Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw
How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently
Patches25 Mar 2025 | 1
Security
OTF, which backs Tor, Let's Encrypt and more, sues to save its funding from Trump cuts
Kari, OK, we'll see you in court
Networks25 Mar 2025 | 69
As nation-state hacking becomes 'more in your face,' are supply chains secure?
Interview Ex-US Air Force officer says companies shouldn't wait for govt mandates
CSO24 Mar 2025 | 9
AI agents swarm Microsoft Security Copilot
Looking to sort through large volumes of security info? Redmond has your backend
Security24 Mar 2025 | 13
Oracle Cloud says it's not true someone broke into its login servers and stole data
Despite evidence to the contrary as alleged pilfered info goes on sale
Cyber-crime23 Mar 2025 | 22
Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US
Interview Plus AI in the infosec world, why CISA should know its place, and more
CSO23 Mar 2025 | 39
NARROWER TOPICS
Paragon spyware deployed against journalists and activists, Citizen Lab claims
Infosec newsbytes Plus: Customer info stolen from 'parental control' software slinger SpyX; F-35 kill switch denied
Research21 Mar 2025 | 17
Capital One cracker could be sent back to prison after judges rule she got off too lightly
Feds want book thrown at Paige Thompson, who pinched 100M customer records
Cyber-crime21 Mar 2025 | 18
Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up
So much for that vacation
Public Sector20 Mar 2025 | 60
Too many software supply chain defense bibles? Boffins distill advice
How to avoid another SolarWinds, Log4j, and XZ Utils situation
Security20 Mar 2025 | 10
Names, bank info, and more spills from top sperm bank
Cyber-crime is officially getting out of hand
Bootnotes19 Mar 2025 | 16
Ex-US Cyber Command chief: Europe and 5 Eyes can't fully replicate US intel
Cue deepening existential European dread as Rest of World contemplates Trump turning off the info tap
Security19 Mar 2025 | 75
Show top LLMs some code and they'll merrily add in the bugs they saw in training
One more time, with feeling ... Garbage in, garbage out
AI + ML19 Mar 2025 | 33
CISA fires, now rehires and immediately benches security crew on full pay
DOGE efficiency in action
Public Sector18 Mar 2025 | 51
Microsoft isn't fixing 8-year-old shortcut exploit abused for spying
'Only' a local access bug but important part of N Korea, Russia, and China attack picture
Research18 Mar 2025 | 41
Curious tale of two HR tech unicorns, alleged espionage, and claims of a spy hiding in a bathroom
Updated There's nothing bog-standard about this bombshell loo-suit
Bootnotes18 Mar 2025 | 25
Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up
Don't laugh. This kind of warning shows crims are getting desperate
Cyber-crime18 Mar 2025 | 13
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
Updated One PUT request, one poisoned session file, and the server’s yours
CSO18 Mar 2025 | 8
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database
More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit
CSO17 Mar 2025 | 121
That 'angry guest' email from Booking.com? It's a scam, not a 1-star review
Phishers check in, your credentials check out, Microsoft warns
Research13 Mar 2025 | 10
Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
Feds warn gang still rampant and now cracked 300+ victims around the world
Cyber-crime13 Mar 2025 | 4
Expired Juniper routers find new life – as Chinese spy hubs
Fewer than 10 known victims, but Mandiant suspects others compromised, too
Cyber-crime12 Mar 2025 | 5
This is the FBI, open up. China's Volt Typhoon is on your network
Power utility GM talks to El Reg about getting that call and what happened next
Cyber-crime12 Mar 2025 | 20
CISA pen-tester says 100-strong red team binned after DOGE canceled contract
Updated Election infosec advisory center also shuttered
Public Sector12 Mar 2025 | 163
MINJA sneak attack poisons AI models for other chatbot users
Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it
AI + ML11 Mar 2025 | 15
Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it
Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands
CSO10 Mar 2025 | 10
Consumer Reports calls out slapdash AI voice-cloning safeguards
Study finds 4 out of 6 providers don't do enough to stop impersonation
AI + ML10 Mar 2025 | 7
How NOT to f-up your security incident response
Feature Experts say that the way you handle things after the criminals break in can make things better or much, much worse
CSO10 Mar 2025 | 15
Strap in, get ready for more Rust drivers in Linux kernel
Likening memory safety bugs to smallpox may not soothe sensitive C coders
OSes10 Mar 2025 | 69
India wants backdoors into clouds, email, SaaS, for tax inspectors
Asia in Brief PLUS: Malaysia teams with Arm for local chip designs; NTT warns of possible breach; Samsung strikers settle; and more
Security09 Mar 2025 | 7
We call this kernel saunters: How Apple rearranged its XNU core with exclaves
iPhone giant compartmentalizes OS for the sake of security
Research08 Mar 2025 | 17
Developer sabotaged ex-employer with kill switch activated when he was let go
IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes
Bootnotes08 Mar 2025 | 78
Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures
$96B in transactions, some even labeled 'dirty funds,' since 2019, say prosecutors
Ransomware in Focus07 Mar 2025 | 4
Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware
Interview Which is why taking down chiefs and infra behind big name brand operations isn't working
Ransomware in Focus07 Mar 2025 | 2
The Badbox botnet is back, powered by up to a million backdoored Androids
Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort
Cyber-crime07 Mar 2025 | 10
International cops seize ransomware crooks' favorite Russian crypto exchange
Updated Did US Secret Service not get the memo, or?
