Security news aggregator

Latest coverage for Notification

Notifications can signal security events, policy changes, and required responses, helping organizations detect incidents and manage cyber risk.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Notification in information security is the delivery of an alert about a security event, required action, system change, or confirmed incident. Notifications may target security teams, administrators, users, regulators, or affected individuals and can use email, messaging, phone, or monitoring dashboards. The term covers both automated technical alerts and formal communications about incidents or privacy impact.

Notifications support detection and incident response by directing people to investigate, contain, or remediate a problem. Their security depends on trustworthy event sources, authenticated delivery channels, clear severity and ownership, and records showing when messages were sent and acknowledged. Attackers may spoof alerts, interfere with delivery, or exploit exposed notification content; poorly tuned systems can also create alert overload that obscures important events. Notifications involving personal data should disclose only necessary information, while external incident notices must meet applicable legal deadlines and accurately describe known effects without overstating unconfirmed facts.

Volume over time

Weekly headline count for the current query.

Showing 12 most recent headlines Filtered view

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express)

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account

The Hacker News 1 year, 9 months ago

Why 'Never Expire' Passwords Can Be a Risky Decision

Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden. Despite this, it’s commonly

As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities