Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig Phony LinkedIn recruitment ads? Groundbreaking Public Sector16 May 2025 | 4
America’s consumer watchdog drops leash on proposed data broker crackdown Crooks must be licking their lips at the possibilities Personal Tech16 May 2025 | 2
Defamation case against DEF CON terminated with prejudice 'We hope it makes attendees feel safe reporting violations' Security16 May 2025 | 1
Broadcom employee data stolen by ransomware crooks following hit on payroll provider Exclusive Tech giant was in process of dropping payroll biz as it learned of breach Cyber-crime16 May 2025 | 1
Good luck to Atos' 7th CEO and its latest biz transformation We suspect Philippe Salle will need it, not to mention staff and customers On-Prem16 May 2025 | 6
From hype to harm: 78% of CISOs see AI attacks already AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason Sponsored feature
Scammers are deepfaking voices of senior US government officials, warns FBI They're smishing, they're vishing Security16 May 2025 | 17
DoorDash scam used fake drivers, phantom deliveries to bilk $2.59M Entire process took less than five minutes, prosecutors say Cyber-crime15 May 2025 | 17
Cyber fiends battering UK retailers now turn to US stores Interview DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon Cyber-crime15 May 2025 | 3
Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU Expert tells us: 'It is the most unique breach disclosure I've ever seen' Cyber-crime15 May 2025 | 13
Socket buys Coana to tell you which security alerts you can ignore Sometimes, less information is more Security15 May 2025 |
Snowflake CISO on the power of 'shared destiny' and 'yes and' interview Lessons learned from last year's security snafu CSO15 May 2025 | 2
Here's what we know about the DragonForce ransomware that hit Marks & Spencer Would you believe it, this RaaS cartel says Russia is off limits Cyber-crime15 May 2025 | 17
Metal maker meltdown: Nucor stops production after cyber-intrusion Ransomware or critical infra hit? Top US manufacturer maintains steely silence Cyber-crime14 May 2025 | 11
Why CVSS is failing us and what we can do about it How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content
Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated Public Sector14 May 2025 | 4
Ivanti patches two zero-days under active attack as intel agency warns customers Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Patches14 May 2025 | 1
Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb 'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation' AI + ML14 May 2025 | 71
VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals Admits due diligence fell short - furious users cry ‘gaslighting’ Networks14 May 2025 | 74
Go ahead and ignore Patch Tuesday – it might improve your security No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale' Patches14 May 2025 | 30
NASA keeps ancient Voyager 1 spacecraft alive with Hail Mary thruster fix Failure could've triggered a small explosion
The 'End of 10' is nigh, but don't bury your PC just yet Linux types mobilize website to help people avoid creating more e-waste
Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU Expert tells us: 'It is the most unique breach disclosure I've ever seen'
Cyber fiends battering UK retailers now turn to US stores Interview DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon
Google DeepMind promises to help you evolve your algos AlphaEvolve may optimize your code in ways you hadn’t thought possible. Or not. Not is possible, too
Anthropic’s law firm throws Claude under the bus over citation errors in court filing AI footnote fail triggers legal palmface in music copyright spat
Dilettante dev wrote rubbish, left no logs, and had no idea why his app wasn't working On Call Self-taught coders who work in HR and have a doctorate in English tend to do that
Broadcom employee data stolen by ransomware crooks following hit on payroll provider Exclusive Tech giant was in process of dropping payroll biz as it learned of breach
Snowflake CISO on the power of 'shared destiny' and 'yes and' interview Lessons learned from last year's security snafu
70-knot winds so far blamed for yacht disaster that killed Brit tech tycoon Mike Lynch Probe indicates it was all over for Bayesian in just 9 minutes
Everyone's deploying AI, but no one's securing it – what could go wrong? CYBERUK Crickets as senior security folk asked about risks at NCSC conference CSO14 May 2025 | 20
Ransomware scum have put a target on the no man's land between IT and operations Defenses are weaker, and victims are more likely to pay, SANS warns CSO14 May 2025 | 16
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patches14 May 2025 | 2
Intel's data-leaking Spectre defenses scared off yet again ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit Research13 May 2025 | 5
Qatar’s $400M jet for Trump is a gold-plated security nightmare Air Force Dumb Bootnotes13 May 2025 | 99
Commvault fixes critical Command Center issue after flaw finder alert Pay-to-play security on CVSS 10 issue is now fixed Patches13 May 2025 |
'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart CYBERUK Both agencies seem unbothered despite tech world's clear concerns for US infoseccers Security13 May 2025 | 6
Marks & Spencer admits cybercrooks made off with customer info Market cap down by more than £1B since April 22 Cyber-crime13 May 2025 | 67
As US vuln-tracking falters, EU enters with its own security bug database EUVD comes into play not a moment too soon Security13 May 2025 | 26
Türkiye-linked spy crew exploited a messaging app zero-day to snoop on Kurdish army in Iraq 'MarbledDust' gang has honed the skills it uses to assist Ankara Security13 May 2025 | 3
M365 apps on Windows 10 to get security fixes into 2028 Support for the underlying OS is another story Applications12 May 2025 | 10
CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email Updated Cripes, we were only joking when we called Elon's social network the new state media Security12 May 2025 | 53
Why aggregating your asset inventory leads to better security Today’s complex IT environments demand a new approach Partner content
Attackers pwn charter airline helping Trump's deportation campaign Intruders claim they stole GlobalX's flight records and manifests Cyber-crime12 May 2025 | 49
Britain's cyber agents and industry clash over how to tackle shoddy software CYBERUK Providers argue that if end users prioritized security, they'd get it CSO12 May 2025 | 75
Unending ransomware attacks are a symptom, not the sickness Opinion We need to make taking IT systems 'off the books' a problem for corporate types Cyber-crime12 May 2025 | 63
DOGE worker's old creds found exposed in infostealer malware dumps Infosec in brief PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you're never safe; and more Security12 May 2025 | 19
You think ransomware is bad now? Wait until it infects CPUs RSAC Rapid7 threat hunter wrote a PoC. No, he's not releasing it Research11 May 2025 | 64
Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants The FBI also issued a list of end-of-life routers you need to replace Cyber-crime10 May 2025 | 10
UK Ministry of Defence is spending less with US biz, and more with Europeans France's share of MOD cash is growing while the US's shrinks Offbeat10 May 2025 | 77
VC behemoth Insight Partners fears top-secret financial info swiped by cyber-miscreants Weapons-grade fuel for fraud Cyber-crime09 May 2025 | 8
openSUSE deep sixes Deepin desktop over security stink Linux giant finds Chinese environment to be perilous beneath pretty exterior Security09 May 2025 | 21
Sudo-rs make me a sandwich, hold the buffer overflows Ubuntu 25.10 fitted with Rust-written admin tool by default for memory safety's sake OSes08 May 2025 | 131
PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied Now individual school districts extorted by fiends CSO08 May 2025 | 33
After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI CEO: Neural net tech 'flattens our hiring curve, helps us innovate' CSO07 May 2025 | 14
Delta Air Lines class action cleared for takeoff over CrowdStrike chaos Judge allows aspects of passenger lawsuit to proceed Security07 May 2025 | 2
You'll never guess which mobile browser is the worst for data collection We were shocked – SHOCKED – by the answer Security07 May 2025 | 58
Curl project founder snaps over deluge of time-sucking AI slop bug reports Lead dev likens flood to 'effectively being DDoSed' Security07 May 2025 | 63
New Zealand kind-of moves to ban social media for under-16s, require age checks for new accounts Prime Minister bemoans bullying, addiction, and inappropriate content – but isn’t planning a rapid vote Public Sector07 May 2025 | 30
Super spyware maker NSO must pay Meta $168M in WhatsApp court battle Don't f&#k with Zuck CSO06 May 2025 | 17
Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower What was the plan, showing her his big iron? AI Infrastructure Month06 May 2025 | 79
Pentagon declares war on 'outdated' software buying, opens fire on open source (If only that would keep folks off unsanctioned chat app side quests) Public Sector06 May 2025 | 74
CISA slammed for role in 'censorship industrial complex' as budget faces possible $500M cut Because who needs cybersecurity when there’s culture wars to win Public Sector06 May 2025 | 38
Signal chat app clone used by Signalgate's Waltz was apparently an insecure mess Updated No, really? That's a shocking surprise Security05 May 2025 | 38
Trump promises protection for TikTok, for which he has a ‘warm spot in my heart’ Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures Public Sector05 May 2025 | 73
India’s chipmaking ambitions hurt by Zoho’s no-go and Adani unease Asia in brief PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! Public Sector05 May 2025 | 7
Microsoft tries to knife passwords once and for all - at least for consumers Infosec In Brief PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more! Security04 May 2025 | 81
RSA Conf wrap: AI and China on everything, everywhere, all at once RSAC With North Korean IT workers storming the gates, too Spotlight on RSAC04 May 2025 | 5
Altman's eyeball-scanning biometric blockchain orbs officially come to America El Reg checks out shop in SF Bootnotes04 May 2025 | 52
Disney Slack attack wasn't Russian protesters, just a Cali dude with malware 25-year-old fella pleads guilty to stealing, dumping 1.1TB of data from the House of Mouse Cyber-crime02 May 2025 | 18
Generative AI makes fraud fluent – from phishing lures to fake lovers RSAC Real-time video deepfakes? Not convincing yet Spotlight on RSAC02 May 2025 | 5
Three Brits charged over 'active shooter threats' swattings in US, Canada UK starts prosecution days after FBI vowed to clamp down on the crime Security02 May 2025 | 39
British govt agents step in as Harrods becomes third mega retailer under cyberattack Experts suggest the obvious: There is an ongoing coordinated attack on UK retail sector Cyber-crime02 May 2025 | 142
Dems look to close the barn door after top DOGE dog has bolted House Oversight probes missing Musk disclosures, background checks, data mess at NLRB Public Sector01 May 2025 | 101
Healthcare group Ascension discloses second cyberattack on patients' data This time criminals targeted partner’s third-party software Cyber-crime01 May 2025 | 1
How Amazon red-teamed Alexa+ to keep your kids from ordering 50 pizzas RSAC Will the personal assistant shop for groceries? Or get hijacked by a teen? Spotlight on RSAC01 May 2025 | 35
Chris Krebs loses Global Entry membership amid Trump feud President's campaign continues against man he claims covered up evidence of electoral fraud in 2020 Security01 May 2025 | 36
Data watchdog will leave British Library alone – further probes 'not worth our time' No MFA? No problem – as long as you show you’ve learned your lesson Cyber-crime01 May 2025 | 7
Ex-NSA cyber-boss: AI will soon be a great exploit coder RSAC For now it's a potential bug-finder and friend to defenders Spotlight on RSAC30 Apr 2025 | 13
Ex-CISA chief decries cuts as Trump demands loyalty above all else RSAC Cybersecurity is national security, says Jen Easterly Spotlight on RSAC30 Apr 2025 | 11
Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China Feds say $970K scheme defrauded 13+ companies Cyber-crime30 Apr 2025 | 10
FBI steps in amid rash of politically charged swattings No specific law against it yet, but that's set to change Security30 Apr 2025 | 57
Ghost in the shell script: Boffins reckon they can catch bugs before programs run Go ahead, please do Bash static analysis CSO30 Apr 2025 | 39
Cloud doesn’t mean secure: How Intruder finds what others miss A cloud security platform that manages the attack surface and security vulnerabilities in AWS Sponsored post
Watch out for any Linux malware sneakily evading syscall-watching antivirus Google dumped io_uring after $1M in bug bounties CSO29 Apr 2025 | 17
Enterprise tech dominates zero-day exploits with no signs of slowdown As Big Tech gets used to the pain, smaller vendors urged to up their game Research29 Apr 2025 | 1
China now America's number one cyber threat – US must get up to speed RSAC Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable Spotlight on RSAC29 Apr 2025 | 22
Infosec pros tell Trump to quit bullying Chris Krebs – it's undermining security Top voices warn that political retaliation puts democracy and national defense at risk Security29 Apr 2025 | 70
China is using AI to sharpen every link in its attack chain, FBI warns RSAC Artificial intelligence is helping Beijing's goons break in faster and stay longer Spotlight on RSAC29 Apr 2025 | 11
The one interview question that will protect you from North Korean fake workers RSAC FBI and others list how to spot NK infiltrators, but AI will make it harder Spotlight on RSAC29 Apr 2025 | 96
Swiss boffins admit to secretly posting AI-penned posts to Reddit in the name of science They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse AI + ML29 Apr 2025 | 22
Open source text editor poisoned with malware to target Uyghur users Who could possibly be behind this attack on an ethnic minority China despises? Security29 Apr 2025 | 19
Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus Florida man altered allergen info, DoSed former colleagues Cyber-crime29 Apr 2025 | 15
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn Updated Sometimes, silence is the best option CSO28 Apr 2025 | 10
How to survive as a CISO aka 'chief scapegoat officer' RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel Spotlight on RSAC28 Apr 2025 | 9
Admission impossible: NSA, CISA brass absent from RSA Conf RSAC Homeland Security boss Noem added as last-minute keynote, mind you Spotlight on RSAC28 Apr 2025 | 11
The future of AI in cybersecurity in a word: Optimistic Think of artificial intelligence as your embedded ally Sponsored post
From 112K to 4M folks' data – HR biz attack goes from bad to mega bad It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands Cyber-crime28 Apr 2025 | 7
Back online after 'catastrophic' attack, 4chan says it's too broke for good IT Image board hints that rumors of a poorly maintained back end may be true Security28 Apr 2025 | 39
Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year OSes28 Apr 2025 | 38
Samsung admits Galaxy devices can leak passwords through clipboard wormhole Infosec in brief PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more! Security28 Apr 2025 | 11
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed Opinion Infosec is a team sport … unless you're in the White House Public Sector25 Apr 2025 | 98
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future CSO25 Apr 2025 | 17
More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Security25 Apr 2025 | 8
Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions Where have we heard this before? Feb security update needs its own fix OSes25 Apr 2025 | 1
M&S stops online orders as 'cyber incident' issues worsen One step forward and one step back as earlier hopes of progress dashed by latest update Cyber-crime25 Apr 2025 | 21
Emergency patch for potential SAP zero-day that could grant full system control German software giant paywalls details, but experts piece together the clues Patches25 Apr 2025 | 2
Claims assistance firm fined for cold-calling people who put themselves on opt-out list Third-party data supplier also in hot water with Brit regulator over consent issues Security25 Apr 2025 | 33
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry Because coding phishing sites from scratch is a real pain in the neck Cyber-crime25 Apr 2025 | 5
SSNs and more on 5.5M+ patients feared stolen from Yale Health At least it wasn't Harvard Cyber-crime24 Apr 2025 | 5