CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands
NetScaler vendor issued a patch but otherwise, stony silence
Patches07 Jul 2025 |
Security
Phishing platforms, infostealers blamed as identity attacks soar
Get your creds in order or risk BEC, ransomware attacks, orgs warned
CSO07 Jul 2025 |
Stalkerware firm gets scooped by SQL-slinging security snoop
Infosec In Brief Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more
Security06 Jul 2025 | 1
Ingram Micro confirms ransomware behind multi-day outage
Updated SafePay crew claims responsibility for intrusion at one of world's largest tech distributors
Cyber-crime06 Jul 2025 | 18
Massive spike in use of .es domains for phishing abuse
¡Cuidado! Time to double-check before entering your Microsoft creds
Security05 Jul 2025 | 10
Microsoft Windows Firewall complains about Microsoft code
Just ignore the warnings. Nothing to see here. Move along
Security03 Jul 2025 | 20
Young Consulting finds even more folks affected in breach mess – now over 1 million
The insurance SaaS slinger may trade under a different name, but past continues to haunt it
Cyber-crime03 Jul 2025 | 1
Meta calls €200M EU fine over pay-or-consent ad model 'unlawful'
'Deserves fair compensation for the valuable and innovative services'? Which ones are those then?
Personal Tech03 Jul 2025 | 65
Ransomware crew Hunters International shuts down, hands out keys to victims
Don't let their kind words sway you – leaders are still up to no good
Cyber-crime03 Jul 2025 | 5
Let's Encrypt rolls out free security certs for IP addresses
You probably don't need one, but it's nice to have the option
Security03 Jul 2025 | 54
ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies
Crims have cottoned on to a new way to lead you astray
Research03 Jul 2025 | 22
Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform
The second max score this week for Netzilla - not a good look
Patches02 Jul 2025 | 14
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now
Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors'
Patches02 Jul 2025 | 7
23andMe's new owner says your DNA is safe this time
Nonprofit TTAM assures everything is BAU. Whether that makes customers feel better is another matter
Cyber-crime02 Jul 2025 | 18
US imposes sanctions on second Russian bulletproof hosting vehicle this year
Aeza Group accused of assisting data bandits and BianLian ransomware crooks
Cyber-crime02 Jul 2025 | 10
Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks
Experts say they don't expect the MOVEit menace to do much about it
Research02 Jul 2025 | 3
UK eyes new laws as cable sabotage blurs line between war and peace
It might be time to update the Submarine Telegraph Act of 1885
Networks02 Jul 2025 | 81
Australian airline Qantas reveals data theft impacting six million customers
Frequent flyers’ info takes flight
Security02 Jul 2025 | 17
Microsoft admits to Intune forgetfulness
Customizations not saved with security baseline policy update
Patches01 Jul 2025 | 8
International Criminal Court swats away 'sophisticated and targeted' cyberattack
Body stays coy on details but alludes to similarities with 2023 espionage campaign
Cyber-crime01 Jul 2025 | 4
Popular
Ingram Micro confirms ransomware behind multi-day outage
Updated SafePay crew claims responsibility for intrusion at one of world's largest tech distributors
Atlassian migrated 4 million Postgres databases to shrink AWS bill
Asia In Brief PLUS: Lexmark’s Chinese owners sell to Xerox; India, Australia, target underwater drones; JPMorgan drops custom TLDs; and more!
Yes, I wrote a very expensive bug. In my defense I was only seven years old at the time
Who, Me? Years later, deep into a great tech career, your fellow reader remains inspired by the forgiveness received after the error
UK puts out tender for space robot to de-orbit satellites
Updated Got to be a 'clean space superpower' – right, Brits?
VMware’s rivals ramp up their efforts to create alternative stacks
Red Hat and Open Nebula deliver big updates, as Edera tools for Xen with Rust
Stalkerware firm gets scooped by SQL-slinging security snoop
Infosec In Brief Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more
Airbus okays use of ‘Taxibot’ to tow planes to the runway
Airlines get the chance to cool their jets rather than burn fuel on the ground
AI scores a huge own goal if you play up and play the game
Opinion A virtual environment makes a great de-hype advisor
Phishing platforms, infostealers blamed as identity attacks soar
Get your creds in order or risk BEC, ransomware attacks, orgs warned
'Cyber security' behind decision to end defense satellite sharing of hurricane data
Official notice confirms delay to cutoff until the end of July. Not to worry, AI modelling's in the wings
STORIES
Terrible tales of opsec oversights: How cybercrooks get themselves caught
The silly mistakes to the flagrant failures
Security01 Jul 2025 | 14
Proton bashes Apple and joins antitrust suit that seeks to throw the App Store wide open
Makes the usual complaints about control and cost, adds argument Apple's practices harm privacy
Legal01 Jul 2025 | 18
US shuts down a string of North Korean IT worker scams
Resulting in two indictments, one arrest, and 137 laptops seized
Cyber-crime30 Jun 2025 | 1
British IT worker sentenced to seven months after trashing company network
Don't leave the door open to disgruntled workers
Cyber-crime30 Jun 2025 | 91
Scattered Spider crime spree takes flight as focus turns to aviation sector
Time ticking for defenders as social engineering pros weave wider web
Cyber-crime30 Jun 2025 | 2
Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants
Device compromises and deep-seated access to critical infrastructure exposed surveillance vulnerabilities in agency's work
Security30 Jun 2025 | 11
Your browser has ad tech's fingerprints all over it, but there's a clean-up squad in town
Opinion Like being hard to spot? They’d much rather you didn’t
Security30 Jun 2025 | 53
Canada orders Chinese CCTV biz Hikvision to quit the country ASAP
Asia In Brief PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more!
Public Sector30 Jun 2025 | 30
It's 2025 and almost half of you are still paying ransomware operators
Infosec in Brief PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more
Security30 Jun 2025 | 2
Ex-NATO hacker: 'In the cyber world, there's no such thing as a ceasefire'
interview Watch out for supply chain hacks especially
Cyber-crime28 Jun 2025 | 61
Crims are posing as insurance companies to steal health records and payment info
Taking advantage of the ridiculously complex US healthcare billing system
Cyber-crime27 Jun 2025 | 7
Cisco punts network-security integration as key for agentic AI
Getting it in might mean re-racking the entire datacenter and rebuilding the network, though
Datacenter Networking Nexus27 Jun 2025 | 6
Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’
update 'No impact on safety,' FAA tells The Reg
Cyber-crime27 Jun 2025 |
So you CAN turn an entire car into a video game controller
Pen Test Partners hijack data from Renault Clio to steer, brake, and accelerate in SuperTuxKart
Offbeat27 Jun 2025 | 35
Data spill in aisle 5: Grocery giant Ahold Delhaize says 2.2M affected after cyberattack
Finance, health, and national identification details compromised
Cyber-crime27 Jun 2025 | 4
FBI used bitcoin wallet records to peg notorious IntelBroker as UK national
Pro tip: Don't use your personal email account on BreachForums
Cyber-crime26 Jun 2025 | 31
What if Microsoft just turned you off? Security pro counts the cost of dependency
Comment Czech researcher lays out a business case for reducing reliance on Redmond
Security26 Jun 2025 | 115
Cisco fixes two critical make-me-root bugs on Identity Services Engine components
A 10.0 and a 9.8 – these aren’t patches to dwell on
Datacenter Networking Nexus26 Jun 2025 | 4
Glasgow City Council online services crippled following cyberattack
Nothing confirmed but authority is operating under the assumption that data has been stolen
Cyber-crime26 Jun 2025 | 14
Qilin ransomware attack on NHS supplier contributed to patient fatality
Pathology outage caused by Synnovis breach linked to harm across dozens of healthcare facilities
Cyber-crime26 Jun 2025 | 7
UK to buy nuclear-capable F-35As that can't be refueled from RAF tankers
Aircraft meant to bolster NATO deterrent will rely on allied support to stay airborne
Security26 Jun 2025 | 275
Frozen foods supermarket chain deploys facial recognition tech
Privacy campaigner brands Iceland's use of 'Orwellian' camera tech 'chilling,' CEO responds: 'It'll cut violent crime'
Security26 Jun 2025 | 118
That WhatsApp from an Israeli infosec expert could be a Iranian phish
Charming Kitten unsheathes its claws and tries to catch credentials
Cyber-crime26 Jun 2025 | 2
Citrix bleeds again: This time a zero-day exploited - patch now
Two emergency patches issued in two weeks
Patches25 Jun 2025 | 1
Amazon's Ring can now use AI to 'learn the routines of your residence'
It's meant to cut down on false positives but could be a trove for mischief-makers
Security25 Jun 2025 | 75
Computer vision research feeds surveillance tech as patent links spike 5×
A bottomless appetite for tracking people as 'objects'
Research25 Jun 2025 | 3
Supply chain attacks surge with orgs 'flying blind' about dependencies
Who is the third party that does the thing in our thing? Yep. Attacks explode over past year
CSO25 Jun 2025 | 4
French cybercrime police arrest five suspected BreachForums admins
Twentysomethings claimed to be linked to spate of high-profile cybercrimes
Cyber-crime25 Jun 2025 |
UK govt dept website that campaigns against encryption hijacked to advertise ... payday loans
Company at center of findings blamed SEO on outsourcer
Security25 Jun 2025 | 17
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
Why are you even reading this story? Patch now!
