The one interview question that will protect you from North Korean fake workers
RSAC FBI and others list how to spot NK infiltrators, but AI will make it harder
Spotlight on RSAC29 Apr 2025 | 8
Security
Swiss boffins admit to secretly posting AI-penned posts to Reddit in the name of science
They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse
AI + ML29 Apr 2025 | 8
Open source text editor poisoned with malware to target Uyghur users
Who could possibly be behind this attack on an ethnic minority China despises?
Security29 Apr 2025 | 3
Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus
Florida man altered allergen info, DoSed former colleagues
Cyber-crime29 Apr 2025 | 10
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
Sometimes, silence is the best option
CSO28 Apr 2025 | 3
How to survive as a CISO aka 'chief scapegoat officer'
RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel
Spotlight on RSAC28 Apr 2025 | 4
Admission impossible: NSA, CISA brass absent from RSA Conf
RSAC Homeland Security boss Noem added as last-minute keynote, mind you
Spotlight on RSAC28 Apr 2025 | 9
The future of AI in cybersecurity in a word: Optimistic
Think of artificial intelligence as your embedded ally
Sponsored post
From 112K to 4M folks' data – HR biz attack goes from bad to mega bad
It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands
Cyber-crime28 Apr 2025 | 6
Back online after 'catastrophic' attack, 4chan says it's too broke for good IT
Image board hints that rumors of a poorly maintained back end may be true
Security28 Apr 2025 | 29
Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025
Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year
OSes28 Apr 2025 | 33
Samsung admits Galaxy devices can leak passwords through clipboard wormhole
Infosec in brief PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more!
Security28 Apr 2025 | 10
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed
Opinion Infosec is a team sport … unless you're in the White House
Public Sector25 Apr 2025 | 92
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member
What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future
CSO25 Apr 2025 | 17
More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans
GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures
Security25 Apr 2025 | 5
Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions
Where have we heard this before? Feb security update needs its own fix
OSes25 Apr 2025 | 1
M&S stops online orders as 'cyber incident' issues worsen
One step forward and one step back as earlier hopes of progress dashed by latest update
Cyber-crime25 Apr 2025 | 19
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues
Patches25 Apr 2025 | 2
Claims assistance firm fined for cold-calling people who put themselves on opt-out list
Third-party data supplier also in hot water with Brit regulator over consent issues
Security25 Apr 2025 | 31
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
Because coding phishing sites from scratch is a real pain in the neck
Cyber-crime25 Apr 2025 | 5
Popular
Samsung admits Galaxy devices can leak passwords through clipboard wormhole
Infosec in brief PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more!
Windows isn't an OS, it's a bad habit that wants to become an addiction
Opinion Think that next refresh is going to get better? The first step to freedom is admitting there's a problem
Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025
Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year
DARPA to 'radically' rev up mathematics research. Yes, with AI
Now that's a sum of all fears
Google goes cold on Europe: Stops making smart thermostats for continental conditions
And just-about bricks some of its older models everywhere
What the **** did you put in that code? The client thinks it's a cyberattack
Who, Me? When your customers work in super-sensitive situations, bad jokes make for bad business
Back online after 'catastrophic' attack, 4chan says it's too broke for good IT
Image board hints that rumors of a poorly maintained back end may be true
Toyota picks Huawei’s Android-killer HarmonyOS for its Chinese electric sedan
Asia In Brief PLUS: Korea's SK Telecom replacing SIMs after attack; India automates satellite docking; China greens its datacenters; and more
Nationwide power outages knock Spain, Portugal offline
Updated Cyberattack? Bad software update? International oopsie? The cause is unclear, but Iberia is dark
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
Sometimes, silence is the best option
STORIES
SSNs and more on 5.5M+ patients feared stolen from Yale Health
At least it wasn't Harvard
Cyber-crime24 Apr 2025 | 5
Microsoft mystery folder fix might need a fix of its own
This one weird trick can stop Windows updates dead in their tracks
Security24 Apr 2025 | 49
Assassin's Creed maker faces GDPR complaint for forcing single-player gamers online
Collecting data from solo players is a Far Cry from being necessary, says noyb
Security24 Apr 2025 | 38
M&S takes systems offline as 'cyber incident' lingers
Customers told to expect further delays as contactless payments still down
Cyber-crime24 Apr 2025 | 12
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year
Cybercriminals are targeting software shops, accountants, lawyers
CSO24 Apr 2025 | 2
Booby-trapped Alpine Quest Android app geolocates Russian soldiers
Back of the nyet!
Research24 Apr 2025 | 36
Ransomware scum and other crims bilked victims out of a 'staggering' $16.6B last year, says FBI
Biggest threat to America's critical infrastructure? Ransomware
Cyber-crime24 Apr 2025 | 7
Blue Shield says it shared health info on up to 4.7M patients with Google Ads
Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway
CSO23 Apr 2025 | 24
Ripple NPM supply chain attack hunts for private keys
A mystery thief and a critical CVE involved in crypto cash grab
Cyber-crime23 Apr 2025 | 4
We’re calling it now: Agentic AI will win RSAC buzzword Bingo
RSAC All aboard the hype train
Spotlight on RSAC23 Apr 2025 | 7
Who needs phishing when your login's already in the wild?
Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get
CSO23 Apr 2025 | 11
Ex-NSA chief warns AI devs: Don’t repeat infosec’s early-day screwups
Bake in security now or pay later, says Mike Rogers
AI Software Development Week23 Apr 2025 | 6
America's cyber defenses are being dismantled from the inside
Opinion The CVE system nearly dying shows that someone has lost the plot
CSO23 Apr 2025 | 91
RIP, Google Privacy Sandbox
Chrome will keep third-party cookies, a win for web giant's ad rivals
Applications22 Apr 2025 | 24
Two CISA officials jump ship, both proud of pushing for Secure by Design software
As cyber-agency faces cuts, makes noises about switching up program
Public Sector22 Apr 2025 | 11
Fog ransomware channels Musk with demands for work recaps or a trillion bucks
In effect: 'Ha ha – the government is borked and so are you'
Security22 Apr 2025 | 14
A pot of $250K is now available to ransomware researchers, but it feeds a commercial product
Security bods can earn up to $10K per report
Research22 Apr 2025 | 3
This is not just any 'cyber incident' … this is an M&S 'cyber incident'
Retailer tight-lipped on details as digital hiccup disrupts customer orders
Cyber-crime22 Apr 2025 | 36
UN says Asian scam call center epidemic expanding globally amid political heat
What used to be a serious issue mainly in Southeast Asia is now the world’s problem
Cyber-crime22 Apr 2025 | 13
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
10 other certificates 'were mis-issued and have now been revoked'
CSO22 Apr 2025 | 13
Today's LLMs craft exploits from patches at lightning speed
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours
AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days
It's now hitting govt, enterprise targets
CSO21 Apr 2025 | 31
Hacking US crosswalks to talk like Zuck is as easy as 1234
Video AI-spoofed Mark joins fellow billionaires as the voice of the street – here's how it was probably done
Bootnotes19 Apr 2025 | 85
Dems fret over DOGE feeding sensitive data into random AI
Updated Using LLMs to pick programs, people, contracts to cut is bad enough – but doing it with Musk's Grok? Yikes
Public Sector18 Apr 2025 | 67
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter
Some in the infosec world definitely want to see Big Red crucified
CSO18 Apr 2025 | 6
CVE fallout: The splintering of the standard vulnerability tracking system has begun
Comment MITRE, EUVD, GCVE … WTF?
Spotlight on RSAC18 Apr 2025 | 88
Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances
Illegitimi non carborundum? Nice password, Mr Ex-CISA
Spotlight on RSAC17 Apr 2025 | 68
Brit soldiers tune radio waves to fry drone swarms for pennies
Truck-mounted demonstration weapon costs 10p a pop, says MOD
Security17 Apr 2025 | 164
Whistleblower describes DOGE IT dept rampage at America's labor watchdog
Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim
CSO17 Apr 2025 | 53
Free Blue Screens of Death for Windows 11 24H2 users
Microsoft rewards those who patch early with bricks hurled through its operating system
OSes16 Apr 2025 | 25
Signalgate chats vanish from CIA chief phone
Extraordinary rendition of data, or just dropped it out of a helicopter?
CSO16 Apr 2025 | 22
Identifying the cyber risks that matter
From noise to clarity: Why CISOs are shifting to adversarial exposure validation
Partner content
CVE program gets last-minute funding from CISA – and maybe a new home
Uncertainty is the new certainty
CSO16 Apr 2025 | 32
Law firm 'didn't think' data theft was a breach, says ICO. Now it's nursing a £60K fine
DPP Law is appealing against data watchdog's conclusions
Security16 Apr 2025 | 23
Russians lure European diplomats into malware trap with wine-tasting invite
Vintage phishing varietal has improved with age
Cyber-crime16 Apr 2025 | 14
Guess what happens when ransomware fiends find 'insurance' 'policy' in your files
It involves a number close to three or six depending on the pickle you're in
Spotlight on RSAC16 Apr 2025 | 20
Uncle Sam kills funding for CVE program. Yes, that CVE program
Updated Because vulnerability management has nothing to do with national security, right?
CSO16 Apr 2025 | 179
Now 1.6M people had SSNs, life chapter and verse stolen from insurance IT biz
800K? Make that double, and we'll need a double, too, for the pain
Cyber-crime15 Apr 2025 | 16
4chan, the 'internet’s litter box,' appears to have been pillaged by rival forum
Source code, moderator info, IP addresses, more allegedly swiped and leaked
Cyber-crime15 Apr 2025 | 33
China names alleged US snoops over Asian Winter Games attacks
Beijing claims NSA went for gold in offensive cyber, got caught in the act
Cyber-crime15 Apr 2025 | 6
All right, you can have one: DOGE access to Treasury IT OK'd judge
Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez
Public Sector15 Apr 2025 | 18
Chinese snoops use stealth RAT to backdoor US orgs – still active last week
Let the espionage and access resale campaigns begin (again)
Research15 Apr 2025 | 3
ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK?
Stopping users shooting themselves in the foot with last century's tech
Software15 Apr 2025 | 13
Where it Hertz: Customer data driven off in Cleo attacks
Car hire biz takes your privacy seriously, though
Cyber-crime15 Apr 2025 | 7
EU gives staff 'burner phones, laptops' for US visits
That would put America on the same level as China for espionage
Security15 Apr 2025 | 128
Don't delete that mystery empty folder. Windows put it there as a security fix
Copilot vibe coding for OS development? Why not
Patches14 Apr 2025 | 33
New SSL/TLS certs to each live no longer than 47 days by 2029
IT admins, get ready to grumble
CSO14 Apr 2025 | 124
Cyber congressman demands answers before CISA gets cut down to size
What's the goal here, Homeland Insecurity or something?
Security14 Apr 2025 | 14
Official abuse of state security has always been bad, now it's horrifying
Opinion UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond
Security14 Apr 2025 | 219
CIO and digi VP to depart UK retail giant Asda as Walmart divorce woes settle
Exclusive Brit retailer says troubled breakup with tech platform of former US owner nearing conclusion
On-Prem14 Apr 2025 | 15
Old Fortinet flaws under attack with new method its patch didn't prevent
Infosec In Brief PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more!
Security14 Apr 2025 | 6
China reportedly admitted directing cyberattacks on US infrastructure
Asia In Brief PLUS: India's new electronics subsidies; Philippines unplugs a mobile carrier; Alibaba Cloud expands
Security14 Apr 2025 | 6
Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks
Feature Military units, government nerds appear to join the fray, with physical infra in sights
CSO13 Apr 2025 | 7
LLMs can't stop making up software dependencies and sabotaging everything
Hallucinated package names fuel 'slopsquatting'
AI Software Development Week12 Apr 2025 | 95
Microsoft total recalls Recall totally to Copilot+ PCs
Redmond hopes you’ve forgotten or got over why everyone hated it the first time
OSes11 Apr 2025 | 126
Ransomware crims hammering UK more than ever as British techies complain the board just doesn't get it
Issues at the very top continue to worsen
Cyber-crime11 Apr 2025 | 13
Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China
Former policy boss claims Facebook cared little about national security as it chased the mighty Yuan
Security11 Apr 2025 | 26
US sensor giant Sensata admits ransomware derailed ops
Props for the transparency though
Cyber-crime10 Apr 2025 | 4
Infosec experts fear China could retaliate against tariffs with a Typhoon attack
World War Fee Scammers are already cashing in with fake invoices for import costs
CSO10 Apr 2025 | 31
Europol: Five pay-per-infect suspects cuffed, some spill secrets to cops
Officials teased more details to come later this year
Cyber-crime10 Apr 2025 |
The Reg translates the letter in which Oracle kinda-sorta tells customers it was pwned
TL;DR: Move along, still nothing to see here - an idea that leaves infosec pros aghast
Cyber-crime10 Apr 2025 | 27
Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs
Updated Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories
Public Sector10 Apr 2025 | 113
April's Patch Tuesday leaves unlucky Windows Hello users unable to login
Updated Can't Redmond ask its whizz-bang Copilot AI to fix it?
Patches09 Apr 2025 | 11
Wyden blocks Trump's CISA boss nominee, blames cyber agency for 'actively hiding info' about telecom insecurity
It worked for in 2018 with Chris Krebs. Will it work again?
Networks09 Apr 2025 | 8
Someone compromised US bank watchdog to access sensitive financial files
OCC mum on who broke into email, but Treasury fingered China in similar hack months ago
Cyber-crime09 Apr 2025 | 5
Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz
Cloud Next How Chocolate Factory hopes to double down on enterprise-sec
CSO09 Apr 2025 | 7
Pharmacist accused of using webcams to spy on women in intimate moments at work, home
Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec
Cyber-crime09 Apr 2025 | 23
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug
Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low
Patches08 Apr 2025 | 14
Don't open that JPEG in WhatsApp for Windows. It might be an .EXE
What a MIME field
Patches08 Apr 2025 | 29
Scattered Spider stops the Rickrolls, starts the RAT race
Despite arrests, eight-legged menace targeted more victims this year
Research08 Apr 2025 | 5
As CISA braces for more cuts, threat intel sharing takes a hit
Analysis How will 'gutting' civilian defense agency make American cybersecurity great again?
Public Sector08 Apr 2025 | 11
Oracle says its cloud was in fact compromised
Reliability, honesty, accuracy. And then there's this lot
PaaS + IaaS08 Apr 2025 | 37
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
But this mystery isn't over yet, Unit 42 opines
Devops07 Apr 2025 | 7
Alleged Scattered Spider SIM-swapper must pay back $13.2M to 59 victims
Crummy OPSEC leads to potentially decades in prison
Cyber-crime07 Apr 2025 | 1
Chrome to patch decades-old flaw that let sites peek at your history
After 23 years, the privacy plumber has finally arrived to clean up this mess
Patches07 Apr 2025 | 7
UK's attempt to keep details of Apple 'backdoor' case secret… denied
Last month's secret hearing comes to light
CSO07 Apr 2025 | 123
What native cloud security tools won’t catch
Native tools help, but they don’t cover everything - here’s what they miss and how to close the gaps
Partner Content
Asian tech players react to US tariffs with delays, doubts, deal-making
Asia In Brief PLUS: Qualcomm acquires Vietnamese AI outfit; China claims US hacked winter games; India's browser challenge winner disputed; and more
Public Sector07 Apr 2025 | 11
Signalgate solved? Report claims journalist’s phone number accidentally saved under name of Trump official
Infosec in Brief PLUS: Google re-patches Quick Share flaws; Critical Cisco flaw exploited; WordPress plugin trouble; and more
Security07 Apr 2025 | 42
Trump fires NSA boss, deputy
'Nonpartisan' intelligence chief booted less than two years into the job
Public Sector04 Apr 2025 | 109
Biting the hand that feeds IT
