North Korea targets macOS users in latest heist
Social engineering: 'low-cost, hard to patch, and scales well'
Cyber-crime16 Apr 2026 |
Security
Americans who masterminded Nork IT worker fraud sentenced to 200 months behind bars
Fortune 500 companies and one US defense contractor got taken for $5m in four-year scam
Legal16 Apr 2026 | 6
Git identity spoof fools Claude into giving bad code the nod
Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer
AI + ML16 Apr 2026 | 3
Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
Publisher claims misconfigured Salesforce-hosted page leaked data
Cyber-crime16 Apr 2026 | 1
Microsoft announces product it doesn't want you to buy: Extended security updates for old Exchange, and Skype for Biz
Just migrate already, would you? But if you can't, Redmond will take your cash
Security16 Apr 2026 | 7
Server-room lock was nothing but a crock
PWNED Your cybersecurity is only as good as the physical security of the servers
Security16 Apr 2026 | 69
Google Chrome lacks protection against one of the most basic and common ways to track users online
Browser fingerprinting is everywhere
Security16 Apr 2026 | 35
Nobody knows how many CVEs Anthropic's Project Glasswing has actually found
Like the majority of the companies participating, it remains a mystery
Security15 Apr 2026 | 13
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
No reports of active exploitation (yet)
Patches15 Apr 2026 | 1
Automotive data biz Autovista blames ransomware for service disruption
Some customer orgs tell staff to block inbound email from the provider
Cyber-crime15 Apr 2026 |
French cops free mother and son after 20-hour crypto kidnap ordeal
Latest in a string of cases that have earned France an unfortunate title
Security15 Apr 2026 | 15
Ancient Excel bug comes out of retirement for active attacks
Vuln old enough to drive lands on CISA's exploited list
Patches15 Apr 2026 | 8
Raspberry Pi OS ends open-door policy for sudo
Command prefix will require password by default
OSes15 Apr 2026 | 58
UK told its Big Tech habit is now a national security risk
Open Rights Group says years of reliance on US giants have left Britain exposed
Public Sector15 Apr 2026 | 34
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
Exclusive Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive
Security15 Apr 2026 | 7
Commvault has a Ctrl+Z for rogue AI agents
The company's new software keeps an eye on your agents and backs up data.
Security14 Apr 2026 | 3
Microsoft's massive Patch Tuesday: It's raining bugs
One CVE under attack, one already disclosed by angry bug hunter, and 163 more
Patches14 Apr 2026 | 23
No honor among thieves as 0APT threatens rival ransomware gang Krybit
Honey, the skids are fighting again
Cyber-crime14 Apr 2026 | 2
Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
One was patched almost 14 years ago
Patches13 Apr 2026 | 6
Fake Linux leader using Slack to con devs into giving up their secrets
Google Sites lure leads to bogus root certificate
Cyber-crime13 Apr 2026 | 2
Popular
Raspberry Pi OS ends open-door policy for sudo
Command prefix will require password by default
Microsoft's massive Patch Tuesday: It's raining bugs
One CVE under attack, one already disclosed by angry bug hunter, and 163 more
You can finally control serial devices from Firefox
Long languishing API gets love from Mozilla
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
Exclusive Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive
AI-powered mainframe exits are a bubble set to pop
Analysts reckon 70 percent of projects will fail, and 75 percent of vendors in the field will go away
Ancient Excel bug comes out of retirement for active attacks
Vuln old enough to drive lands on CISA's exploited list
US states can't account for datacenter tax breaks. Literally
Report says authorities are flouting rules by failing to disclose revenue lost to server farm subsidies
Decades-old Linux UI bug fixed by dev younger than the window manager
Kamila Szewczyk prefers old software, as back then people understood something could actually be finished
Commvault has a Ctrl+Z for rogue AI agents
The company's new software keeps an eye on your agents and backs up data.
UK told its Big Tech habit is now a national security risk
Open Rights Group says years of reliance on US giants have left Britain exposed
STORIES
Booking.com warns reservation data may have checked out with intruders
Travel giant says names, contact details, dates, and hotel messages potentially exposed
Cyber-crime13 Apr 2026 | 22
Gym giant Basic-Fit confirms data on a million members stolen in cyberattack
Names, addresses, dates of birth, and bank details accessed, though not passwords
Cyber-crime13 Apr 2026 | 15
Rockstar Games gets a taste of grand theft data
ShinyHunters claims it accessed Snowflake metrics via third-party tool
Cyber-crime13 Apr 2026 | 4
NHS pays £46K to prep next Microsoft licensing round
Benchmarking contract lays groundwork for renegotiating £774M software agreement
Personal Tech13 Apr 2026 | 11
China wants AI to prepare school lessons and mark homework
Asia In Brief PLUS: Toyota wheels out basketball bot; Arm scores AI server win with SK Telecom; India ponders payment pauses to foil fraudsters; And more!
AI + ML13 Apr 2026 | 5
Anthropic's mysterious Mythos AI threatens to upend the infosec world
Kettle Or it's a bunch of pre-IPO hype. Either way, we're giving it the once-over on this week's episode
Security12 Apr 2026 | 4
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
FEATURE Time to start dropping SBOMs
Security11 Apr 2026 | 29
Hungarian government creds left in the safe hands of 'FrankLampard'
Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts
Security11 Apr 2026 | 49
CPUID site hijacked to serve malware instead of HWMonitor downloads
Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers
Security10 Apr 2026 | 1
Project Glasswing and open source software: The good, the bad, and the ugly
Opinion Just what FOSS developers need – a flood of AI-discovered vulnerabilities
Security10 Apr 2026 | 24
Britain seeks views before it drops the hammer on signal jammers
Four-week call for evidence intended to help shape laws aimed at devices linked to crime
Security10 Apr 2026 | 66
Unpacking AI security in 2026 from experimentation to the agentic era
Cut through the noise and understand the real risks, responsibilities, and responses shaping enterprise AI today.
Webinar Promo
Crypto? Huh. Good gawd y'all, what is it good for? $45M in this case
Cops bust latest scam, return $12m to bilked victims
Cyber-crime09 Apr 2026 | 7
'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree
Possible link to Mr. Raccoon's claimed Adobe break-in
Cyber-crime09 Apr 2026 | 3
Chevin pulls the handbrake on FleetWave software after security scare
UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline
Security09 Apr 2026 | 2
Months-old Adobe Reader zero-day uses PDFs to size up targets
Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload
Cyber-crime09 Apr 2026 | 17
Microsoft locks out VeraCrypt and WireGuard devs, blames verification process
No emails, no warnings, no humans – just bots, catch-22s, and a 60-day appeals queue
Security09 Apr 2026 | 95
Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse
Wash your mouth out with digital soap
Security09 Apr 2026 | 5
Zephyr Energy loses £700K in cyber hit that rerouted contractor payment
Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash
Cyber-crime09 Apr 2026 | 6
Sticky-note security turned gym into hall of '80s horrors
PWNED Even fitness equipment is vulnerable to mischief makers these days
Security09 Apr 2026 | 65
Cryptographers place $5,000 bet whether quantum will matter
The time is maybe
Security09 Apr 2026 | 30
Criminal wannabes even more dangerous than the pros, says ex-FBI cyber chief
interview If they don't know what they're doing, you might never get your data back
Security08 Apr 2026 | 8
Dutch healthcare software vendor goes dark after ransomware attack
ChipSoft's website remains down but emails are functioning
Cyber-crime08 Apr 2026 | 2
NHS Scotland-linked domains caught serving pr0n and dodgy sports streams
Two practice web addresses appear to have been compromised
Security08 Apr 2026 | 18
Microsoft hints at bit bunkers for war zones
President Brad Smith tells an interviewer that Microsoft is reconsidering datacenter design in light of Iran war
On-Prem08 Apr 2026 | 35
Anthropic: All your zero-days are belong to Mythos
Hasn't released it to the public, because it would break the internet - in a bad way
Security07 Apr 2026 | 32
Iran cyber actors disrupting US water, energy facilities, FBI warns
Your PLCs aren't internet-connected, right? Right?!
Security07 Apr 2026 | 20
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
Who needs MFA when you've got EvilTokens?
Cyber-crime07 Apr 2026 | 30
US cybercrime losses pass $20B for first time as AI boosts online fraud
Bots are now firmly in the toolbox, helping crooks scale old scams
Cyber-crime07 Apr 2026 | 7
Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns
200 orgs and 5,000 devices compromised so far in Vlad's latest intelligence grab, Microsoft reckons
Cyber-crime07 Apr 2026 | 2
Yahoo! Japan’s owner consolidating 164 OpenStack clusters into one
Customizations are causing pain so new cloud will stick to upstream cuts of the open source stack
PaaS + IaaS07 Apr 2026 | 10
AI agents found vulns in this popular Linux and Unix print server
CUPS server shown spilling out remote code execution and root access
Security06 Apr 2026 | 24
Attackers exploited this critical FortiClient EMS bug as a 0-day
CISA added the flaw to KEV after Fortinet confirmed exploitation in the wild
Patches06 Apr 2026 |
Anthropic sure has a mess on its hands thanks to that Claude Code source leak
Kettle Pay no attention to that code behind the curtain, says Anthropic as it scrambles to defend its IPO
AI + ML06 Apr 2026 | 11
Researchers didn’t want to glamorize cybercrims. So they roasted them
interview True-crime tales of criminals making fools of themselves
Security05 Apr 2026 | 33
Trump wants to take a battle axe to CISA again and slash $707M from budget
Ex-CISA official tells The Reg: 'this would weaken the system for managing cyber risk'
Security03 Apr 2026 | 42
Hybrid work, expanded risk: what needs to change
A practical look at securing identities, devices and applications wherever work happens
Webinar Promo
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
Source code with a side of Vidar stealer and GhostSocks
Security02 Apr 2026 | 16
The company's biggest security hole lived in the breakroom
Pwned Connected devices can leave an otherwise secure network vulnerable
Security02 Apr 2026 | 83
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
First public downstream victim, but won't be the last
Cyber-crime02 Apr 2026 | 5
Amazon security boss: AI makes pentesting 40% more efficient
interview Plus: how to train your human AI
Security01 Apr 2026 | 4
'People's Panel' to check if UK wants controversial Digital ID will cost £630K
We could tell you no for free
Public Sector01 Apr 2026 | 89
UK manufacturers under cyber fire with 80% reporting attacks
ESET says factory outages, lost revenue, and supply chain disruption are becoming routine
Security01 Apr 2026 | 33
Don't open that WhatsApp message, Microsoft warns
How to avoid social engineering attacks? Employee training tops the list
Research31 Mar 2026 | 33
Iran targets M365 accounts with password-spraying attacks
Researchers say some targets correlate with cities hit by Iranian missile strikes
Cyber-crime31 Mar 2026 | 3
Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines
Updated Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios
CSO31 Mar 2026 | 4
OpenAI patches ChatGPT flaw that smuggled data over DNS
Check Point says outbound controls blocked web traffic but overlooked DNS
Security30 Mar 2026 | 10
Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
infosec in brief Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more
Cyber-crime30 Mar 2026 | 2
Citrix NetScaler bug exploited in days, may be multiple flaws in a trench coat
Researchers say attackers are already looting vulnerable boxes
Patches30 Mar 2026 |
European Commission admits attackers broke into public web systems, but says little else
Brussels notifying 'Union entities' whose data may've been snatched in websites breach
Cyber-crime30 Mar 2026 | 5
Security contractor blew the whistle on support crew's viral indifference
Who, Me? Career-limiting stupidity and rudeness exposed, with terminal consequences
Security30 Mar 2026 | 62
US foreign router ban criticized for being ‘industrial policy disguised as cybersecurity’
Public policy professor says it will make America less secure but hits Netgear’s lobbying goals
Security30 Mar 2026 | 45
AFC Ajax drops ball as flaws let hackers play admin with tickets and bans
Vulns in Dutch football club's systems didn't just expose data – they let outsiders play with accounts, and even lift stadium bans
Cyber-crime27 Mar 2026 | 5
Iran war drives urgent need to counter underwater attack drones
US and UK forces seeking tech tender with an April 3 deadline
Offbeat27 Mar 2026 | 54
Security boffins scoured the web and found hundreds of valid API keys
Global bank's devs have some cleaning up to do after cloud creds found in website code
Research27 Mar 2026 | 8
Brit lawmaker targeted by AI deepfake fails to get answers from US Big Tech
Appearing before Parliament, Meta, Google and X struggle to explain how fake political video circulated for so long
AI + ML26 Mar 2026 | 40
UK wants to know if banning under-16s from social media does anything useful
300 families undergo 6-week trial to test impact on sleep, school, and home life
Public Sector26 Mar 2026 | 82
Indian government probes CCTV espionage operation linked to Pakistan
Police found cameras pointing at infrastructure
Security26 Mar 2026 | 8
AI supply chain attacks don’t even require malware…just post poisoned documentation
A proof-of-concept attack on Context Hub suggests there's not much content santization
Security25 Mar 2026 | 5
Scammers have virtual smartphones on speed dial for fraud
They cleverly mimic most traits of a real phone
Cyber-crime25 Mar 2026 | 14
Jen Easterly, cybersecurity's 'relentless optimist,' hopes feds come back to RSAC next year
RSAC 2026 Ex-CISA boss also says no reason to panic about AI and security
RSA25 Mar 2026 | 15
Only Trump can decide when cyberwar turns into real war
rsac 2026 Four former NSA bosses walk onto the stage at RSAC…
RSA25 Mar 2026 | 15
Enterprise PCs are unreliable, unpatched, and unloved compared to Macs
Omnissa telemetry suggests business buyers are loving Apple and Google
Personal Tech25 Mar 2026 | 38
EFF has a new boss to lead the fight against privacy-sucking forces of doom
interview Cyber rights org retools for the days of AI and unrestrained government
Security24 Mar 2026 | 2
1K+ cloud environments infected following Trivy supply chain attack
RSAC 2026 Crims 'creating a snowball effect' across open source projects
RSA24 Mar 2026 | 5
LiteLLM loses game of Trivy pursuit, gets compromised
Python interface for LLMs infected with malware via polluted CI/CD pipeline
Security24 Mar 2026 | 7
HackerOne slams supplier for delayed breach notice after staff data exposed
Nearly 300 employees caught up in intrusion at benefits provider Navia
Cyber-crime24 Mar 2026 | 6
Country that put backdoors into Cisco routers to spy on world bans foreign routers
Unfortunately, there aren't many options unless you're Starlink
Networks24 Mar 2026 | 189
Russian initial access broker who fed ransomware crews gets 81 months in US prison
Aleksei Volkov sentenced after enabling attacks that cost victims millions
Cyber-crime24 Mar 2026 | 1
Claude attacks were 'Rorschach test' for infosec community, scaring former NSA boss
RSAC 2026 'It freakin' worked' says Rob Joyce - and shows how relentless AI agents can find holes humans miss
RSA23 Mar 2026 | 2
Lightning-fast exploits make it essential to patch fast, ask questions later
Here's where you ought to spend your security billable hours budget this year
CSO23 Mar 2026 | 6
Google unleashes Gemini AI agents on the dark web
RSAC 2026 Claims it can analyze millions of daily events with 98 percent accuracy
RSA23 Mar 2026 | 21
Smooth criminals talking their way into cloud environments, Google says
RSAC 2026 Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins
RSA23 Mar 2026 | 1
US chip testing firm shrugged off ransomware hit as minor – then came the data leak
Trio-Tech International initially said hack wasn't 'material,' but then stolen data was published
Cyber-crime23 Mar 2026 |
RSAC 2026: Uncle Sam backs out, and AI agents are everywhere
kettle Infosec pros descend on San Francisco
RSA23 Mar 2026 | 3
Microsoft fixes broken Windows update days after vowing fewer broken updates
The era of reliability begins... right after this out-of-band patch
OSes23 Mar 2026 | 31
The drone swarm is coming, and NATO air defenses are too expensive to cope
Ukraine's battlefield lessons show quantity and affordability now trump exquisite hardware
Edge + IoT23 Mar 2026 | 61
Russians are posing as Signal support to launch phishing attacks
Infosec In Brief PLUS: US takes down Iranian propaganda sites; Marketing company asks 'Why Do We Have Your Information?' And more!
Security22 Mar 2026 | 20
Cryptographers engage in war of words over RustSec bug reports and subsequent ban
Updated Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much
Security20 Mar 2026 | 51
UK police force presses pause on live facial recognition after study finds racial bias
Cams statistically more likely to ID Black people, says new research
Public Sector20 Mar 2026 | 67