Tag: security

Helpdesk scammers are making house calls to make their lies feel more real

15-year-old among six arrested after Dutch cops target suspected bank fraud call center

Cyberattack sees crops kept in the ground

Bitter harvest for Australia's Mackay Sugar, attacked in peak cane crushing season

Python dev saved from disaster by intuition... and AI

I'm sorry, Dave. I can't install that repo that will totally hose your system

Three critical Fortinet sandbox bugs splattered by unknown attackers

All have patches, so make sure you upgrade to a fixed version

Crooks found a new way to collaborate using Teams – by hiding command-and-control traffic

Custom malware routed communications through legitimate Microsoft services, making malicious activity look like routine corporate collaboration

Cardiac monitor maker's security skips a beat as data thieves go for the jugular

Attackers used social engineering to access third-party business apps and steal patient information

Cisco SD-WAN make-me-root bug under attack

Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month

Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher

According to the one person who actually read the research paper

Arch Linux locks down AUR signups amid wave of malicious commits

Community repo freezes new accounts after attackers swamp it with poisoned package updates

AI is code – and can't be prompted into being smarter

From Java tests to Shai-Hulud, bots keep proving they'll swallow anything you feed them

NanoClaw now armed with JFrog for safer packages

AI agents can't be trusted, so don't give them dangerous powers

Fired IT worker jailed for 21 months after sabotaging old school district

Iowan’s scheme undone after misplacing trust in former coworker

UK digital ID gets brain trust to 'challenge' ministers on policy

CEO of Mumsnet among the six-member team

BOFH: For one ambitious security type, chaos is a ladder

Mission Control sends its regards

ShinyHunters hacked 100+ orgs by exploiting an Oracle PeopleSoft 0-day

University of Nottingham is first of many, Shiny tells The Reg

Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day

Another day, another Windows exploit code

VRChat says somebody faked a breach notice with the Maine AG's office

'We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed.'

Every employee’s password was stored in a single Excel file

The CEO thought this was the best way to deal with some email issues

Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate

PRC eyes are watching you

Angry bug hunter with Microsoft beef drops new Windows 0-day

Revenge is a dish best served code

Apple’s iOS 27 goes all agentic on compromised passwords, promises to change them with one tap

iBiz might not win the AI race, but analysts say it's focusing on features people may actually use

Signal says UK plan to scan devices for nude images 'endangers us all'

Encrypted messaging app warns device-level checks could be repurposed for censorship

Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year

Google paid researcher a tidy $55K bounty for its discovery

France probes compromise of gov messaging platform after account hijack

Authorities say the breach only exposed public chat rooms, but alleged attacker claims to have accessed far more data

GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections

Miasma worm shapeshifts, but cloud secret-scouting remains the goal

NSO Group back in Meta's crosshairs after alleged WhatsApp targeting

Zuckercorp says surveillance-for-hire vendor was still running phishing operations after federal court told it to knock it off

Oxford Uni student data pwned yet again - this time via career platform breach

Totally different attack from the break-in last month. Oh so that's OK then

If you don't fall for these extortionists' calls, they'll show up with USB sticks

When 'Chatty Spider' morphs into tech services cosplay spider

Yet another Cisco SD-WAN 0-day under attack, and no patch in sight

Good luck, sys admins

World Food Programme breach exposes data of 600k vulnerable Gazan families

Those receiving aid in the famine-threatened, war-torn territory told support will remain

Council in UK's City of York outs hundreds of disabled residents with a single email blunder

Blue Badge holders exposed to each other after BCC function proves too complex

Pink is the latest goon squad to use fake helpdesk calls to steal creds

A familiar tactic popularized by chaotic crime crew Lapsus$

All the passwords were stored in Active Directory description fields

It was far too easy for a hacker to get the information

Commvault says it's time to rethink resiliency as AI crooks leave victims in a 'dark, dead' state

Those backup plans need backup testing

Bend the beam like Beckham to defeat anti-jamming tech

It's hard to stop a signal jammer if you can't locate the source, say Rice University researchers

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks

Microsoft reaches for olive branch after public dustup with 0-day researcher

Following days of criticism from the security community, Redmond dials back rhetoric, insists vulnerability hunters not in its legal crosshairs

Claude celebrates Anthropic's stock market float with blockbuster ... outage

Chatbot has no respect for timing of its maker's financial announcement

Northern Ireland cops issue PSA after official phone number spoofed by scammers

If you’re going to impersonate an officer, perhaps choose a more sophisticated way to nick cash than asking for gift cards…

Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

TeamPCP? Or copycat malware dev?

