FreSSH bugs undiscovered for years threaten OpenSSH security Exploit code now available for MitM and DoS attacks Patches18 Feb 2025 | 10
XCSSET macOS malware returns with first new version since 2022 Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Research17 Feb 2025 | 5
Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps Infosec In Brief PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Security17 Feb 2025 | 12
The Doom-in-a-PDF dev is back – this time with Linux What's next, Crysis-in-a-CSV? Bootnotes16 Feb 2025 | 38
Critical PostgreSQL bug tied to zero-day attack on US Treasury High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further Research14 Feb 2025 | 21
US lawmakers press Trump admin to oppose UK's order for Apple iCloud backdoor Senator, Congressman tell DNI to threaten infosec agreements if Blighty won't back down Security13 Feb 2025 | 52
Trump’s cyber chief pick has little experience in The Cyber GOP lawyer Sean Cairncross will be learning on the fly, as we also say hi to new intelligence boss Tulsi Gabbard Public Sector12 Feb 2025 | 53
Crimelords and spies for rogue states are working together, says Google Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us? Cyber-crime12 Feb 2025 | 20
US news org still struggling to print papers a week after 'cybersecurity event' Publications across 25 states either producing smaller issues or very delayed ones Cyber-crime10 Feb 2025 | 9
UK armed forces fast-tracking cyber warriors to defend digital front lines High starting salaries promised after public sector infosec pay criticized Security10 Feb 2025 | 29
DeepSeek's iOS app is a security nightmare, and that's before you consider its TikTok links Infosec In Brief PLUS: Spanish cops think they've bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more! Security10 Feb 2025 | 23
UK industry leaders unleash hurricane-grade scale for cyberattacks Freshly minted organization aims to take the guesswork out of incident severity for insurers and policy holders Cyber-crime07 Feb 2025 | 7
Dems want answers on national security risks posed by hiring freeze, DOGE probes Updated Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know Security06 Feb 2025 | 35
Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge International security squads all focus on stopping baddies busting in through routers, IoT kit etc Edge + IoT05 Feb 2025 | 4
Poisoned Go programming language package lay undetected for 3 years Updated Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks Security04 Feb 2025 | 9
Cyberattack on NHS causes hospitals to miss cancer care targets Healthcare chiefs say impact will persist for months Cyber-crime04 Feb 2025 | 12
2 officers bailed as anti-corruption unit probes data payouts to N Irish cops Investigating compensation to police whose sensitive info was leaked in 2023 Security03 Feb 2025 | 19
Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP Infosec in brief PLUS: MGM settles breach suits; AWS doesn't trust you with security defaults; A new .NET backdoor; and more Security03 Feb 2025 | 9
Canvassing apps used by UK political parties riddled with privacy, security issues Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org's report Research30 Jan 2025 | 21
WFH with privacy? 85% of Brit bosses snoop on staff Employers remain blissfully unaware/wilfully ignorant of the impact of surveillance on staff Security30 Jan 2025 | 80
Spending watchdog blasts UK govt over sloth-like progress to shore up IT defenses Think government cybersecurity is bad? Guess again. It’s alarmingly so Public Sector29 Jan 2025 | 13
Security pros more confident about fending off ransomware, despite being battered by attacks Data leak, shmata leak. It will all work out, right? Cyber-crime28 Jan 2025 | 4
CDNs: Great for speeding up the internet, bad for location privacy Infosec in brief Also, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more Security27 Jan 2025 | 5
FortiGate config leaks: Victims' email addresses published online Experts warn not to take SNAFU lightly as years-long compromises could remain undetected Cyber-crime23 Jan 2025 | 8
Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day Seven days after disclosure and little action taken, data shows Patches21 Jan 2025 | 3
Datacus extractus: Harry Potter publisher breached without resorting to magic Infosec in brief PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more Security20 Jan 2025 | 7
Infoseccer: Private security biz let guard down, exposed 120K+ files Assist Security’s client list includes fashion icons, critical infrastructure orgs Security16 Jan 2025 | 14
Snyk appears to deploy 'malicious' packages targeting Cursor for unknown reason Updated Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test Security14 Jan 2025 | 1
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug This is what happens when you publish PoCs immediately, hm? Patches13 Jan 2025 | 1
Nominet probes network intrusion linked to Ivanti zero-day exploit Unauthorized activity detected, but no backdoors found Security13 Jan 2025 | 6
Europe coughs up €400 to punter after breaking its own GDPR data protection rules Infosec in brief PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more Security13 Jan 2025 | 15
Drug addiction treatment service admits attackers stole sensitive patient data Details of afflictions and care plastered online Cyber-crime10 Jan 2025 | 8
Zero-day exploits plague Ivanti Connect Secure appliances for second year running Factory resets and apply patches is the advice amid fortnight delay for other appliances Patches09 Jan 2025 | 2
Security pros baited with fake Windows LDAP exploit traps Tricky attackers trying yet again to deceive the good guys on home territory Cyber-crime09 Jan 2025 | 7
I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director In colossal surprise, ONCD boss Harry Coker says more work is needed CSO08 Jan 2025 | 12
DNA sequencers found running ancient BIOS, posing risk to clinical research Updated Devices on six-year-old firmware vulnerable to takeover and destruction Research08 Jan 2025 | 24
UN's aviation agency confirms attack on recruitment database Various data points compromised but no risk to flight security Cyber-crime08 Jan 2025 | 4
Turbulence at UN aviation agency as probe into potential data theft begins Crime forum-dweller claims to have leaked 42,000 documents packed with personal info Cyber-crime07 Jan 2025 |
DEF CON's hacker-in-chief faces fortune in medical bills after paralyzing neck injury Marc Rogers is 'lucky to be alive' Security07 Jan 2025 | 73
MediaTek rings in the new year with a parade of chipset vulns Manufacturers should have had ample time to apply the fixes Security06 Jan 2025 | 5
Telemetry data from 800K VW Group EVs exposed online Infosec in Brief PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more Security06 Jan 2025 | 45
UK ICO not happy with Google's plans to allow device fingerprinting Infosec in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more Security23 Dec 2024 | 75
Infosec experts divided on AI's potential to assist red teams CANALYS FORUMS APAC Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence Security20 Dec 2024 | 10
Trump administration wants to go on cyber offensive against China The US has never attacked Chinese critical infrastructure before, right? Cyber-crime16 Dec 2024 | 25
Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat' Personal and financial data probably stolen Cyber-crime16 Dec 2024 | 2
Are your Prometheus servers and exporters secure? Probably not Infosec in brief Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more Security15 Dec 2024 | 1
Apache issues patches for critical Struts 2 RCE bug More details released after devs allowed weeks to apply fixes Patches12 Dec 2024 |
Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push Holiday cheer comes in the form of three arrests and 27 shuttered domains Cyber-crime12 Dec 2024 | 5
Three more vulns spotted in Ivanti CSA, all critical, one 10/10 Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Patches11 Dec 2024 | 2
Fully patched Cleo products under renewed 'zero-day-ish' mass attack Thousands of servers targeted while customers wait for patches Research10 Dec 2024 |
OpenWrt orders router firmware updates after supply chain attack scare A couple of bugs lead to a potentially bad time CSO09 Dec 2024 | 9
Blue Yonder ransomware termites claim credit Infosec in brief Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren't; Polish spy boss arrested, and more Security09 Dec 2024 | 3
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware Threatened with life in prison, Kyiv charity worker gives middle finger to state spies Security06 Dec 2024 | 65
Ransomware hangover, Putin grudge blamed for vodka maker's bankruptcy Stoli Group on the rocks in the US Security05 Dec 2024 | 35
Perfect 10 directory traversal vuln hits SailPoint's IAM solution Updated 20-year-old info disclosure class bug still pervades security software Patches03 Dec 2024 | 6
Severity of the risk facing the UK is widely underestimated, NCSC annual review warns National cyber emergencies increased threefold this year Cyber-crime03 Dec 2024 | 18
Interpol nabs thousands, seizes millions in global cybercrime-busting op Infosec in brief Also, script kiddies still a threat, Tornado Cash is back, UK firms lose billions to avoidable attacks, and more Security01 Dec 2024 | 8
RansomHub claims to net data hat-trick against Bologna FC Crooks say they have stolen sensitive files on managers and players Cyber-crime30 Nov 2024 | 2
Zabbix urges upgrades after critical SQL injection bug disclosure US agencies blasted 'unforgivable' SQLi flaws earlier this year Patches29 Nov 2024 | 7
NHS major 'cyber incident' forces hospitals to use pen and paper Systems are isolated and pulled offline, while scheduled procedures are canceled Cyber-crime28 Nov 2024 | 56
First-ever UEFI bootkit for Linux in the works, experts say Bootkitty doesn’t bite… yet Research27 Nov 2024 | 14
Man accused of hilariously bad opsec as alleged cybercrime spree detailed Complaint claims he trespassed, gave himself discounts, and sorted CCTV access… Cyber-crime26 Nov 2024 | 24