information from the compromised device, including passwords stored in browsers, important PDF files, cryptocurrency wallet information, and more.
Once crooks get access to email accounts, they can use them to launch convincing phishing attacks, or steal even more data.
In fact, Fowler argues that many people “treat their email accounts like free storage” and keep years’ worth of sensitive documents inside.
Via Website Planet
You might also like- Schneider Electric says developer platform was breached, company data stolen
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
- Asus released a patch for CVE-2025-3464, a high-severity authentication bypass flaw
- The issue affects Armoury Crate, a centralized hub for managing ASUS and ROG hardware
- The flaw could possibly lead to full device takeover
Asus says it has fixed a high-severity vulnerability that could have allowed threat actors to bypass authentication requirements and obtain SYSTEM privileges on a Windows device.
Recently, a security researcher from Cisco Talos discovered an Armoury Crate kernel-mode driver doesn’t rely on proper OS-level checks, but instead authenticates requests using a hardcoded SHA-256 hash of AsusCertServices.exe and a PID allowlist.
This means that a threat actor can create a hard link from a benign executable to a placeholder file, launch the app, and then swap the link to point to the trusted Asus binary. When the driver verifies the hash, it will recognize a trusted signature, even though the attacker’s process is now using that context.
Fixed with updatesThe end result is unauthorized driver access, which could lead to full device compromise. The good news is that in order to abuse this vulnerability, the threat actor must obtain system access beforehand (either through stolen/purchased credentials, or a backdoor).
The vulnerability was found in Armoury Crate, an Asus application commonly pre-installed on ROG and TUF laptops and desktops.
It serves as a centralized hub for managing Asus and ROG hardware, including RGB lighting, fan curves, and the performance of different peripherals - and can also be used to manage driver and firmware updates.
The issue is now tracked as CVE-2025-3464, and has a severity score of 8.4/10 (high), as per NVD.
All versions between 5.9.9.0 and 6.1.18.0 were said to be vulnerable, and to secure their devices, users should update to the newest version of Armoury Crate: That can be done by navigating to Settings > Update Center > Check for Updates > Update.
Asus said it found no evidence that the flaw is being abused in the wild, but still “strongly recommends” users update their installations as soon as possible.
Via BleepingComputer
You might also like- Having problems with your Asus ROG Ally? A new patch for Armoury Crate might have fixed some issues... but not all of them
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
- You can now create ChatGPT images in WhatsApp
- Ask it to create any image you want
- Upload an image and ask it to modify it
You can now create and modify images using ChatGPT’s AI chops inside WhatsApp without having to use the ChatGPT app at all.
WhatsApp, the MetaAI-owned messaging app, caused more than a little controversy recently when it added a new Meta AI button to its interface that was impossible to remove.
The new button caused outrage from WhatsApp users, many of whom felt like they were being forced to use AI.
“Why do they have to slap that stuff on everything?” said Reddit user Special-Oil-7447. “I'm in the EU and it’s just been dumped on me. I am going to uninstall WhatsApp today after I have loaded Signal. Vote with your feet people”, said user BrainCell 7.
But Meta has not backed down, and the unpopular MetaAI button remains.
Tapping it will initiate a conversation with the MetaAI chatbot, however, it's not the only AI chatbot you can use with WhatsApp.
Accessing ChatGPTIf you’re a fan of AI, then there’s nothing stopping you from chatting using ChatGPT in WhatsApp so long as you know how, and what’s more, you can now use ChatGPT to generate AI images right inside WhatsApp. You can even upload a picture and get the AI to edit it, all from within WhatsApp.
It’s easy. All you need to do is set up ChatGPT as one of your contacts in WhatsApp - as if it’s a person.
Just add ChatGPT as a contact with the number 1-800-CHATGPT (that’s 1-800-242-8478). If you’re outside of the US, then you’ll need to add them as a US contact, which I've written about before.
Now you can chat with ChatGPT as if it were one of your friends. When you start a chat with ChatGPT, you can simply say “Create an image of...” and add some details. Sit back and let ChatGPT do its AI magic.
To upload an image that you want ChatGPT to edit, tap the + button, then Photos, and upload the image.
