All posts tagged: stolen

Police hunt thieves after rare miniature horses stolen from UK farm | UK | News

Police hunt thieves after rare miniature horses stolen from UK farm | UK | News

Published by Sam Flores

Police have launched an appeal for information after two rare miniature horses were stolen from a farm near Edenbridge in Kent. The animals, a breeding pair of Argentine Falabella horses, are believed to have been taken from a property on Marsh Green Road sometime between 8pm on May 27 and 1am on May 28. During the incident, a gate at the farm was also damaged. Investigators have released images of the missing stallion and are urging members of the public to come forward with any information that could help locate the animals. The stolen horses are described as a white stallion with brown spots and a black mare. Both belong to the Falabella breed, one of the world’s smallest horse breeds, standing at approximately 2ft 8in tall. Officers have been carrying out house-to-house inquiries in the area and examining available CCTV footage as part of their investigation. Police are also appealing to local residents, motorists and businesses who may have captured relevant footage during the time of the theft to contact them. The Falabella breed …

Jeremy Clarkson reveals staggering number of pint glasses stolen from pub a week

Jeremy Clarkson reveals staggering number of pint glasses stolen from pub a week

Published by Daniella Wilson

Get the latest entertainment news, reviews and star-studded interviews with our Independent Culture email Get the latest entertainment news with our free Culture newsletter Get the latest entertainment news with our free Culture newsletter Jeremy Clarkson has admitted to finding the running of a pub relentless – but one thing he didn’t expect to contend with is the extreme amount of theft he’d have to deal with. The TV personality has disclosed all the items that get nicked by customers wanting a keepsake from the boozer featured in Prime Video series Clarkson’s Farm – including a huge number of pint glasses that get taken in a single week. The TV personality is set to return for a brand new season of the hit Prime Video show, and in the opening episode, he sheds light on these thefts, revealing that by week’s end, the pub is 400 glasses down. Clarkson also revealed in the new season, premiering on 3 June, that cooking oil, light bulbs and urinal traps are all targeted by customers, also. Jeremy Clarkson …

Apple Developing iPhone Anti-Snatching Feature That Locks Stolen Phones Instantly

Apple Developing iPhone Anti-Snatching Feature That Locks Stolen Phones Instantly

Published by skeptic

Apple is developing a new feature that will lock your iPhone if it’s snatched from your hand by a thief, according to Apple code seen by 9to5Mac. The option will use the gyroscope, accelerometer, and other sensors to determine when an iPhone has been grabbed. It’ll also rely on a paired Apple Watch to detect when the iPhone has suddenly moved away from the owner’s wrist. Once the iPhone is yanked from your hand, it will lock and activate Stolen Device Protection to prevent thieves from accessing information on it. Stolen Device Protection adds extra security to your iPhone when you’re away from familiar locations like home or work. It requires biometric authentication for actions like accessing stored passwords or credit cards, and there are built-in hour-long delays for actions like changing an Apple Account password. The feature was originally designed to protect iPhone users from stealthy thieves who observe someone’s passcode and then snatch an iPhone. With a passcode, thieves could get into apps and access bank account data and other sensitive information, but …

Valid certificates, stolen accounts: how attackers broke npm’s last trust signal

Valid certificates, stolen accounts: how attackers broke npm’s last trust signal

Published by skeptic

On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised maintainer account. Sigstore worked exactly as designed: it verified the package was built in a CI environment, confirmed a valid certificate was issued, and recorded everything in the transparency log. What it cannot do is determine whether the person holding the credentials authorized the publish — and that gap turned the last automated trust signal in npm into camouflage. One day earlier, StepSecurity documented an attack on the Nx Console VS Code extension, a widely used developer tool with more than 2.2 million lifetime installs. Version 18.95.0 was published using stolen credentials on May 18 and stayed live for under 40 minutes — but Nx internal telemetry showed approximately 6,000 activations during that window, most through auto-update, compared to just 28 official downloads. The payload harvested Claude Code configuration files, AWS keys, GitHub tokens, npm tokens, 1Password vault contents, and Kubernetes service account tokens. The Mini …

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

Published by skeptic

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and authorship platform. The threat group TeamPCP, formally tracked by Google Threat Intelligence Group as UNC6780, claimed responsibility and is advertising the stolen repositories for sale starting at $50,000. GitHub’s assessment: the attacker’s claim is “directionally consistent” with the investigation so far. Trend Micro, StepSecurity, and Snyk have formally tracked TeamPCP across at least seven waves of the Mini Shai-Hulud supply chain worm since March. The GitHub breach did not land in isolation. It arrived the same day a new Mini Shai-Hulud wave forged valid cryptographic provenance on 639 malicious npm package versions, one day after attackers compromised a VS Code extension with 2.2 million installs, the same day Wiz discovered TeamPCP had compromised Microsoft’s durabletask Python SDK on PyPI, and the same morning Verizon’s 2026 DBIR revealed that 67% of employees access AI tools through non-corporate accounts. Five supply chain surfaces failed in 48 hours. …

