Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig
Phony LinkedIn recruitment ads? Groundbreaking
Public Sector16 May 2025 | 4
Security
America’s consumer watchdog drops leash on proposed data broker crackdown
Crooks must be licking their lips at the possibilities
Personal Tech16 May 2025 | 2
Defamation case against DEF CON terminated with prejudice
'We hope it makes attendees feel safe reporting violations'
Security16 May 2025 | 1
Broadcom employee data stolen by ransomware crooks following hit on payroll provider
Exclusive Tech giant was in process of dropping payroll biz as it learned of breach
Cyber-crime16 May 2025 | 1
Good luck to Atos' 7th CEO and its latest biz transformation
We suspect Philippe Salle will need it, not to mention staff and customers
On-Prem16 May 2025 | 6
From hype to harm: 78% of CISOs see AI attacks already
AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason
Sponsored feature
Scammers are deepfaking voices of senior US government officials, warns FBI
They're smishing, they're vishing
Security16 May 2025 | 17
DoorDash scam used fake drivers, phantom deliveries to bilk $2.59M
Entire process took less than five minutes, prosecutors say
Cyber-crime15 May 2025 | 17
Cyber fiends battering UK retailers now turn to US stores
Interview DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon
Cyber-crime15 May 2025 | 3
Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU
Expert tells us: 'It is the most unique breach disclosure I've ever seen'
Cyber-crime15 May 2025 | 13
Socket buys Coana to tell you which security alerts you can ignore
Sometimes, less information is more
Security15 May 2025 |
Snowflake CISO on the power of 'shared destiny' and 'yes and'
interview Lessons learned from last year's security snafu
CSO15 May 2025 | 2
Here's what we know about the DragonForce ransomware that hit Marks & Spencer
Would you believe it, this RaaS cartel says Russia is off limits
Cyber-crime15 May 2025 | 17
Metal maker meltdown: Nucor stops production after cyber-intrusion
Ransomware or critical infra hit? Top US manufacturer maintains steely silence
Cyber-crime14 May 2025 | 11
Why CVSS is failing us and what we can do about it
How Adversarial Exposure Validation is changing the way we approach vulnerability management
Partner content
Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play
Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated
Public Sector14 May 2025 | 4
Ivanti patches two zero-days under active attack as intel agency warns customers
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product
Patches14 May 2025 | 1
Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb
'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation'
AI + ML14 May 2025 | 71
VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals
Admits due diligence fell short - furious users cry ‘gaslighting’
Networks14 May 2025 | 74
Go ahead and ignore Patch Tuesday – it might improve your security
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
Patches14 May 2025 | 30
Popular
NASA keeps ancient Voyager 1 spacecraft alive with Hail Mary thruster fix
Failure could've triggered a small explosion
The 'End of 10' is nigh, but don't bury your PC just yet
Linux types mobilize website to help people avoid creating more e-waste
Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU
Expert tells us: 'It is the most unique breach disclosure I've ever seen'
Cyber fiends battering UK retailers now turn to US stores
Interview DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon
Google DeepMind promises to help you evolve your algos
AlphaEvolve may optimize your code in ways you hadn’t thought possible. Or not. Not is possible, too
Anthropic’s law firm throws Claude under the bus over citation errors in court filing
AI footnote fail triggers legal palmface in music copyright spat
Dilettante dev wrote rubbish, left no logs, and had no idea why his app wasn't working
On Call Self-taught coders who work in HR and have a doctorate in English tend to do that
Broadcom employee data stolen by ransomware crooks following hit on payroll provider
Exclusive Tech giant was in process of dropping payroll biz as it learned of breach
Snowflake CISO on the power of 'shared destiny' and 'yes and'
interview Lessons learned from last year's security snafu
70-knot winds so far blamed for yacht disaster that killed Brit tech tycoon Mike Lynch
Probe indicates it was all over for Bayesian in just 9 minutes
STORIES
Everyone's deploying AI, but no one's securing it – what could go wrong?
