CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands NetScaler vendor issued a patch but otherwise, stony silence Patches07 Jul 2025 |
Phishing platforms, infostealers blamed as identity attacks soar Get your creds in order or risk BEC, ransomware attacks, orgs warned CSO07 Jul 2025 |
Stalkerware firm gets scooped by SQL-slinging security snoop Infosec In Brief Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more Security06 Jul 2025 | 1
Ingram Micro confirms ransomware behind multi-day outage Updated SafePay crew claims responsibility for intrusion at one of world's largest tech distributors Cyber-crime06 Jul 2025 | 18
Massive spike in use of .es domains for phishing abuse ¡Cuidado! Time to double-check before entering your Microsoft creds Security05 Jul 2025 | 10
Microsoft Windows Firewall complains about Microsoft code Just ignore the warnings. Nothing to see here. Move along Security03 Jul 2025 | 20
Young Consulting finds even more folks affected in breach mess – now over 1 million The insurance SaaS slinger may trade under a different name, but past continues to haunt it Cyber-crime03 Jul 2025 | 1
Meta calls €200M EU fine over pay-or-consent ad model 'unlawful' 'Deserves fair compensation for the valuable and innovative services'? Which ones are those then? Personal Tech03 Jul 2025 | 65
Ransomware crew Hunters International shuts down, hands out keys to victims Don't let their kind words sway you – leaders are still up to no good Cyber-crime03 Jul 2025 | 5
Let's Encrypt rolls out free security certs for IP addresses You probably don't need one, but it's nice to have the option Security03 Jul 2025 | 54
ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies Crims have cottoned on to a new way to lead you astray Research03 Jul 2025 | 22
Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform The second max score this week for Netzilla - not a good look Patches02 Jul 2025 | 14
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors' Patches02 Jul 2025 | 7
23andMe's new owner says your DNA is safe this time Nonprofit TTAM assures everything is BAU. Whether that makes customers feel better is another matter Cyber-crime02 Jul 2025 | 18
US imposes sanctions on second Russian bulletproof hosting vehicle this year Aeza Group accused of assisting data bandits and BianLian ransomware crooks Cyber-crime02 Jul 2025 | 10
Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks Experts say they don't expect the MOVEit menace to do much about it Research02 Jul 2025 | 3
UK eyes new laws as cable sabotage blurs line between war and peace It might be time to update the Submarine Telegraph Act of 1885 Networks02 Jul 2025 | 81
Australian airline Qantas reveals data theft impacting six million customers Frequent flyers’ info takes flight Security02 Jul 2025 | 17
Microsoft admits to Intune forgetfulness Customizations not saved with security baseline policy update Patches01 Jul 2025 | 8
International Criminal Court swats away 'sophisticated and targeted' cyberattack Body stays coy on details but alludes to similarities with 2023 espionage campaign Cyber-crime01 Jul 2025 | 4
Ingram Micro confirms ransomware behind multi-day outage Updated SafePay crew claims responsibility for intrusion at one of world's largest tech distributors
Atlassian migrated 4 million Postgres databases to shrink AWS bill Asia In Brief PLUS: Lexmark’s Chinese owners sell to Xerox; India, Australia, target underwater drones; JPMorgan drops custom TLDs; and more!
Yes, I wrote a very expensive bug. In my defense I was only seven years old at the time Who, Me? Years later, deep into a great tech career, your fellow reader remains inspired by the forgiveness received after the error
UK puts out tender for space robot to de-orbit satellites Updated Got to be a 'clean space superpower' – right, Brits?
VMware’s rivals ramp up their efforts to create alternative stacks Red Hat and Open Nebula deliver big updates, as Edera tools for Xen with Rust
Stalkerware firm gets scooped by SQL-slinging security snoop Infosec In Brief Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more
Airbus okays use of ‘Taxibot’ to tow planes to the runway Airlines get the chance to cool their jets rather than burn fuel on the ground
AI scores a huge own goal if you play up and play the game Opinion A virtual environment makes a great de-hype advisor
Phishing platforms, infostealers blamed as identity attacks soar Get your creds in order or risk BEC, ransomware attacks, orgs warned
'Cyber security' behind decision to end defense satellite sharing of hurricane data Official notice confirms delay to cutoff until the end of July. Not to worry, AI modelling's in the wings
Terrible tales of opsec oversights: How cybercrooks get themselves caught The silly mistakes to the flagrant failures Security01 Jul 2025 | 14
Proton bashes Apple and joins antitrust suit that seeks to throw the App Store wide open Makes the usual complaints about control and cost, adds argument Apple's practices harm privacy Legal01 Jul 2025 | 18
US shuts down a string of North Korean IT worker scams Resulting in two indictments, one arrest, and 137 laptops seized Cyber-crime30 Jun 2025 | 1
British IT worker sentenced to seven months after trashing company network Don't leave the door open to disgruntled workers Cyber-crime30 Jun 2025 | 91
Scattered Spider crime spree takes flight as focus turns to aviation sector Time ticking for defenders as social engineering pros weave wider web Cyber-crime30 Jun 2025 | 2
Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants Device compromises and deep-seated access to critical infrastructure exposed surveillance vulnerabilities in agency's work Security30 Jun 2025 | 11
Your browser has ad tech's fingerprints all over it, but there's a clean-up squad in town Opinion Like being hard to spot? They’d much rather you didn’t Security30 Jun 2025 | 53
Canada orders Chinese CCTV biz Hikvision to quit the country ASAP Asia In Brief PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more! Public Sector30 Jun 2025 | 30
It's 2025 and almost half of you are still paying ransomware operators Infosec in Brief PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more Security30 Jun 2025 | 2
Ex-NATO hacker: 'In the cyber world, there's no such thing as a ceasefire' interview Watch out for supply chain hacks especially Cyber-crime28 Jun 2025 | 61
Crims are posing as insurance companies to steal health records and payment info Taking advantage of the ridiculously complex US healthcare billing system Cyber-crime27 Jun 2025 | 7
Cisco punts network-security integration as key for agentic AI Getting it in might mean re-racking the entire datacenter and rebuilding the network, though Datacenter Networking Nexus27 Jun 2025 | 6
Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ update 'No impact on safety,' FAA tells The Reg Cyber-crime27 Jun 2025 |
So you CAN turn an entire car into a video game controller Pen Test Partners hijack data from Renault Clio to steer, brake, and accelerate in SuperTuxKart Offbeat27 Jun 2025 | 35
Data spill in aisle 5: Grocery giant Ahold Delhaize says 2.2M affected after cyberattack Finance, health, and national identification details compromised Cyber-crime27 Jun 2025 | 4
FBI used bitcoin wallet records to peg notorious IntelBroker as UK national Pro tip: Don't use your personal email account on BreachForums Cyber-crime26 Jun 2025 | 31
What if Microsoft just turned you off? Security pro counts the cost of dependency Comment Czech researcher lays out a business case for reducing reliance on Redmond Security26 Jun 2025 | 115
Cisco fixes two critical make-me-root bugs on Identity Services Engine components A 10.0 and a 9.8 – these aren’t patches to dwell on Datacenter Networking Nexus26 Jun 2025 | 4
Glasgow City Council online services crippled following cyberattack Nothing confirmed but authority is operating under the assumption that data has been stolen Cyber-crime26 Jun 2025 | 14
Qilin ransomware attack on NHS supplier contributed to patient fatality Pathology outage caused by Synnovis breach linked to harm across dozens of healthcare facilities Cyber-crime26 Jun 2025 | 7
UK to buy nuclear-capable F-35As that can't be refueled from RAF tankers Aircraft meant to bolster NATO deterrent will rely on allied support to stay airborne Security26 Jun 2025 | 275
Frozen foods supermarket chain deploys facial recognition tech Privacy campaigner brands Iceland's use of 'Orwellian' camera tech 'chilling,' CEO responds: 'It'll cut violent crime' Security26 Jun 2025 | 118
That WhatsApp from an Israeli infosec expert could be a Iranian phish Charming Kitten unsheathes its claws and tries to catch credentials Cyber-crime26 Jun 2025 | 2
Citrix bleeds again: This time a zero-day exploited - patch now Two emergency patches issued in two weeks Patches25 Jun 2025 | 1
Amazon's Ring can now use AI to 'learn the routines of your residence' It's meant to cut down on false positives but could be a trove for mischief-makers Security25 Jun 2025 | 75
Computer vision research feeds surveillance tech as patent links spike 5× A bottomless appetite for tracking people as 'objects' Research25 Jun 2025 | 3
Supply chain attacks surge with orgs 'flying blind' about dependencies Who is the third party that does the thing in our thing? Yep. Attacks explode over past year CSO25 Jun 2025 | 4
French cybercrime police arrest five suspected BreachForums admins Twentysomethings claimed to be linked to spate of high-profile cybercrimes Cyber-crime25 Jun 2025 |
UK govt dept website that campaigns against encryption hijacked to advertise ... payday loans Company at center of findings blamed SEO on outsourcer Security25 Jun 2025 | 17
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack Why are you even reading this story? Patch now! Patches24 Jun 2025 | 7
Beware of fake SonicWall VPN app that steals users' credentials A good reminder not to download apps from non-vendor sites Cyber-crime24 Jun 2025 | 1
The vulnerability management gap no one talks about If an endpoint goes ping but isn't on the network, does anyone hear it? Partner content
Four REvil ransomware crooks walk free, escape gulag fate, after admitting guilt Russian judge lets off accused with time served – but others who refused to plead guilty face years in penal colony Cyber-crime24 Jun 2025 | 9
Psylo browser tries to obscure digital fingerprints by giving every tab its own IP address Gotta keep 'em separated so the marketers and snoops can't come out and play Software24 Jun 2025 | 35
Typhoon-like gang slinging TLS certificate 'signed' by the Los Angeles Police Department Chinese crew built 1,000+ device network that runs on home devices then targets critical infrastructure Security23 Jun 2025 | 11
Iran cyberattacks against US biz more likely following air strikes Plus 'low-level' hacktivist attempts Cyber-crime23 Jun 2025 | 32
Second attack on McLaren Health Care in a year affects 743k people Criminals targeted the hospital and physician network’s Detroit cancer clinic this time Cyber-crime23 Jun 2025 | 1
Experts count staggering costs incurred by UK retail amid cyberattack hell Cyber Monitoring Centre issues first severity assessment since February launch Cyber-crime23 Jun 2025 | 27
Former US Army Sergeant pleads guilty after amateurish attempt at selling secrets to China Infosec in brief PLUS: 5.4M healthcare records leak; AI makes Spam harder to spot; Many nasty Linux vulns; and more Security23 Jun 2025 | 7
Netflix, Apple, BofA websites hijacked with fake help-desk numbers Don’t trust mystery digits popping up in your search bar Cyber-crime20 Jun 2025 | 14
Looks like Aflac is the latest insurance giant snagged in Scattered Spider’s web If it looks like a duck and walks like a duck... Cyber-crime20 Jun 2025 | 5
Qilin ransomware top dogs treat their minions to on-call lawyers for fierier negotiations It's a marketing move to lure more affiliates, says infosec veteran Cyber-crime20 Jun 2025 | 4
Attack on Oxford City Council exposes 21 years of election worker data Services coming back online after legacy systems compromised Cyber-crime20 Jun 2025 | 24
Boffins devise voice-altering tech to jam 'vishing' schemes To stop AI scam callers, break automatic speech recognition systems Research19 Jun 2025 | 38
Uncle Sam seeks time in tower dump data grab case after judge calls it 'unconstitutional' Feds told they can't demand a haystack to find a needle Cyber-crime19 Jun 2025 | 17
Glazed and confused: Hole lotta highly sensitive data nicked from Krispy Kreme Experts note 'major red flags' in donut giant's security as 161,676 staff and families informed of attack details Cyber-crime19 Jun 2025 | 48
UK gov asks university boffins to pinpoint cyber growth areas where it should splash cash Good to see government that values its academics (cough cough). Plus: New board criticized for lacking 'ops' people Public Sector19 Jun 2025 | 11
Sneaky Serpentine#Cloud slithers through Cloudflare tunnels to inject orgs with Python-based malware Phishing, Python and RATs, oh my Cyber-crime19 Jun 2025 | 2
Iran’s internet goes offline for hours amid claims of ‘enemy abuse’ Bank and crypto outfits hit after Israeli commander mentioned attacks expanding to ‘other areas’ Public Sector19 Jun 2025 | 13
Minecraft cheaters never win ... but they may get malware Infostealers posing as popular cheat tools are cropping up on GitHub Cyber-crime18 Jun 2025 | 7
Asana's cutting-edge AI feature ran into a little data leakage problem New MCP server was shut down for nearly two weeks Security18 Jun 2025 | 2
Veeam patches third critical RCE bug in Backup & Replication in space of a year Version 13 can’t come soon enough Patches18 Jun 2025 | 1
How to bridge the MFA gap If a credential is worth protecting, it's worth protecting well. Sponsored feature
Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack Interview Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI CSO18 Jun 2025 | 10
Trump administration set to waive TikTok sell-or-die deadline for a third time Quick reminder: The law that banned the app is called ‘Protecting Americans from Foreign Adversary Controlled Applications Act’ Public Sector18 Jun 2025 | 46
AWS locks down cloud security, hits 100% MFA enforcement for root users Plus adds a ton more security capabilities for cloud customers at re:Inforce Security17 Jun 2025 | 1
Sitecore CMS flaw let attackers brute-force 'b' for backdoor Hardcoded passwords and path traversals keeping bug hunters in work Patches17 Jun 2025 | 5
Redefining identity security in the age of agentic AI Now AI agents have identity, too. Here's how to handle it Partner content
23andMe hit with £2.3M fine after exposing genetic data of millions Penalty follows year-long probe into flaws that allowed attack to affect so many CSO17 Jun 2025 | 16
Scattered Spider has moved from retail to insurance Google threat analysts warn the team behind the Marks & Spencer break-in has moved on Cyber-crime16 Jun 2025 | 1
Remorseless extortionists claim to have stolen thousands of files from Freedman HealthCare UPDATED The group has previously threatened to SWAT cancer patients and leaked pre-op plastic surgery photos Cyber-crime16 Jun 2025 |
Canada's WestJet says 'expect interruptions' online as it navigates cybersecurity turbulence updated Flights still flying - just don't count on the app or website working smoothly Security16 Jun 2025 | 1
Eurocops arrest suspected Archetyp admin, shut down mega dark web drug shop Marketplace as big as Silk Road had more than 600k users and turnover of 'at least' €250M Security16 Jun 2025 | 9
Salesforce study finds LLM agents flunk CRM and confidentiality tests 6-in-10 success rate for single-step tasks AI + ML16 Jun 2025 | 51
Microsoft adds export option to Windows Recall in Europe Updated But lose your code and it's gone for good OSes16 Jun 2025 | 19
Spy school dropout: GCHQ intern jailed for swiping classified data Student 'believed he could finish' software dev 'project alone and therefore that the rules did not apply to him' Security16 Jun 2025 | 117
How collaborative security can build you a better business Getting employees on board can do more than prevent breaches; it can send profitability soaring Sponsored Post
Armored cash transport trucks allegedly hauled money for $190 million crypto-laundering scheme Asia In Brief PLUS: APNIC completes re-org; India cuts costs for chipmakers; Infosys tax probe ends; and more Cyber-crime16 Jun 2025 | 3
Dems demand audit of CVE program as Federal funding remains uncertain Infosec In Brief PLUS: Discord invite links may not be safe; Miscreants find new way to hide malicious JavaScript; and more! Security15 Jun 2025 | 5
Cyber weapons in the Israel-Iran conflict may hit the US With Tehran’s military weakened, digital retaliation likely, experts tell The Reg Security13 Jun 2025 | 28
Do you trust Xi with your 'private' browsing data? Apple, Google stores still offer China-based VPNs, report says Some trace back to an outfit under US export controls for alleged PLA links Research13 Jun 2025 | 33
Apple fixes zero-click exploit underpinning Paragon spyware attacks Zero-day potentially tied to around 100 suspected infections in 2025 and a spyware scandal on the continent Security13 Jun 2025 | 18
Wanted: Junior cybersecurity staff with 10 years' experience and a PhD Infosec employers demanding too much from early-career recruits, says ISC2 CSO13 Jun 2025 | 75
Slapped wrists for Financial Conduct Authority staff who emailed work data home It was one of the offenders' final warning CSO13 Jun 2025 | 20
Ransomware scum disrupted utility services with SimpleHelp attacks Good news: The vendor patched the flaw in January. Bad news: Not everyone got the memo Cyber-crime12 Jun 2025 | 1
'Major compromise' at NHS temping arm exposed gaping security holes Exclusive Incident responders suggested sweeping improvements following Active Directory database heist Cyber-crime12 Jun 2025 | 18
DeepSeek installer or just malware in disguise? Click around and find out 'BrowserVenom' is pure poison Cyber-crime11 Jun 2025 | 5
Hire me! To drop malware on your computer FIN6 moves from point-of-sale compromise to phishing recruiters Cyber-crime11 Jun 2025 | 3
Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks The 16 other flagged issues are on customers, says CRM giant Research11 Jun 2025 |
Asia dismantles 20,000 malicious domains in infostealer crackdown Interpol coordinates operation, nabs 32 across Vietnam, Sri Lanka, and Nauru Cyber-crime11 Jun 2025 | 4