Election interlopers register 5K+ domains, hope to catch some voting phish

Hacking voting machines is so 2017. Phishing, impersonation pose the real election risks

GTA cheat service Atlas Menu hacked as attacker alleges screenshot spying

A database containing 64,000 user records was published to GitHub after an attacker claimed to have compromised all Atlas systems

Palo Alto VPN bug graduates from advisory to active exploitation

Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users

Password manager Dashlane suspends customer accounts amid brute-force attacks

Engineers' weekends ruined as Dashlane's automatic protections kicked in

23andMe inherits lawsuit over 'disturbing' DNA data breach

California AG claims genetics biz downplayed 2023 mega-leak while paying ransom to attacker

Dutch cops wrest 17M devices from mystery botnet's clutches

Hosting provider pulled the plug after police traced 200 servers to the Netherlands

ChatGPT blindly trusts browser content, turning the page into a payload

You and me go ChatGPhish-ing in the dark

Russia-linked threat group put ChatGPT to work from lure to payload

Researchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government

Microsoft tests the 15-character limit of Windows Server admins' patience

May security update trips over hostnames of a very specific length

Carnival confirms ShinyHunters cruised off with 6M customer records after April breach

Travel and leisure giant was just one of many victims of the cybercrooks' crime spree this year

Company CEO flooded file share with smut, called for help after he deleted it

Also, missing school iPad resurfaced after coach’s kids uploaded video to YouTube

CrowdStrike, Google shatter Glassworm botnet

Developer-targeted, supply-chain attacks all the rage these days

Bosses blinded by confidence about shadow AI use by workers

More than half of orgs in Okta survey faced an AI-related security incident or near miss last year

Extortion crews are visiting law firms pretending to be tech support, FBI warns

Cybercriminals still allowed to walk into office blocks and convince staff to let them plug in their own thumb drives

India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat

CERT-In says internet-facing or critical systems should be patched, mitigated, or cut off within half a day where feasible

How to guarantee a speaker gig: Hack the system. Literally

Make your mark on the call-for-proposal platform

A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

Techie claims Trump Mobile website was leaking thousands of people's data

Cisco used AI to write security incident reports, with mixed results

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw

Microsoft storms RAMPART, adds Clarity to agentic AI safety

Zombie user account let hackers control the city’s water

Even Claude agrees: hole in its sandbox was real and dangerous

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

London's police asked Big Tech for comms data over 700,000 times last year

Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware

America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames

TanStack weighs invitation-only pull requests after supply chain attack

NGINX Rift attackers waste no time targeting exposed servers

Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative

F-35 software delays leave UK buying time with US glide bombs

MPs want social media treated more like unsafe toys than harmless apps

Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data

Cops arrest man suspected of being Dream Market kingpin

Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access

To gain root access at this company, all an intruder had to do was ask nicely

AI models are getting better at replacing cybersecurity pros on certain tasks

Cisco to fire 4,000 staff and generously give them free training – on Cisco

Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits

Vietnam to develop domestic cloud so it can ditch risky overseas operators for government workloads

Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

US bank reports itself after slinging customer data at 'unauthorized AI app'

Cookie thieves caught stealing dev secrets via fake Claude Code installers

Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

BWH Hotels guests warned after reservation data checks out with cybercrooks

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Worm rubs out competitor's malware, then takes control

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

Meta U-turns on encryption push for Instagram as DMs go plaintext

Hackers ate my homework: Educational SaaS Canvas down after cyberattack

The network password was a key plot point in one of the most famous movies of all time

Arctic Wolf kicks 250 employees out of the pack to save money for AI

1 in 8 employees totally cool with selling work credentials

Iran cybersnoops still LARPing as ransomware crooks in espionage ops

Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking

Romance scammers turn sweet talk into £102M payday

Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation

Kids say they can beat age checks by drawing on a fake mustache

Shadow IT has given way to shadow AI. Enter AI-BOMs

If the vote you rocked, your personal info can be grokked

Five Eyes spook shops warn rapid rollouts of agentic AI are too risky

Brace for the patch tsunami: AI is unearthing decades of buried code debt

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Bot her emails: most modern phishing campaigns are AI-enabled

FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'

French prosecutors link 15-year-old to mega-breach at state’s secure document agency

Linux cryptographic code flaw offers fast route to root

Researchers move in the right direction, develop powerful GPS interference alarm

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

Legacy TLS tour continues with Exchange Online blocking old versions from July 2026

Yet another experiment proves it's too damn simple to poison large language models

CISA flags data-theft bug in NSA-built OT networking tool

GitHub: Zounds, a genuinely helpful AI-assisted bug report that isn't total slop! Here, Wiz, take this wad of cash

30 ClawHub skills secretly turn AI agents into a crypto swarm

Medical and utility tech companies admit digital breakins

Cybersec is a thankless job: expanding workload and shrinking pay packet

Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt

Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now

Intel bets the farm on AI inference to drag CPU back to the top table

It's a myth that you need Mythos to find bugs: Open source models can do it just as well

Greece relaxes Euro biometric border entry rules amid airport chaos

Researchers find cyber-sabotage malware that may predate Stuxnet by five years

Weak security means attackers could disable all of a city's public EV chargers

Dev targeted by sophisticated job scam: 'I let my guard down, and ran the freaking code'

Claude Opus 4.7 has turned into an overzealous query cop, devs complain

Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn