Cybercrime

One line of malicious npm code led to massive Postmark email heist

MCP plus open source plus typosquatting equals trouble

Cyber-crime29 Sep 2025 | 7

Harrods blames its supplier after crims steal 430k customers’ data in fresh attack

Attackers make contact but negotiations fall on deaf ears

Cyber-crime29 Sep 2025 | 12

Hunt for RedNovember: Beijing hacked critical orgs in year-long snooping campaign

Not to be confused with all the other reports of Chinese intruders on US networks that came to light this week

Research27 Sep 2025 | 14

‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug

Researchers say tens of thousands of instances remain publicly reachable

Patches26 Sep 2025 | 3

North Korea's Lazarus Group shares its malware with IT work scammers

Keeping Pyongyang's coffers full

Cyber-crime25 Sep 2025 |

Callous crims break into preschool network, publish toddlers' data

Images of toddlers and home addresses leaked in reprehensible landmark attack

Cyber-crime25 Sep 2025 | 23

Empty shelves, empty coffers: Co-op pegs cyber hit at £80m

Supermarket says the hack that shut down systems and emptied shelves has turned profits into losses

Cyber-crime25 Sep 2025 | 25

New string of phishing attacks targets Python developers

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password

Cyber-crime24 Sep 2025 | 3

Google warns China-linked spies lurking in 'numerous' enterprises

Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'

Research24 Sep 2025 | 8

Cybercriminals cash out with casino giant's employee data

Attackers hit jackpot after targeting Boyd Gaming

Cyber-crime24 Sep 2025 | 3

Kaspersky: RevengeHotels checks back in with AI-coded malware

Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk

Research23 Sep 2025 | 2

Workers fear for their jobs as JLR's latest shutdown extended

With no idea when engines restart, families gear down on spending ahead of Christmas

Cyber-crime23 Sep 2025 | 31

Suspected Iran-backed attackers targeting European aerospace sector with novel malware

Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer

Cyber-crime23 Sep 2025 | 9

UK chancellor Putin the blame on Russia for cyber chaos, but evidence says otherwise

Reeves points finger at Moscow in interview when authorities reckon it's local lads

Cyber-crime23 Sep 2025 | 88

Cops cuff another teen over alleged Scattered Spider attack that broke Vegas casinos

Not old enough to drink, old enough to be accused of causing millions in damage

Cyber-crime22 Sep 2025 | 3

Car giant Stellantis says customer data nicked after partner vendor pwned

Automaker insists only names and emails exposed, no financials

Cyber-crime22 Sep 2025 | 11

Ivanti EPMM holes let miscreants plant shady listeners, CISA says

Unnamed org compromised with two malware sets

Cyber-crime19 Sep 2025 |

Alleged Scattered Spider teen cuffed after extortion Bitcoin used to buy games, meals

Feds say gift card splurges tied suspect to multimillion-dollar ransomware crew

Cyber-crime19 Sep 2025 | 50

Crims bust through SonicWall to grab sensitive config data

Vendor pulls plug on cloud backup feature, urges admins to reset passwords and re-secure devices

Cyber-crime18 Sep 2025 | 6

Cybercriminals pwn 850k+ Americans' healthcare data

Three US medical centers fess up to serious breaches

Cyber-crime18 Sep 2025 | 10

Two Scattered Spider teens charged over attack on London’s transport network

Decisive action comes nearly a year after the attack and first arrest took place

Cyber-crime18 Sep 2025 | 14

Scattered Spider gang feigns retirement, breaks into bank instead

You didn't really trust the crims to keep their word, did you?

Cyber-crime17 Sep 2025 | 5

BreachForums kingpin goes from walk-free deal to 3-year stretch

Prosecutors say Conor Fitzpatrick's crimes caused 'incalculable' damage

Cyber-crime17 Sep 2025 | 4

UK telco Colt’s recovery from August cyberattack pushes into November

Pentesters confirm key system is safe but core products remain unavailable

Cyber-crime17 Sep 2025 | 3

Microsoft blocks bait for ‘fastest-growing’ 365 phish kit, seizes 338 domains

Redmond names alleged ringleader, claims 5K+ creds stolen and $100k pocketed

Cyber-crime16 Sep 2025 | 5

Criminals broke into the system Google uses to share info with cops

Talk about an inside job

Cyber-crime16 Sep 2025 | 11

FileFix attacks use fake Facebook security alerts to trick victims into running infostealers

Tech evolved from PoC to global campaign in under two months

Security16 Sep 2025 | 6

JLR stuck in neutral as losses skyrocket amid cyberattack cleanup

Latest extension to factory closures takes incident response into fourth week

Cyber-crime16 Sep 2025 | 59

China slaps 1-hour deadline on reporting serious cyber incidents

Cyberspace watchdog tightens reporting regime, leaving little time to hide incidents

Cybersecurity Month16 Sep 2025 | 16

Careless engineer stored recovery codes in plaintext, got whole org pwned

Cautionary tale from the recent SonicWall attacks

Cyber-crime15 Sep 2025 | 40

Former FinWise employee may have accessed nearly 700K customer records

Bank says incident went undetected for over a year before discovery in June

Cyber-crime15 Sep 2025 | 4

Nork snoops whip up fake South Korean military ID with help from ChatGPT

Kimsuky gang proves that with the right wording, you can turn generative AI into a counterfeit factory

AI + ML15 Sep 2025 | 9

Cyber-scam camp operators shift operations to vulnerable countries as sanctions strike

Asia in Brief PLUS: Japan woos Micron, again; China launches chip dumping probe; Mitsubishi expands opsec empire; and more!

Cyber-crime15 Sep 2025 |

Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages

A similar vuln on Apple devices was used against 'specific targeted users'

Patches12 Sep 2025 | 7

Hack to school: Parents told to keep their little script kiddies in line

UK data watchdog says students behind most education cyberattacks

Cyber-crime12 Sep 2025 | 54

Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand

Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim

Cyber-crime11 Sep 2025 | 1

AI-powered penetration tool, an attacker's dream, downloaded 10K times in 2 months

Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit

Research11 Sep 2025 |

Akira ransomware crims abusing trifecta of SonicWall security holes for extortion attacks

Patch, turn on MFA, and restrict access to trusted networks…or else

Cyber-crime10 Sep 2025 |

Apple slips up on ChillyHell macOS malware, lets it past security . . . for 4 years

'We do believe that this was likely the creation of a cybercrime group,' threat hunter tells The Reg

Research10 Sep 2025 | 15

Jaguar Land Rover U-turns to confirm 'some data' affected after cyber prang

Systems offline as specialists continue to comb through wreckage

Cyber-crime10 Sep 2025 | 29

More packages poisoned in npm attack, but would-be crypto thieves left pocket change

Miscreants cost victims time rather than money

Cyber-crime09 Sep 2025 | 8

Drift massive attack traced back to loose Salesloft GitHub account

Meanwhile the victim count grows

Cyber-crime08 Sep 2025 | 2

Salt Typhoon used dozens of domains, going back five years. Did you visit one?

Plus ties to the Chinese spies who hacked Barracuda email gateways

Security08 Sep 2025 | 11

Critical, make-me-super-user SAP S/4HANA bug under active exploitation

9.9-rated flaw on the loose, so patch now

Patches05 Sep 2025 | 1

Attackers snooping around Sitecore, dropping malware via public sample keys

You cut and pasted the machine key from the official documentation? Ouch

Security04 Sep 2025 | 3

China-aligned crew poisons Windows servers to manipulate Google results

Defrauding search with custom malware, Potato-family exploits

Cyber-crime04 Sep 2025 | 7

Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs

LLMs and 0-days - what could possibly go wrong?

Cyber-crime03 Sep 2025 | 7

It looks like you’re ransoming data. Would you like some help?

AI-powered ransomware, extortion chatbots, vibe hacking … just wait until agents replace affiliates

Cyber-crime03 Sep 2025 |

How big will this Drift get? Cloudflare cops to Salesloft Drift breach

Show of hands: who WASN'T targeted?

Cyber-crime02 Sep 2025 | 8

Zscaler latest victim of Salesloft Drift attacks, customer data exposed

Joins Google, Palo Alto Networks in the ever-growing supply chain compromise

Cyber-crime02 Sep 2025 | 3

AWS catches Russia's Cozy Bear clawing at Microsoft credentials

Look who's visiting the watering hole these days

Security29 Aug 2025 | 3

FBI cyber cop: Salt Typhoon pwned 'nearly every American'

Plus millions of other people across 80+ countries

Security28 Aug 2025 | 60

FBI, Dutch cops seize fake ID marketplace that sold identity docs for $9

$6.4M VerifTools marketplace offline

Cyber-crime28 Aug 2025 | 7

TransUnion admits 4.5M affected after third-party support app breached

Credit agency offers own services as compensation

Cyber-crime28 Aug 2025 | 6

Ransomware crooks knock Swedish municipalities offline for measly sum of $168K

Miljödata meltdown leaves 200 local authorities scrambling over 1.5 BTC

Cyber-crime28 Aug 2025 | 7

If you thought China's Salt Typhoon was booted off critical networks, think again

13 governments sound the alarm about ongoing unpleasantness

Cyber-crime28 Aug 2025 | 7