ChatGPT will ask you what you would like to do with the image, and you can just use natural language to describe what you want to do.
If you reach your limit for a free ChatGPT account, but you’ve got a Plus account, then WhatsApp will throw up a link so you can link to your Plus account and get more images. It couldn’t be simpler.
You might also like- Keyview 13" Touch is a mechanical keyboard with a built-in 13-inch touchscreen
- It works with phones, tablets, laptops, desktops, and even game consoles
- There’s no battery or touchpad unfortunately, so you'll need to provide power and a mouse
The Keyview 13" Touch, from Aura Displays, is a compact 82-key mechanical keyboard (83 keys for the UK version) with a fun, and useful twist - it has an integrated 13-inch touchscreen attached.
This isn’t the first product of its kind we’ve seen - we’ve previously covered the Maxfree K3 and the Thanko mechanical keyboard with a 10-inch monitor, both of which offer the same blend of keyboard and display in one unit.
We’ve also encountered various DIY projects that produced laptops without displays, as well as notebook docking stations with built-in screens, but few of those have been as polished or feature-packed as this.
RGB lighting and custom shortcutsThe Keyview 13" Touch's screen folds from 0 to 90 degrees and delivers a 1920 x 720 matte IPS display. It supports full 10-point multitouch and has a wide 178° viewing angle, making it usable for video, docs, or just as a second screen.
The keyboard itself uses yellow mechanical switches and PBT keycaps. It’s fully customizable, with hot-swappable keys, RGB lighting, and support for custom shortcuts.
The device includes USB-C, HDMI, two USB 3.0 ports, an SD/TF slot, and an M2 SSD bay for internal storage expansion. It also supports 60W PD fast charging.
It’s compatible with macOS, Windows, Android, Linux, and ChromeOS. That means it works with laptops, desktops, full-featured USB-C phones like the Galaxy line, latest iPhones, tablets, and even game consoles.
The case is made from aluminum alloy, ABS, and PC plastic. It’s solid but weighs 2.12kg, which makes it more of a backpack item than something pocketable.
There’s also a built-in speaker, rated at 1W. That's nothing special, but it will be fine for notifications or quick audio tasks.
There are a couple of bigger drawbacks, though - there’s no battery for starters, so you’ll need to plug it in every time you want to use it. And there’s no touchpad either, so unless your device is touch-capable, you’ll want to bring a mouse too.
Still, for a certain type of user, especially those wanting to turn their phone into a capable workstation, it’s an unusual and potentially useful option. You can buy it direct from Aura now for $399.00, 20% off its usual MSRP of $499.
You may also like- Check out our list of the best mobile workstations for any budget
- And these are the best mini PCs you can buy right now
- Minisforum's NAS packs a Ryzen AI HX 370, up to 96GB RAM and 154TB storage
It’s official: the Nothing Phone 3 will use the Snapdragon 8s Gen 4 chipset.
Nothing CEO Carl Pei revealed the spec detail in an interview uploaded to the company’s YouTube channel, confirming that Nothing’s “first true flagship” phone will be “36% faster on CPU, 88% stronger on GPU, and 60% stronger on the NPU” than the Nothing Phone 2.
Big numbers! Except the Snapdragon 8 Plus Gen 1-equipped Nothing Phone 2 is almost two years old, and by Nothing’s own admission, it’s not a true flagship, so you’d expect the Phone 3 to deliver a serious jump in performance. The even bigger elephant in the room is that Nothing’s “first true flagship” won’t be using the Snapdragon 8 Elite chipset, which by all accounts is currently the fastest gun in the West. Is this a terrible revelation? I’m not so sure.
Look, it’s true that many of the best Android phones use Qualcomm’s latest top-end chipest, and it’s also true that, in not using the Snapdragon 8 Elite, the Nothing Phone 3 will likely lag behind the Samsung Galaxy S25 Ultra and OnePlus 13 in benchmark tests and push-your-phone-to-the-limits use cases.
If you’re someone who likes to max out every setting in Call of Duty: Mobile or record lengthy videos in 8K, the Nothing Phone 3 won’t be for you. But Nothing is not, and never will be, a brand for these types of power users.