Patches24 Jun 2025 | 7
Beware of fake SonicWall VPN app that steals users' credentials
A good reminder not to download apps from non-vendor sites
Cyber-crime24 Jun 2025 | 1
The vulnerability management gap no one talks about
If an endpoint goes ping but isn't on the network, does anyone hear it?
Partner content
Four REvil ransomware crooks walk free, escape gulag fate, after admitting guilt
Russian judge lets off accused with time served – but others who refused to plead guilty face years in penal colony
Cyber-crime24 Jun 2025 | 9
Psylo browser tries to obscure digital fingerprints by giving every tab its own IP address
Gotta keep 'em separated so the marketers and snoops can't come out and play
Software24 Jun 2025 | 35
Typhoon-like gang slinging TLS certificate 'signed' by the Los Angeles Police Department
Chinese crew built 1,000+ device network that runs on home devices then targets critical infrastructure
Security23 Jun 2025 | 11
Iran cyberattacks against US biz more likely following air strikes
Plus 'low-level' hacktivist attempts
Cyber-crime23 Jun 2025 | 32
Second attack on McLaren Health Care in a year affects 743k people
Criminals targeted the hospital and physician network’s Detroit cancer clinic this time
Cyber-crime23 Jun 2025 | 1
Experts count staggering costs incurred by UK retail amid cyberattack hell
Cyber Monitoring Centre issues first severity assessment since February launch
Cyber-crime23 Jun 2025 | 27
Former US Army Sergeant pleads guilty after amateurish attempt at selling secrets to China
Infosec in brief PLUS: 5.4M healthcare records leak; AI makes Spam harder to spot; Many nasty Linux vulns; and more
Security23 Jun 2025 | 7
Netflix, Apple, BofA websites hijacked with fake help-desk numbers
Don’t trust mystery digits popping up in your search bar
Cyber-crime20 Jun 2025 | 14
Looks like Aflac is the latest insurance giant snagged in Scattered Spider’s web
If it looks like a duck and walks like a duck...
Cyber-crime20 Jun 2025 | 5
Qilin ransomware top dogs treat their minions to on-call lawyers for fierier negotiations
It's a marketing move to lure more affiliates, says infosec veteran
Cyber-crime20 Jun 2025 | 4
Attack on Oxford City Council exposes 21 years of election worker data
Services coming back online after legacy systems compromised
Cyber-crime20 Jun 2025 | 24
Boffins devise voice-altering tech to jam 'vishing' schemes
To stop AI scam callers, break automatic speech recognition systems
Research19 Jun 2025 | 38
Uncle Sam seeks time in tower dump data grab case after judge calls it 'unconstitutional'
Feds told they can't demand a haystack to find a needle
Cyber-crime19 Jun 2025 | 17
Glazed and confused: Hole lotta highly sensitive data nicked from Krispy Kreme
Experts note 'major red flags' in donut giant's security as 161,676 staff and families informed of attack details
Cyber-crime19 Jun 2025 | 48
UK gov asks university boffins to pinpoint cyber growth areas where it should splash cash
Good to see government that values its academics (cough cough). Plus: New board criticized for lacking 'ops' people
Public Sector19 Jun 2025 | 11
Sneaky Serpentine#Cloud slithers through Cloudflare tunnels to inject orgs with Python-based malware
Phishing, Python and RATs, oh my
Cyber-crime19 Jun 2025 | 2
Iran’s internet goes offline for hours amid claims of ‘enemy abuse’
Bank and crypto outfits hit after Israeli commander mentioned attacks expanding to ‘other areas’
Public Sector19 Jun 2025 | 13
Minecraft cheaters never win ... but they may get malware
Infostealers posing as popular cheat tools are cropping up on GitHub
Cyber-crime18 Jun 2025 | 7
Asana's cutting-edge AI feature ran into a little data leakage problem
New MCP server was shut down for nearly two weeks
Security18 Jun 2025 | 2
Veeam patches third critical RCE bug in Backup & Replication in space of a year
Version 13 can’t come soon enough
Patches18 Jun 2025 | 1
How to bridge the MFA gap
If a credential is worth protecting, it's worth protecting well.
Sponsored feature
Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack
Interview Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI
CSO18 Jun 2025 | 10
Trump administration set to waive TikTok sell-or-die deadline for a third time
Quick reminder: The law that banned the app is called ‘Protecting Americans from Foreign Adversary Controlled Applications Act’
Public Sector18 Jun 2025 | 46
AWS locks down cloud security, hits 100% MFA enforcement for root users
Plus adds a ton more security capabilities for cloud customers at re:Inforce
Security17 Jun 2025 | 1
Sitecore CMS flaw let attackers brute-force 'b' for backdoor
Hardcoded passwords and path traversals keeping bug hunters in work
Patches17 Jun 2025 | 5
Redefining identity security in the age of agentic AI
Now AI agents have identity, too. Here's how to handle it
Partner content
23andMe hit with £2.3M fine after exposing genetic data of millions
Penalty follows year-long probe into flaws that allowed attack to affect so many
CSO17 Jun 2025 | 16
Scattered Spider has moved from retail to insurance
Google threat analysts warn the team behind the Marks & Spencer break-in has moved on
Cyber-crime16 Jun 2025 | 1
Remorseless extortionists claim to have stolen thousands of files from Freedman HealthCare
UPDATED The group has previously threatened to SWAT cancer patients and leaked pre-op plastic surgery photos
Cyber-crime16 Jun 2025 |
Canada's WestJet says 'expect interruptions' online as it navigates cybersecurity turbulence
updated Flights still flying - just don't count on the app or website working smoothly
Security16 Jun 2025 | 1
Eurocops arrest suspected Archetyp admin, shut down mega dark web drug shop
Marketplace as big as Silk Road had more than 600k users and turnover of 'at least' €250M
Security16 Jun 2025 | 9
Salesforce study finds LLM agents flunk CRM and confidentiality tests
6-in-10 success rate for single-step tasks
AI + ML16 Jun 2025 | 51
Microsoft adds export option to Windows Recall in Europe
Updated But lose your code and it's gone for good
OSes16 Jun 2025 | 19
Spy school dropout: GCHQ intern jailed for swiping classified data
Student 'believed he could finish' software dev 'project alone and therefore that the rules did not apply to him'
Security16 Jun 2025 | 117
How collaborative security can build you a better business
Getting employees on board can do more than prevent breaches; it can send profitability soaring
Sponsored Post
Armored cash transport trucks allegedly hauled money for $190 million crypto-laundering scheme
Asia In Brief PLUS: APNIC completes re-org; India cuts costs for chipmakers; Infosys tax probe ends; and more
Cyber-crime16 Jun 2025 | 3
Dems demand audit of CVE program as Federal funding remains uncertain
Infosec In Brief PLUS: Discord invite links may not be safe; Miscreants find new way to hide malicious JavaScript; and more!
Security15 Jun 2025 | 5
Cyber weapons in the Israel-Iran conflict may hit the US
With Tehran’s military weakened, digital retaliation likely, experts tell The Reg
Security13 Jun 2025 | 28
Do you trust Xi with your 'private' browsing data? Apple, Google stores still offer China-based VPNs, report says
Some trace back to an outfit under US export controls for alleged PLA links
Research13 Jun 2025 | 33
Apple fixes zero-click exploit underpinning Paragon spyware attacks
Zero-day potentially tied to around 100 suspected infections in 2025 and a spyware scandal on the continent
Security13 Jun 2025 | 18
Wanted: Junior cybersecurity staff with 10 years' experience and a PhD
Infosec employers demanding too much from early-career recruits, says ISC2
CSO13 Jun 2025 | 75
Slapped wrists for Financial Conduct Authority staff who emailed work data home
It was one of the offenders' final warning
CSO13 Jun 2025 | 20
Ransomware scum disrupted utility services with SimpleHelp attacks
Good news: The vendor patched the flaw in January. Bad news: Not everyone got the memo
Cyber-crime12 Jun 2025 | 1
'Major compromise' at NHS temping arm exposed gaping security holes
Exclusive Incident responders suggested sweeping improvements following Active Directory database heist
Cyber-crime12 Jun 2025 | 18
DeepSeek installer or just malware in disguise? Click around and find out
'BrowserVenom' is pure poison
Cyber-crime11 Jun 2025 | 5
Hire me! To drop malware on your computer
FIN6 moves from point-of-sale compromise to phishing recruiters
Cyber-crime11 Jun 2025 | 3
Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks
The 16 other flagged issues are on customers, says CRM giant
Research11 Jun 2025 |
Asia dismantles 20,000 malicious domains in infostealer crackdown
Interpol coordinates operation, nabs 32 across Vietnam, Sri Lanka, and Nauru
Cyber-crime11 Jun 2025 | 4
Biting the hand that feeds IT
