Sitecore CMS flaw let attackers brute-force 'b' for backdoor Hardcoded passwords and path traversals keeping bug hunters in work Patches17 Jun 2025 | 1
23andMe hit with £2.3M fine after exposing genetic data of millions Penalty follows year-long probe into flaws that allowed attack to affect so many CSO17 Jun 2025 | 12
Canada's WestJet says 'expect interruptions' online as it navigates cybersecurity turbulence updated Flights still flying - just don't count on the app or website working smoothly Security16 Jun 2025 | 1
Eurocops arrest suspected Archetyp admin, shut down mega dark web drug shop Marketplace as big as Silk Road had more than 600k users and turnover of 'at least' €250M Security16 Jun 2025 | 9
Spy school dropout: GCHQ intern jailed for swiping classified data Student 'believed he could finish' software dev 'project alone and therefore that the rules did not apply to him' Security16 Jun 2025 | 104
Apple fixes zero-click exploit underpinning Paragon spyware attacks Zero-day potentially tied to around 100 suspected infections in 2025 and a spyware scandal on the continent Security13 Jun 2025 | 18
Wanted: Junior cybersecurity staff with 10 years' experience and a PhD Infosec employers demanding too much from early-career recruits, says ISC2 CSO13 Jun 2025 | 70
Slapped wrists for Financial Conduct Authority staff who emailed work data home It was one of the offenders' final warning CSO13 Jun 2025 | 20
'Major compromise' at NHS temping arm exposed gaping security holes Exclusive Incident responders suggested sweeping improvements following Active Directory database heist Cyber-crime12 Jun 2025 | 17
Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks The 16 other flagged issues are on customers, says CRM giant Research11 Jun 2025 |
Asia dismantles 20,000 malicious domains in infostealer crackdown Interpol coordinates operation, nabs 32 across Vietnam, Sri Lanka, and Nauru Cyber-crime11 Jun 2025 | 4
Critical Wazuh bug exploited in growing Mirai botnet infection The open-source XDR/SIEM provider’s servers are in other botnets’ crosshairs too Research10 Jun 2025 |
M&S online ordering system operational 46 days after cyber shutdown A milestone in cyberattack recovery – but deliveries will take a while and normal service not yet back Cyber-crime10 Jun 2025 | 18
Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser Majority of exposures located in the US, including datacenters, healthcare facilities, factories, and more Research10 Jun 2025 | 57
Fresh strain of pro-Russian wiper flushes Ukrainian critical infrastructure Destructive malware has been a hallmark of Putin's multi-modal war Security06 Jun 2025 | 9
Uncle Sam moves to seize $7.7M laundered by North Korean IT worker ring The cash has been frozen for more than two years Security06 Jun 2025 | 3
BidenCash busted as Feds nuke stolen credit card bazaar Dark web crime platform raked in $17M+ over three years of operation Cyber-crime05 Jun 2025 | 3
More than a hundred backdoored malware repos traced to single GitHub user Someone went to great lengths to prey on the next generation of cybercrooks Cyber-crime05 Jun 2025 | 12
HMRC: Crooks broke into 100k accounts, stole £43M from British taxpayer in late 2024 It’s definitely not a cyberattack though! Really! Public Sector05 Jun 2025 | 29
Crims stole 40,000 people's data from our network, admits publisher Lee Enterprises Did somebody say ransomware? Not the newspaper group, not even to deny it Cyber-crime04 Jun 2025 | 2
UK CyberEM Command to spearhead new era of armed conflict Government details latest initiative following announcement last week Security04 Jun 2025 | 17
Crooks fleece The North Face accounts with recycled logins Outdoorsy brand blames credential stuffing Cyber-crime03 Jun 2025 | 7
Bling slinger Cartier tells customers to be wary of phishing attacks after intrusion Nothing terribly valuable taken in data heist, though privacy a little tarnished Cyber-crime03 Jun 2025 | 6
US community bank says thieves drained customer data through third party hole Disclosure at MainStreet Bancshares comes as American finance orgs beg for looser reporting requirements Cyber-crime02 Jun 2025 | 13
Feds arrest DoD techie, claim he dumped top secret files in park for foreign spies to find 28-year-old alleged to have made multiple drops to folks who turned out to be undercover FBI agents Security30 May 2025 | 38
US medical org pays $50M+ to settle case after crims raided data and threatened to swat cancer patients Cash splashed on damages, infrastructure improvements, and fraud monitoring Cyber-crime30 May 2025 | 2
8,000+ Asus routers popped in 'advanced' mystery botnet plot No formal attribution made but two separate probes hint at the same suspect Research29 May 2025 | 10
Billions of cookies up for grabs as experts warn over session security Law enforcement crackdowns are gathering pace but online marketplaces still teeming with valuable tokens Security29 May 2025 | 22
Attack on LexisNexis Risk Solutions exposes data on 300k + Data analytics and risk management biz says software dev platform breached, not itself Cyber-crime28 May 2025 | 2