The 4th Linux kernel flaw this month can lead to stolen SSH host keys

The 4th Linux kernel flaw this month can lead to stolen SSH host keys

Published by skeptic

ismagilov/iStock/Getty Images Plus Follow ZDNET: Add us as a preferred source on Google. ZDNET’s key takeaways Another day, another Linux bug.  There is a patch out now.   However, it’s not available yet in most distros.  Linux’s latest kernel flaw doesn’t have a fancy name; it’s just called “ssh‑keysign‑pwn.” It’s the fourth high‑profile local security hole to hit Linux in just a few weeks. This one enables ordinary users to quietly read some of the most sensitive files on a system, including Secure Shell (SSH) host private keys and the shadow password file. The vulnerability gets its “ssh‑keysign‑pwn” nickname from one of the main exploitation paths: abusing OpenSSH’s ssh-keysign helper binary. Keysign -keysign is used for host‑based authentication and typically runs setuid root, opening the system’s SSH host keys before dropping privileges to complete its work. Also: The third major Linux kernel flaw in two weeks has been found – thanks to AI Just what we needed. Another annoying and potentially dangerous Linux bug. The flaw explained Security researchers at security company Qualys disclosed CVE‑2026‑46333, …

The Download: deepfake porn’s stolen bodies and AI sharing private numbers

The Download: deepfake porn’s stolen bodies and AI sharing private numbers

Published by skeptic

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. The shock of seeing your body used in deepfake porn When Jennifer got a research job in 2023, she ran her new professional headshot through a facial recognition program. She wanted to see whether it would pull up the porn videos she’d made more than a decade earlier. It did, but it also surfaced something she’d never seen before: one of her old videos, now featuring someone else’s face on her body. Conversations about sexualized deepfakes usually focus on the people whose faces are inserted into explicit content without consent. But another group often gets ignored: the people whose bodies those faces are attached to. Adult content creators say AI systems are training on their work, cloning their likenesses, and generating explicit content they never agreed to make, all with little legal protection or control.  Read the full story on the threat to their rights, livelihoods, and ownership of their own …

Your iPhone Gets Stolen. Then the Hacking Begins

Your iPhone Gets Stolen. Then the Hacking Begins

Published by skeptic

Every year, millions of phones are stolen. While thousands of iPhones are shipped to China and broken down for parts, criminals can make more money selling a device that has been unlocked and wiped. Now researchers have unpicked part of the underground web of cybercrime services that can help provide access to stolen iPhones. Across the web and on Telegram, there’s a “thriving” ecosystem of software sellers helping power the market for stolen iPhones by providing “unlocking” tools and the technology to produce phishing messages to help get access to a phone, according to findings from researchers at cybersecurity firm Infoblox. The company says it has tracked “dozens” of groups selling unlocking tools, mostly with a focus on iPhones, and has linked more than 10,000 phishing websites to the activity. Traffic to these domains increased 350 percent last year, the researchers say. “Reselling is a hundred percent what they’re going for,” says Maël Le Touz, a staff threat researcher at Infoblox, who says people from all around the world appear to be buying access to …

Apple Project Files Allegedly Stolen in Foxconn Ransomware Attack

Apple Project Files Allegedly Stolen in Foxconn Ransomware Attack

Published by skeptic

Apple supplier Foxconn has confirmed a cyberattack on several of its U.S. factories, after a ransomware group claimed to have stolen confidential Apple project files as part of the hack. The Nitrogen group posted the breach on its data leak site this week, claiming to have made off with 8TB of data spanning more than 11 million files. Alongside the allegedly stolen Apple files, Nitrogen claims the trove includes internal project documentation and technical drawings tied to Intel, Google, Dell, and Nvidia. Foxconn confirmed the intrusion to The Register on Tuesday, but the supplier did not respond to questions regarding whether any customer data was actually taken. A company spokesperson said its cybersecurity team activated response measures to keep production running, and that all of its affected factories are resuming normal operations. Foxconn assembles a wide range of Apple products, but Apple famously takes the secrecy of unreleased products extremely seriously, and suppliers typically receive only the technical information needed for their specific role in manufacturing. Nitrogen is believed to be an offshoot of leaked …

Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform

Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform

Published by Sam Flores

The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals. Instructure, the parent company of Canvas, said in an online post that it “reached an agreement with the unauthorized actor involved in this incident.” The company didn’t provide any details on the agreement, including whether it involved a payment, and didn’t elaborate who was behind the hack. Instructure temporarily took the system offline while it investigated, locking out students and faculty. A hacking group named ShinyHunters claimed responsibility for last week’s breach, threatening to leak data involving nearly 9,000 schools worldwide and 275 million individuals if schools did not pay a ransom by May 6. The group then extended the deadline, indicating some schools had engaged with them to negotiate. ShinyHunters also was behind a smaller breach of Infrastructure last year. A lawsuit filed last week in federal court in Utah alleged Instructure did not do enough to …