Ransomware in Focus06 Mar 2025 | 12
Cybereason CEO leaves after months of boardroom blowups
Updated Complaint alleges 13 funding proposals foundered amid battle for control
Security06 Mar 2025 | 2
Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks
Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox
Cyber-crime06 Mar 2025 | 4
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets
Updated They're good at zero-day exploits, too
Public Sector05 Mar 2025 | 17
Cybercrims now licking stamps and sending extortion demands in snail mail
Updated First crooks gave up encrypting data, and just stole it – now they don't even bother pilfering info. Sheesh!
Bootnotes05 Mar 2025 | 18
Ransomware thugs threaten Tata Technologies with leak if demands not met
Hunters International ready to off-shore 1.4 TB of info allegedly swiped from Indian giant
Ransomware in Focus05 Mar 2025 | 4
VMware splats guest-to-hypervisor escape bugs already exploited in wild
The heap overflow zero-day in the memory unsafe code by Miss Creant
Virtualization04 Mar 2025 | 8
Microsoft signed a dodgy driver and now ransomware scum are exploiting it
Five flaws found in Paragon Partition Manager's kernel-level .sys
Ransomware in Focus04 Mar 2025 | 13
So … Russia no longer a cyber threat to America?
Comment Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks
Public Sector04 Mar 2025 | 218
US Cyber Command reportedly pauses cyberattacks on Russia
Infosec In Brief PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more
Security03 Mar 2025 | 98
C++ creator calls for help to defend programming language from 'serious attacks'
Bjarne Stroustrup wants standards body to respond to memory-safety push as Rust monsters lurk at the door
Software02 Mar 2025 | 213
Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators
Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim
AI + ML28 Feb 2025 | 3
Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’
FYI: What NOT to search after committing a crime
Cyber-crime27 Feb 2025 | 35
FBI officially fingers North Korea for $1.5B Bybit crypto-burglary
Federal agents, open up ... your browsers and see if you recognize any of these wallets
Cyber-crime27 Feb 2025 | 22
Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o
Updated Model was fine-tuned to write vulnerable software – then suggested enslaving humanity
AI + ML27 Feb 2025 | 127
With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare
244M purloined passwords added to Have I Been Pwned thanks to govt tip-off
Cyber-crime26 Feb 2025 | 10
Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet
Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation
Cyber-crime26 Feb 2025 | 14
100-plus spies fired after NSA internal chat board used for kinky sex talk
National intel boss slams naughty nattering on work systems as 'egregious violation of trust'
Bootnotes26 Feb 2025 | 74
Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)
Starting with Snapdragon 8 Elite and 'droid 15
Personal Tech26 Feb 2025 | 5
Drug-screening biz DISA took a year to disclose security breach affecting millions
If there's something nasty on your employment record, extortion scum could come calling
Cyber-crime26 Feb 2025 | 5
Xi know what you did last summer: China was all up in Republicans' email, says book
Of course, Microsoft is in the mix, isn't it
Cyber-crime25 Feb 2025 | 29
China's Silver Fox spoofs medical imaging apps to hijack patients' computers
Sly like a PRC cyberattack
Research25 Feb 2025 | 2
Malware variants that target operational tech systems are very rare – but 2 were found last year
Fuxnet and FrostyGoop were both used in the Russia-Ukraine war
Research25 Feb 2025 | 3
How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit
Analysis Blueprints shared for jail-breaking models that expose their chain-of-thought process
AI + ML25 Feb 2025 | 30
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
PoC exploit code shows why this is a patch priority
Patches21 Feb 2025 |
Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes
Said bugs 'can have significant implications' – glad to hear that from Redmond
AI + ML20 Feb 2025 | 7
Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
FBI and CISA issue reminder - deep sigh - about the importance of patching and backups
Ransomware in Focus20 Feb 2025 | 7
Biting the hand that feeds IT