Russian IT pro sentenced to 14 years forced labor for sharing medical data with Ukraine The latest in a long line of techies to face Putin’s wrath Security28 May 2025 | 47
Adidas confirms criminals stole data from customer service provider Hackers take personal data bytes from the brand with three stripes Cyber-crime27 May 2025 | 2
Ransomware attack on MATLAB dev MathWorks – licensing center still locked down Commercial customers, STEM students all feeling the pain after mega outage of engineering data-analysis tool Cyber-crime27 May 2025 | 23
CISA says SaaS providers in firing line after Commvault zero-day Azure attack Cyberbaddies are coming for your M365 creds, US infosec agency warns Security23 May 2025 | 2
Russia expected to pass experimental law that tracks foreigners in Moscow via smartphones 4-year trial is second major initiative this year that clamps down on 'illegal immigrants' Applications22 May 2025 | 56
Scottish council admits ransomware crooks stole school data Parents and teachers have personal info, ID documents leaked online, but exam season mostly unaffected Cyber-crime22 May 2025 | 36
Coinbase confirms insiders handed over data of 70K users Bribed support staff identified, fired Cyber-crime21 May 2025 | 17
Judge allows Delta's lawsuit against CrowdStrike to proceed with millions in damages on the line CS remains hopeful damages will be limited to seven figures Security21 May 2025 | 5
M&S warns of £300M dent in profits from cyberattack Downtime stings retailer, with technical recovery costs coming at a later date Cyber-crime21 May 2025 | 42
Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms Update before that proof-of-concept comes to bite Patches20 May 2025 | 21
Ransomware attack on food distributor spells more pain for UK supermarkets Peter Green Chilled supplies all the major UK chains Cyber-crime20 May 2025 | 64
Virgin Media O2 patches hole that let callers snoop on your coordinates Researcher finds VoLTE metadata could be used to locate users within 100 meters Security20 May 2025 | 33
Millions at risk after attackers steal UK legal aid data dating back 15 years Cybercriminals lifted info including addresses, ID numbers, and financial records from agency systems Cyber-crime19 May 2025 | 49
IT chiefs of UK's massive health service urge vendors to make public security pledge Enormous org has been hit by ransomware again and again, on multiple fronts, over the past year Cyber-crime19 May 2025 | 27
Defamation case against DEF CON terminated with prejudice 'We hope it makes attendees feel safe reporting violations' Security16 May 2025 | 4
Broadcom employee data stolen by ransomware crooks following hit on payroll provider Updated Tech giant was in process of dropping payroll biz as it learned of breach Cyber-crime16 May 2025 | 1
Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU Expert tells us: 'It is the most unique breach disclosure I've ever seen' Cyber-crime15 May 2025 | 14
Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated Public Sector14 May 2025 | 4
Ivanti patches two zero-days under active attack as intel agency warns customers Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Patches14 May 2025 | 1
Everyone's deploying AI, but no one's securing it – what could go wrong? CYBERUK Crickets as senior security folk asked about risks at NCSC conference CSO14 May 2025 | 22
'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart CYBERUK Both agencies seem unbothered despite tech world's clear concerns for US infoseccers Security13 May 2025 | 6
Marks & Spencer admits cybercrooks made off with customer info Market cap down by more than £1B since April 22 Cyber-crime13 May 2025 | 76
Attackers pwn charter airline helping Trump's deportation campaign Intruders claim they stole GlobalX's flight records and manifests Cyber-crime12 May 2025 | 49
Britain's cyber agents and industry clash over how to tackle shoddy software CYBERUK Providers argue that if end users prioritized security, they'd get it CSO12 May 2025 | 76
Curl project founder snaps over deluge of time-sucking AI slop bug reports Lead dev likens flood to 'effectively being DDoSed' Security07 May 2025 | 63
Pentagon declares war on 'outdated' software buying, opens fire on open source (If only that would keep folks off unsanctioned chat app side quests) Public Sector06 May 2025 | 75
Three Brits charged over 'active shooter threats' swattings in US, Canada UK starts prosecution days after FBI vowed to clamp down on the crime Security02 May 2025 | 39
British govt agents step in as Harrods becomes third mega retailer under cyberattack Experts suggest the obvious: There is an ongoing coordinated attack on UK retail sector Cyber-crime02 May 2025 | 141
Healthcare group Ascension discloses second cyberattack on patients' data This time criminals targeted partner’s third-party software Cyber-crime01 May 2025 | 1
Chris Krebs loses Global Entry membership amid Trump feud President's campaign continues against man he claims covered up evidence of electoral fraud in 2020 Security01 May 2025 | 36
Data watchdog will leave British Library alone – further probes 'not worth our time' No MFA? No problem – as long as you show you’ve learned your lesson Cyber-crime01 May 2025 | 7