The Nothing Phone 3a Pro launched in March (Image credit: Philip Berne / Future)Carl Pei founded Nothing in 2020 with a mission to “make tech cool again,” and that ethos has been evident in every Nothing phone released thus far (we described the company’s most recent effort, the Nothing Phone 3a Pro, as “the most interesting phone you can buy for less than $500 / £500 / AU$850” in our review).
Nothing’s next challenge is to make a “cool” phone that isn’t noticeably slower or buggier than the best phones on the market. And any device that fits that remit can, I think, accurately be described as “a true flagship”.
By using the Snapdragon 8s Gen 4 chipset, the Nothing Phone 3 will feel like a flagship in comparison to Nothing phones of old, but I’m 99% sure it’ll feel like a flagship in relation to the best iPhones, Samsung phones, and Pixel phones, too.
As I wrote in a similarly minded piece last year, in my opinion, we’ve reached a saturation point when it comes to the speed of flagship phones. Not necessarily in their capacity to complete complex tasks, mind, but in the way these phones feel when you’re swiping through them on a daily basis.
If the Snapdragon 8s Gen 4 chipset can deliver a smooth experience while you’re scrolling, streaming, swiping, gaming, taking photos, or doing any of the other things one does with their phone in 2025, I think it’s a perfectly acceptable chipset choice for a flagship handset aimed at those who value aesthetics over raw, unmitigated power.
The Tensor G4-equipped Google Pixel 9 Pro was our Phone of the Year last year (Image credit: Blue Pixl Media)Consider Google’s latest flagship phone, the Pixel 9 Pro.
By all accounts, its Tensor G4 chipset is weaker than the competition, yet the Pixel 9 Pro sits pretty as the ‘best Android’ option in our list of the best phones and also scooped our Phone of the Year award in 2024. Sure, those titles were awarded subjectively, but no one bats an eyelid when Google’s bona fide flagship ships without the latest and greatest in mobile silicon.
The price argument is a little harder to rebuff. Rumors put the Nothing Phone 3’s price tag at around $799 / £799 / AU$1,300, which would bring the phone in line with the Snapdragon 8 Elite-equipped Samsung Galaxy S25.
Naturally, Nothing’s upcoming handset won’t be able to compete with Samsung’s latest base model for raw power, but with Carl Pei promising "premium materials and software that really levels things up,” I’m confident that the Phone 3 will deliver on the CEO’s “true flagship” promise.
You might also like- World Leaks adds Freedman HealthCare to its data leak site
- The group claims to have exfiltrated tens of thousands of files
- The company is staying silent for now
A cybercrime gang claims to have breached Freedman HealthCare, a US-based consulting firm which helps states and healthcare organizations handle data, and allegedly stole thousands of sensitive files.
A threat actor called World Leaks added Freedman HealthCare to its data leak website. The group is a new entrant in the cybercrime space, with some saying it’s a rebrand of Hunters International, while others report it’s a spin-off of the infamous organization.
In any case, the group added the consulting firm to its site, but hasn’t yet uploaded any files, most likely to try and pressure it into paying the ransom demand.
Extortion as a serviceThe attackers claim to have stolen 42,204 files, amounting to more than 50GB, but the nature of the stolen files isn’t known, nor is the amount of money requested.
The company handles personal health information of millions of Americans, including sensitive data processed in Medicaid and commercial insurance claims, state health and human services agencies, social determinants of health datasets, and healthcare workforce initiatives.
Freedman HealthCare has not yet addressed these claims, so we don’t even know if they’re legitimate, or not.
However, Hunters International has a relatively good track record, with notable past victims including Toyota Brazil, NanoLumens, Integrated Control, and Frederick Wildman and Sons.
World Leaks apparently operates on an “extortion-as-a-service” model, launched in early 2025. The Register notes Hunters International found their ransomware work too risky, especially with international law enforcement operations actively targeting these groups. This prompted them to switch from the usual double extortion tactics to extortion as a service, resulting in the creation of World Leaks.
The group appears to be Russian in origin, and is rather active, with more than 150 victims in the last year.
You might also like- Hacked Tata Technologies data leaked by ransomware gang
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers