M&S takes systems offline as 'cyber incident' lingers Customers told to expect further delays as contactless payments still down Cyber-crime24 Apr 2025 | 7
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year Cybercriminals are targeting software shops, accountants, lawyers CSO24 Apr 2025 | 1
Booby-trapped Alpine Quest Android app geolocates Russian soldiers Back of the nyet! Research24 Apr 2025 | 12
Ransomware scum and other crims bilked victims out of a 'staggering' $16.6B last year, says FBI Biggest threat to America's critical infrastructure? Ransomware Cyber-crime24 Apr 2025 | 3
Blue Shield says it shared health info on up to 4.7M patients with Google Ads Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway CSO23 Apr 2025 | 14
Ripple NPM supply chain attack hunts for private keys A mystery thief and a critical CVE involved in crypto cash grab Cyber-crime23 Apr 2025 | 4
We’re calling it now: Agentic AI will win RSAC buzzword Bingo All aboard the hype train AI Software Development Week23 Apr 2025 | 6
Who needs phishing when your login's already in the wild? Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get CSO23 Apr 2025 | 9
Ex-NSA chief warns AI devs: Don’t repeat infosec’s early-day screwups Bake in security now or pay later, says Mike Rogers AI Software Development Week23 Apr 2025 | 6
America's cyber defenses are being dismantled from the inside Opinion The CVE system nearly dying shows that someone has lost the plot CSO23 Apr 2025 | 49
RIP, Google Privacy Sandbox Chrome will keep third-party cookies, a win for web giant's ad rivals Applications22 Apr 2025 | 23
Two CISA officials jump ship, both proud of pushing for Secure by Design software As cyber-agency faces cuts, makes noises about switching up program Public Sector22 Apr 2025 | 11
Fog ransomware channels Musk with demands for work recaps or a trillion bucks In effect: 'Ha ha – the government is borked and so are you' Security22 Apr 2025 | 14
A pot of $250K is now available to ransomware researchers, but it feeds a commercial product Security bods can earn up to $10K per report Research22 Apr 2025 | 3
This is not just any 'cyber incident' … this is an M&S 'cyber incident' Retailer tight-lipped on details as digital hiccup disrupts customer orders Cyber-crime22 Apr 2025 | 33
UN says Asian scam call center epidemic expanding globally amid political heat What used to be a serious issue mainly in Southeast Asia is now the world’s problem Cyber-crime22 Apr 2025 | 13
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps 10 other certificates 'were mis-issued and have now been revoked' CSO22 Apr 2025 | 13
Today's LLMs craft exploits from patches at lightning speed Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days It's now hitting govt, enterprise targets CSO21 Apr 2025 | 23
Hacking US crosswalks to talk like Zuck is as easy as 1234 Video AI-spoofed Mark joins fellow billionaires as the voice of the street – here's how it was probably done Bootnotes19 Apr 2025 | 85
America's cyber defenses are being dismantled from the inside Opinion The CVE system nearly dying shows that someone has lost the plot
This is not just any 'cyber incident' … this is an M&S 'cyber incident' Retailer tight-lipped on details as digital hiccup disrupts customer orders
Trump blinks: 'Substantially' lower China tariffs promised World War Fee Detail? Rationale? Timeline? Nope! It's the art of the squeal
UN says Asian scam call center epidemic expanding globally amid political heat What used to be a serious issue mainly in Southeast Asia is now the world’s problem
Two CISA officials jump ship, both proud of pushing for Secure by Design software As cyber-agency faces cuts, makes noises about switching up program
Fog ransomware channels Musk with demands for work recaps or a trillion bucks In effect: 'Ha ha – the government is borked and so are you'
When Microsoft made the Windows as a Service pivot Comment Former Microsoft engineer calls the Windows of today 'a tool that's a bit of an adversary'
A pot of $250K is now available to ransomware researchers, but it feeds a commercial product Security bods can earn up to $10K per report
Only 3,000 staff jump from SAP after 10,000 earmarked to be pushed CFO says 'a cushion of several thousand employees we can play with' is a good thing in uncertain times
Dems fret over DOGE feeding sensitive data into random AI Updated Using LLMs to pick programs, people, contracts to cut is bad enough – but doing it with Musk's Grok? Yikes Public Sector18 Apr 2025 | 67
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter Some in the infosec world definitely want to see Big Red crucified CSO18 Apr 2025 | 6
CVE fallout: The splintering of the standard vulnerability tracking system has begun Comment MITRE, EUVD, GCVE … WTF? Spotlight on RSAC18 Apr 2025 | 88
Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances Illegitimi non carborundum? Nice password, Mr Ex-CISA Spotlight on RSAC17 Apr 2025 | 65
Brit soldiers tune radio waves to fry drone swarms for pennies Truck-mounted demonstration weapon costs 10p a pop, says MOD Security17 Apr 2025 | 163
Whistleblower describes DOGE IT dept rampage at America's labor watchdog Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim CSO17 Apr 2025 | 53
Free Blue Screens of Death for Windows 11 24H2 users Microsoft rewards those who patch early with bricks hurled through its operating system OSes16 Apr 2025 | 24
Signalgate chats vanish from CIA chief phone Extraordinary rendition of data, or just dropped it out of a helicopter? CSO16 Apr 2025 | 22
Identifying the cyber risks that matter From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content
CVE program gets last-minute funding from CISA – and maybe a new home Uncertainty is the new certainty CSO16 Apr 2025 | 32
Law firm 'didn't think' data theft was a breach, says ICO. Now it's nursing a £60K fine DPP Law is appealing against data watchdog's conclusions Security16 Apr 2025 | 23
Russians lure European diplomats into malware trap with wine-tasting invite Vintage phishing varietal has improved with age Cyber-crime16 Apr 2025 | 14
Guess what happens when ransomware fiends find 'insurance' 'policy' in your files It involves a number close to three or six depending on the pickle you're in Spotlight on RSAC16 Apr 2025 | 20
Uncle Sam kills funding for CVE program. Yes, that CVE program Updated Because vulnerability management has nothing to do with national security, right? CSO16 Apr 2025 | 179
Now 1.6M people had SSNs, life chapter and verse stolen from insurance IT biz 800K? Make that double, and we'll need a double, too, for the pain Cyber-crime15 Apr 2025 | 16
4chan, the 'internet’s litter box,' appears to have been pillaged by rival forum Source code, moderator info, IP addresses, more allegedly swiped and leaked Cyber-crime15 Apr 2025 | 33
China names alleged US snoops over Asian Winter Games attacks Beijing claims NSA went for gold in offensive cyber, got caught in the act Cyber-crime15 Apr 2025 | 6
All right, you can have one: DOGE access to Treasury IT OK'd judge Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez Public Sector15 Apr 2025 | 18
Chinese snoops use stealth RAT to backdoor US orgs – still active last week Let the espionage and access resale campaigns begin (again) Research15 Apr 2025 | 3
ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? Stopping users shooting themselves in the foot with last century's tech Software15 Apr 2025 | 13
Where it Hertz: Customer data driven off in Cleo attacks Car hire biz takes your privacy seriously, though Cyber-crime15 Apr 2025 | 7
EU gives staff 'burner phones, laptops' for US visits That would put America on the same level as China for espionage Security15 Apr 2025 | 128
Don't delete that mystery empty folder. Windows put it there as a security fix Copilot vibe coding for OS development? Why not Patches14 Apr 2025 | 33
New SSL/TLS certs to each live no longer than 47 days by 2029 IT admins, get ready to grumble CSO14 Apr 2025 | 124
Cyber congressman demands answers before CISA gets cut down to size What's the goal here, Homeland Insecurity or something? Security14 Apr 2025 | 14
Official abuse of state security has always been bad, now it's horrifying Opinion UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond Security14 Apr 2025 | 219
CIO and digi VP to depart UK retail giant Asda as Walmart divorce woes settle Exclusive Brit retailer says troubled breakup with tech platform of former US owner nearing conclusion On-Prem14 Apr 2025 | 15
Old Fortinet flaws under attack with new method its patch didn't prevent Infosec In Brief PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more! Security14 Apr 2025 | 6
China reportedly admitted directing cyberattacks on US infrastructure Asia In Brief PLUS: India's new electronics subsidies; Philippines unplugs a mobile carrier; Alibaba Cloud expands Security14 Apr 2025 | 6
Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks Feature Military units, government nerds appear to join the fray, with physical infra in sights CSO13 Apr 2025 | 7
LLMs can't stop making up software dependencies and sabotaging everything Hallucinated package names fuel 'slopsquatting' AI Software Development Week12 Apr 2025 | 94
Microsoft total recalls Recall totally to Copilot+ PCs Redmond hopes you’ve forgotten or got over why everyone hated it the first time OSes11 Apr 2025 | 126
Ransomware crims hammering UK more than ever as British techies complain the board just doesn't get it Issues at the very top continue to worsen Cyber-crime11 Apr 2025 | 13
Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China Former policy boss claims Facebook cared little about national security as it chased the mighty Yuan Security11 Apr 2025 | 26
US sensor giant Sensata admits ransomware derailed ops Props for the transparency though Cyber-crime10 Apr 2025 | 4
Infosec experts fear China could retaliate against tariffs with a Typhoon attack World War Fee Scammers are already cashing in with fake invoices for import costs CSO10 Apr 2025 | 31
Europol: Five pay-per-infect suspects cuffed, some spill secrets to cops Officials teased more details to come later this year Cyber-crime10 Apr 2025 |
The Reg translates the letter in which Oracle kinda-sorta tells customers it was pwned TL;DR: Move along, still nothing to see here - an idea that leaves infosec pros aghast Cyber-crime10 Apr 2025 | 27
Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs Updated Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories Public Sector10 Apr 2025 | 113
April's Patch Tuesday leaves unlucky Windows Hello users unable to login Updated Can't Redmond ask its whizz-bang Copilot AI to fix it? Patches09 Apr 2025 | 11
Wyden blocks Trump's CISA boss nominee, blames cyber agency for 'actively hiding info' about telecom insecurity It worked for in 2018 with Chris Krebs. Will it work again? Networks09 Apr 2025 | 8
Someone compromised US bank watchdog to access sensitive financial files OCC mum on who broke into email, but Treasury fingered China in similar hack months ago Cyber-crime09 Apr 2025 | 5
Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz Cloud Next How Chocolate Factory hopes to double down on enterprise-sec CSO09 Apr 2025 | 7
Pharmacist accused of using webcams to spy on women in intimate moments at work, home Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec Cyber-crime09 Apr 2025 | 23
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low Patches08 Apr 2025 | 14
Don't open that JPEG in WhatsApp for Windows. It might be an .EXE What a MIME field Patches08 Apr 2025 | 29
Scattered Spider stops the Rickrolls, starts the RAT race Despite arrests, eight-legged menace targeted more victims this year Research08 Apr 2025 | 5
As CISA braces for more cuts, threat intel sharing takes a hit Analysis How will 'gutting' civilian defense agency make American cybersecurity great again? Public Sector08 Apr 2025 | 11
Oracle says its cloud was in fact compromised Reliability, honesty, accuracy. And then there's this lot PaaS + IaaS08 Apr 2025 | 37
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token But this mystery isn't over yet, Unit 42 opines Devops07 Apr 2025 | 7
Alleged Scattered Spider SIM-swapper must pay back $13.2M to 59 victims Crummy OPSEC leads to potentially decades in prison Cyber-crime07 Apr 2025 | 1
Chrome to patch decades-old flaw that let sites peek at your history After 23 years, the privacy plumber has finally arrived to clean up this mess Patches07 Apr 2025 | 7
UK's attempt to keep details of Apple 'backdoor' case secret… denied Last month's secret hearing comes to light CSO07 Apr 2025 | 123
What native cloud security tools won’t catch Native tools help, but they don’t cover everything - here’s what they miss and how to close the gaps Partner Content
Asian tech players react to US tariffs with delays, doubts, deal-making Asia In Brief PLUS: Qualcomm acquires Vietnamese AI outfit; China claims US hacked winter games; India's browser challenge winner disputed; and more Public Sector07 Apr 2025 | 11
Signalgate solved? Report claims journalist’s phone number accidentally saved under name of Trump official Infosec in Brief PLUS: Google re-patches Quick Share flaws; Critical Cisco flaw exploited; WordPress plugin trouble; and more Security07 Apr 2025 | 42
Trump fires NSA boss, deputy 'Nonpartisan' intelligence chief booted less than two years into the job Public Sector04 Apr 2025 | 109
30 minutes to pwn town: Are speedy responses more important than backups for recovery? The industry’s approach to keeping quality backups may be masking the importance of other recovery mainstays Disaster Recovery Week04 Apr 2025 | 4
Alan Turing Institute: UK can't handle a fight against AI-enabled crims Law enforcement facing huge gap in 'AI adoption' AI + ML04 Apr 2025 | 16
Ex-ASML, NXP staffer accused of stealing chip secrets, peddling them to Moscow We're not Putin up with this alleged industrial espionage, say the Dutch Cyber-crime04 Apr 2025 | 5
Retirement funds reportedly raided after unexplained portal probes and data theft Australians checking their pensions are melting down call centers and websites Cyber-crime04 Apr 2025 | 9
Signalgate: Pentagon watchdog probes Defense Sec Hegseth Classification compliance? Records retention requirements? How quaint Public Sector04 Apr 2025 | 108
For flux sake: CISA, annexable allies warn of hot DNS threat Shape shifting technique described as menace to national security CSO03 Apr 2025 | 5
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years Simple denial-of-service blunder turned out to be remote unauth code exec disaster Cyber-crime03 Apr 2025 | 3
When disaster strikes, proper preparation prevents poor performance It's going to happen to you one day, so get your ducks in a row Disaster Recovery Week03 Apr 2025 | 10
Why is someone mass-scanning Juniper and Palo Alto Networks products? Updated Espionage? Botnets? Trying to exploit a zero-day? Networks03 Apr 2025 | 11
EU: These are scary times – let's backdoor encryption! ProtectEU plan wants to have its cake and eat it too Security03 Apr 2025 | 147
Heterogeneous stacks, ransomware, and ITaaS: A DR nightmare Comment Recovery's never been harder in today's tangled, outsourced infrastructure Disaster Recovery Week03 Apr 2025 | 6
Customer info allegedly stolen from compromised supplier of Royal Mail, Samsung Updated Stamp it out: Infostealer malware at German outfit may be culprit Cyber-crime03 Apr 2025 | 10
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling Double-oh-sh... CSO02 Apr 2025 | 10
Crimelords at Hunters International tell lackeys ransomware too 'risky' Bosses say theft now the name of the game with a shift in tactics, apparent branding Cyber-crime02 Apr 2025 | 6
Oracle's masterclass in breach comms: Deny, deflect, repeat Opinion Fallout shows how what you say must be central to disaster planning Disaster Recovery Week02 Apr 2025 | 12
Don’t let cyberattacks keep you down Learn how Infinidat’s enterprise cyber storage solutions can enable near-immediate recovery Sponsored Post
For healthcare orgs, DR means making sure docs can save lives during ransomware infections Organizational, technological resilience combined defeat the disease that is cybercrime Disaster Recovery Week02 Apr 2025 | 6
Oracle faces Texas-sized lawsuit over alleged cloud snafu and radio silence Victims expect to spend considerable time and money over privacy incident, lawyers argue PaaS + IaaS02 Apr 2025 | 9
One of the last of Bletchley Park's quiet heroes, Betty Webb, dies at 101 Obit Tip-lipped for 30 years before becoming an 'unrivaled advocate' for the site Security02 Apr 2025 | 41
Apple belatedly patches actively exploited bugs in older OSes Cupertino already squashed 'em in more recent releases - which this week get a fresh round of fixes Patches02 Apr 2025 | 10
North Korea’s fake tech workers now targeting European employers With help from UK operatives, because it’s getting tougher to run the scam in the USA Cyber-crime02 Apr 2025 | 16
Forget Signal. National Security Adviser Waltz now accused of using Gmail for work But his emails! Sharing them with Google! Public Sector02 Apr 2025 | 124
Microsoft to mark five decades of Ctrl-Alt-Deleting the competition Copilot told us that half a century is 25 years. It feels much longer Software01 Apr 2025 | 121