Attackers swipe data of 500k+ people from Pennsylvania teachers union
SSNs, payment details, and health info too
Cyber-crime19 Mar 2025 |
Security
Names, bank info, and more spills from top sperm bank
Cyber-crime is officially getting out of hand
Bootnotes19 Mar 2025 | 3
IBM scores perfect 10 ... vulnerability in mission-critical OS AIX
Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in
Patches19 Mar 2025 | 2
Ex-US Cyber Command chief: Europe and 5 Eyes can't fully replicate US intel
Cue deepening existential European dread as Rest of World contemplates Trump turning off the info tap
Security19 Mar 2025 | 30
Show top LLMs some code and they'll merrily add in the bugs they saw in training
One more time, with feeling ... Garbage in, garbage out
AI + ML19 Mar 2025 | 24
CISA fires, now rehires and immediately benches security crew on full pay
DOGE efficiency in action
Public Sector18 Mar 2025 | 40
US tech jobs outlook clouded by DOGE cuts, Trump tariffs
Hiring remains relatively strong as analysts warn of slowdown
Research18 Mar 2025 | 47
Microsoft isn't fixing 8-year-old shortcut exploit abused for spying
'Only' a local access bug but important part of N Korea, Russia, and China attack picture
Research18 Mar 2025 | 33
Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos
Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal
Research18 Mar 2025 | 2
UK wants dirt on data brokers before criminals get there first
Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs
CSO18 Mar 2025 | 11
Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up
Don't laugh. This kind of warning shows crims are getting desperate
Cyber-crime18 Mar 2025 | 13
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
Updated One PUT request, one poisoned session file, and the server’s yours
CSO18 Mar 2025 | 8
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database
More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit
CSO17 Mar 2025 | 118
Amazon to kill off local Alexa processing, all voice requests shipped to the cloud
Web souk says Echo hardware doesn't have the oomph for next-gen AI anyway
AI + ML17 Mar 2025 | 81
GitHub supply chain attack spills secrets from 23,000 projects
Large organizations among those cleaning up the mess
Cyber-crime17 Mar 2025 | 32
UK government to open £16B IT services competition after 6-month delay
Technology Services 4 framework expands by £4B, with procurement to begin this week
Public Sector17 Mar 2025 | 19
Microsoft wouldn't look at a bug report without a video. Researcher maliciously complied
Maddening techno bass loop, Zoolander reference, and 14 minutes of time wasted
Security17 Mar 2025 | 139
FCC stands up Council on National Security to fight China in ways that CISA used to
Infosec In Brief PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware
Security16 Mar 2025 | 6
Apple's alleged UK encryption battle sparks political and privacy backlash
National security defense being used to keep appeal behind closed doors
Security14 Mar 2025 | 81
New kids on the ransomware block channel Lockbit to raid Fortinet firewalls
It's March already and you haven't patched?
Cyber-crime14 Mar 2025 |
Popular
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database
More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit
CISA fires, now rehires and immediately benches security crew on full pay
DOGE efficiency in action
DoorDash sued for allegedly branding customer a fraudster after delivery photo query
Dispute over app privacy escalates into legal brawl
Microsoft isn't fixing 8-year-old shortcut exploit abused for spying
'Only' a local access bug but important part of N Korea, Russia, and China attack picture
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
Updated One PUT request, one poisoned session file, and the server’s yours
AI crawlers haven't learned to play nice with websites
SourceHut says it's getting DDoSed by LLM bots
UK wants dirt on data brokers before criminals get there first
Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs
Don't want Copilot app on your Windows 11 machine? Install this official update
Microsoft says disappearance of Clippy 2.0 is an error it will shortly fix
Curious tale of two HR tech unicorns, alleged espionage, and claims of a spy hiding in a bathroom
Updated There's nothing bog-standard about this bombshell loo-suit
Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up
Don't laugh. This kind of warning shows crims are getting desperate
STORIES
Dems ask federal agencies for reassurance DOGE isn't feeding data into AI willy-nilly
Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail
AI + ML13 Mar 2025 | 32
Google says it's rolling out fix for stricken Chromecasts
It'll take a few days, give or take your situation
Personal Tech13 Mar 2025 | 20
That 'angry guest' email from Booking.com? It's a scam, not a 1-star review
Phishers check in, your credentials check out, Microsoft warns
Research13 Mar 2025 | 9
CISA: We didn't fire red teams, we just unhired a bunch of them
Agency tries to save face as it also pulls essential funding for election security initiatives
Security13 Mar 2025 | 28
DeepSeek can be gently persuaded to spit out malware code
It might need polishing, but a useful find for any budding cybercrooks out there
Research13 Mar 2025 | 12
Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
Feds warn gang still rampant and now cracked 300+ victims around the world
Cyber-crime13 Mar 2025 | 4
Get off that old Firefox by Friday or you'll be sorry, says Moz
Root cert expiry may bring breakage or worse for add-ons, media playback, and more
Applications13 Mar 2025 | 43
Expired Juniper routers find new life – as Chinese spy hubs
Fewer than 10 known victims, but Mandiant suspects others compromised, too
Cyber-crime12 Mar 2025 | 5
This is the FBI, open up. China's Volt Typhoon is on your network
Power utility GM talks to El Reg about getting that call and what happened next
Cyber-crime12 Mar 2025 | 20
UK must pay cyber pros more than its Prime Minister, top civil servant says
Leaders call for fewer contractors and more top talent installed across government
CSO12 Mar 2025 | 72
CISA pen-tester says 100-strong red team binned after DOGE canceled contract
Updated Election infosec advisory center also shuttered
Public Sector12 Mar 2025 | 160
Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws
Patch Tuesday Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy
Patches12 Mar 2025 | 23
'Uber for nurses' exposes 86K+ medical records, PII in open S3 bucket for months
Exclusive Non-password-protected, unencrypted 108GB database … what could possibly go wrong
Security11 Mar 2025 | 14
FTC's $25.5M scam refund treats victims to $34 each
Oh wow, just look at all the scary stuff in your Windows Event Viewer
Cyber-crime11 Mar 2025 | 12
MINJA sneak attack poisons AI models for other chatbot users
Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it
AI + ML11 Mar 2025 | 15
Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it
Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands
CSO10 Mar 2025 | 10
Google begs owners of crippled Chromecasts not to hit factory reset
Updated Expired security cert kerfuffle leaves second-gen, Audio gadgets useless
Personal Tech10 Mar 2025 | 63
Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift
Phishing and ancient vulns still do the trick for one of the most prolific groups around
Research10 Mar 2025 | 8
Rhysida pwns two US healthcare orgs, extracts over 300K patients' data
Terabytes of sensitive info remain available for download
Cyber-crime10 Mar 2025 | 3
Consumer Reports calls out slapdash AI voice-cloning safeguards
Study finds 4 out of 6 providers don't do enough to stop impersonation
AI + ML10 Mar 2025 | 7
How NOT to f-up your security incident response
Feature Experts say that the way you handle things after the criminals break in can make things better or much, much worse
CSO10 Mar 2025 | 15
The NHS security culture problem is a crisis years in the making
Analysis Insiders say board members must be held accountable and drive positive change from the top down
CSO10 Mar 2025 | 29
Strap in, get ready for more Rust drivers in Linux kernel
Likening memory safety bugs to smallpox may not soothe sensitive C coders
OSes10 Mar 2025 | 68
Microsoft admits GitHub hosted malware that infected almost a million devices
Infosec in Brief Also, phone cleaner apps are a data-sucking scam, Singapore considering the literal rod for scammers, and more
Security10 Mar 2025 | 6
India wants backdoors into clouds, email, SaaS, for tax inspectors
Asia in Brief PLUS: Malaysia teams with Arm for local chip designs; NTT warns of possible breach; Samsung strikers settle; and more
Security09 Mar 2025 | 7
We call this kernel saunters: How Apple rearranged its XNU core with exclaves
iPhone giant compartmentalizes OS for the sake of security
Research08 Mar 2025 | 18
Developer sabotaged ex-employer with kill switch activated when he was let go
IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes
Bootnotes08 Mar 2025 | 78
Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures
$96B in transactions, some even labeled 'dirty funds,' since 2019, say prosecutors
Ransomware in Focus07 Mar 2025 | 4
Alleged cyber scalpers Swiftly cuffed over $635K Taylor ticket heist
I knew you were trouble, Queens DA might have said
Cyber-crime07 Mar 2025 | 4
Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware
Interview Which is why taking down chiefs and infra behind big name brand operations isn't working
Ransomware in Focus07 Mar 2025 | 2
The Badbox botnet is back, powered by up to a million backdoored Androids
Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort
Cyber-crime07 Mar 2025 | 10
International cops seize ransomware crooks' favorite Russian crypto exchange
Updated Did US Secret Service not get the memo, or?
Ransomware in Focus06 Mar 2025 | 12
Uncle Sam mulls policing social media of all would-be citizens
President ordered immigration officials to ramp up vetting of foreigners 'to the maximum degree'
Public Sector06 Mar 2025 | 78
Toronto Zoo ransomware crooks snatch decades of visitor data
Akira really wasn't horsing around with this one
Ransomware in Focus06 Mar 2025 | 12
Up to $75M needed to fix up rural hospital cybersecurity as ransomware gangs keep scratching at the door
Attacks strike, facilities go bust, patients die. But it's preventable
Ransomware in Focus06 Mar 2025 | 8
Cybereason CEO leaves after months of boardroom blowups
Updated Complaint alleges 13 funding proposals foundered amid battle for control
Security06 Mar 2025 | 2
Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks
Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox
Cyber-crime06 Mar 2025 | 4
Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security
Video Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told
Public Sector05 Mar 2025 | 57
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets
Updated They're good at zero-day exploits, too
Public Sector05 Mar 2025 | 17
Apple drags UK government to court over 'backdoor' order
Updated A first-of-its-kind legal challenge set to be heard this month, per reports
Security05 Mar 2025 | 119
Leeds United kick card swipers into Row Z after 5-day cyberattack
English football club offers apologies after fans' card details stolen from online retail store
Cyber-crime05 Mar 2025 | 6
Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility
'No regrets' crew continues extorting victims, leaking highly sensitive data
Ransomware in Focus05 Mar 2025 | 2
How prevention is better than cure
Stop cyberattacks before they happen with preventative endpoint security
Sponsored Post
Ransomware thugs threaten Tata Technologies with leak if demands not met
Hunters International ready to off-shore 1.4 TB of info allegedly swiped from Indian giant
Ransomware in Focus05 Mar 2025 | 4
VMware splats guest-to-hypervisor escape bugs already exploited in wild
The heap overflow zero-day in the memory unsafe code by Miss Creant
Virtualization04 Mar 2025 | 8
How Google tracks Android device users before they've even opened an app
No warning, no opt-out, and critic claims ... no consent
Security04 Mar 2025 | 91
It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake
Says the biz trying to sell us stuff to catch that, admittedly
AI + ML04 Mar 2025 | 18
Plugging the holes in open banking
Enhancing API security for financial institutions
Partner Content
So … Russia no longer a cyber threat to America?
Comment Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks
Public Sector04 Mar 2025 | 218
Cybersecurity not the hiring-'em-like-hotcakes role it once was
Analysis Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts
CSO03 Mar 2025 | 15
Microsoft unveils finalized EU Data Boundary as European doubt over US grows
Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored
PaaS + IaaS03 Mar 2025 | 51
Polish space agency confirms cyberattack
Officials vow to uncover who was behind it
Ransomware in Focus03 Mar 2025 | 4
UK watchdog investigates TikTok and Reddit over child data privacy concerns
ICO looking at what data is used to serve up recommendations
Security03 Mar 2025 | 3
Governments can't seem to stop asking for secret backdoors
Opinion Cut off one head and 100 grow back? Decapitation may not be the way to go
Cyber-crime03 Mar 2025 | 125
US Cyber Command reportedly pauses cyberattacks on Russia
Infosec In Brief PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more
Security03 Mar 2025 | 98
C++ creator calls for help to defend programming language from 'serious attacks'
Bjarne Stroustrup wants standards body to respond to memory-safety push as Rust monsters lurk at the door
Software02 Mar 2025 | 213
Ransomware criminals love CISA's KEV list – and that's a bug, not a feature
1 in 3 entries are used to extort civilians, says new paper
Ransomware in Focus28 Feb 2025 | 5
Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators
Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim
AI + ML28 Feb 2025 | 3
Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’
FYI: What NOT to search after committing a crime
Cyber-crime27 Feb 2025 | 35
FBI officially fingers North Korea for $1.5B Bybit crypto-burglary
Federal agents, open up ... your browsers and see if you recognize any of these wallets
Cyber-crime27 Feb 2025 | 22
Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o
Updated Model was fine-tuned to write vulnerable software – then suggested enslaving humanity
AI + ML27 Feb 2025 | 127
Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time
Boffins poked around inside censorship engines – here's what they found
Networks27 Feb 2025 | 38
With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare
244M purloined passwords added to Have I Been Pwned thanks to govt tip-off
Cyber-crime26 Feb 2025 | 10
Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet
Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation
Cyber-crime26 Feb 2025 | 14
Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)
Starting with Snapdragon 8 Elite and 'droid 15
Personal Tech26 Feb 2025 | 5
Signal will withdraw from Sweden if encryption-busting laws take effect
Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect
Security26 Feb 2025 | 118
200-plus impressively convincing GitHub repos are serving up malware
Infosec bytes Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack
Security26 Feb 2025 | 9
Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in
Plus: New figurehead of DOGE emerges and they aren't called Elon
Public Sector26 Feb 2025 | 37
Drug-screening biz DISA took a year to disclose security breach affecting millions
If there's something nasty on your employment record, extortion scum could come calling
Cyber-crime26 Feb 2025 | 5
Xi know what you did last summer: China was all up in Republicans' email, says book
Of course, Microsoft is in the mix, isn't it
Cyber-crime25 Feb 2025 | 29
MITRE Caldera security suite scores perfect 10 for insecurity
Is a trivial remote-code execution hole in every version part of the training, or?
Research25 Feb 2025 | 9
Harassment allegations against DEF CON veteran detailed in court filing
More than a dozen women came forward with accusations
Security25 Feb 2025 | 10
Data resilience and data portability
Why organizations should protect everything, everywhere, all at once
Sponsored Feature
China's Silver Fox spoofs medical imaging apps to hijack patients' computers
Sly like a PRC cyberattack
Research25 Feb 2025 | 2
Malware variants that target operational tech systems are very rare – but 2 were found last year
Fuxnet and FrostyGoop were both used in the Russia-Ukraine war
Research25 Feb 2025 | 3
Southern Water takes the fifth over alleged $750K Black Basta ransom offer
Leaked chats and spilled secrets as AI helps decode circa 200K private talks
Ransomware in Focus25 Feb 2025 | 31
How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit
Analysis Blueprints shared for jail-breaking models that expose their chain-of-thought process
AI + ML25 Feb 2025 | 30
Google binning SMS MFA at last and replacing it with QR codes
Everyone knew texted OTPs were a dud back in 2016
CSO25 Feb 2025 | 105
US Dept of Housing screens sabotaged to show deepfake of Trump sucking Elon's toes
'Appropriate action will be taken,' we're told – as federal HR email sparks uproar, ax falls on CISA staff
Public Sector24 Feb 2025 | 133
Shifting the cybersecurity odds
Four domains to build resilience
Partner Content
Biting the hand that feeds IT