CYBERUK Crickets as senior security folk asked about risks at NCSC conference
CSO14 May 2025 | 20
Ransomware scum have put a target on the no man's land between IT and operations
Defenses are weaker, and victims are more likely to pay, SANS warns
CSO14 May 2025 | 16
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti
Patches14 May 2025 | 2
Intel's data-leaking Spectre defenses scared off yet again
ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit
Research13 May 2025 | 5
Qatar’s $400M jet for Trump is a gold-plated security nightmare
Air Force Dumb
Bootnotes13 May 2025 | 99
Commvault fixes critical Command Center issue after flaw finder alert
Pay-to-play security on CVSS 10 issue is now fixed
Patches13 May 2025 |
'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart
CYBERUK Both agencies seem unbothered despite tech world's clear concerns for US infoseccers
Security13 May 2025 | 6
Marks & Spencer admits cybercrooks made off with customer info
Market cap down by more than £1B since April 22
Cyber-crime13 May 2025 | 67
As US vuln-tracking falters, EU enters with its own security bug database
EUVD comes into play not a moment too soon
Security13 May 2025 | 26
Türkiye-linked spy crew exploited a messaging app zero-day to snoop on Kurdish army in Iraq
'MarbledDust' gang has honed the skills it uses to assist Ankara
Security13 May 2025 | 3
M365 apps on Windows 10 to get security fixes into 2028
Support for the underlying OS is another story
Applications12 May 2025 | 10
CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email
Updated Cripes, we were only joking when we called Elon's social network the new state media
Security12 May 2025 | 53
Why aggregating your asset inventory leads to better security
Today’s complex IT environments demand a new approach
Partner content
Attackers pwn charter airline helping Trump's deportation campaign
Intruders claim they stole GlobalX's flight records and manifests
Cyber-crime12 May 2025 | 49
Britain's cyber agents and industry clash over how to tackle shoddy software
CYBERUK Providers argue that if end users prioritized security, they'd get it
CSO12 May 2025 | 75
Unending ransomware attacks are a symptom, not the sickness
Opinion We need to make taking IT systems 'off the books' a problem for corporate types
Cyber-crime12 May 2025 | 63
DOGE worker's old creds found exposed in infostealer malware dumps
Infosec in brief PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you're never safe; and more
Security12 May 2025 | 19
You think ransomware is bad now? Wait until it infects CPUs
RSAC Rapid7 threat hunter wrote a PoC. No, he's not releasing it
Research11 May 2025 | 64
Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants
The FBI also issued a list of end-of-life routers you need to replace
Cyber-crime10 May 2025 | 10
UK Ministry of Defence is spending less with US biz, and more with Europeans
France's share of MOD cash is growing while the US's shrinks
Offbeat10 May 2025 | 77
VC behemoth Insight Partners fears top-secret financial info swiped by cyber-miscreants
Weapons-grade fuel for fraud
Cyber-crime09 May 2025 | 8
openSUSE deep sixes Deepin desktop over security stink
Linux giant finds Chinese environment to be perilous beneath pretty exterior
Security09 May 2025 | 21
Sudo-rs make me a sandwich, hold the buffer overflows
Ubuntu 25.10 fitted with Rust-written admin tool by default for memory safety's sake
OSes08 May 2025 | 131
PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied
Now individual school districts extorted by fiends
CSO08 May 2025 | 33
After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI
CEO: Neural net tech 'flattens our hiring curve, helps us innovate'
CSO07 May 2025 | 14
Delta Air Lines class action cleared for takeoff over CrowdStrike chaos
Judge allows aspects of passenger lawsuit to proceed
Security07 May 2025 | 2
You'll never guess which mobile browser is the worst for data collection
We were shocked – SHOCKED – by the answer
Security07 May 2025 | 58
Curl project founder snaps over deluge of time-sucking AI slop bug reports
Lead dev likens flood to 'effectively being DDoSed'
Security07 May 2025 | 63
New Zealand kind-of moves to ban social media for under-16s, require age checks for new accounts
Prime Minister bemoans bullying, addiction, and inappropriate content – but isn’t planning a rapid vote
Public Sector07 May 2025 | 30
Super spyware maker NSO must pay Meta $168M in WhatsApp court battle
Don't f&#k with Zuck
CSO06 May 2025 | 17
Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower
What was the plan, showing her his big iron?
AI Infrastructure Month06 May 2025 | 79
Pentagon declares war on 'outdated' software buying, opens fire on open source
(If only that would keep folks off unsanctioned chat app side quests)
Public Sector06 May 2025 | 74
CISA slammed for role in 'censorship industrial complex' as budget faces possible $500M cut
Because who needs cybersecurity when there’s culture wars to win
Public Sector06 May 2025 | 38
Signal chat app clone used by Signalgate's Waltz was apparently an insecure mess
Updated No, really? That's a shocking surprise
Security05 May 2025 | 38
Trump promises protection for TikTok, for which he has a ‘warm spot in my heart’
Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures
Public Sector05 May 2025 | 73
India’s chipmaking ambitions hurt by Zoho’s no-go and Adani unease
Asia in brief PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more!
Public Sector05 May 2025 | 7
Microsoft tries to knife passwords once and for all - at least for consumers
Infosec In Brief PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more!
Security04 May 2025 | 81
RSA Conf wrap: AI and China on everything, everywhere, all at once
RSAC With North Korean IT workers storming the gates, too
Spotlight on RSAC04 May 2025 | 5
Altman's eyeball-scanning biometric blockchain orbs officially come to America
El Reg checks out shop in SF
Bootnotes04 May 2025 | 52
Disney Slack attack wasn't Russian protesters, just a Cali dude with malware
25-year-old fella pleads guilty to stealing, dumping 1.1TB of data from the House of Mouse
Cyber-crime02 May 2025 | 18
Generative AI makes fraud fluent – from phishing lures to fake lovers
RSAC Real-time video deepfakes? Not convincing yet
Spotlight on RSAC02 May 2025 | 5
Three Brits charged over 'active shooter threats' swattings in US, Canada
UK starts prosecution days after FBI vowed to clamp down on the crime
Security02 May 2025 | 39
British govt agents step in as Harrods becomes third mega retailer under cyberattack
Experts suggest the obvious: There is an ongoing coordinated attack on UK retail sector
Cyber-crime02 May 2025 | 142
Dems look to close the barn door after top DOGE dog has bolted
House Oversight probes missing Musk disclosures, background checks, data mess at NLRB
Public Sector01 May 2025 | 101
Healthcare group Ascension discloses second cyberattack on patients' data
This time criminals targeted partner’s third-party software
Cyber-crime01 May 2025 | 1
How Amazon red-teamed Alexa+ to keep your kids from ordering 50 pizzas
RSAC Will the personal assistant shop for groceries? Or get hijacked by a teen?
Spotlight on RSAC01 May 2025 | 35
Chris Krebs loses Global Entry membership amid Trump feud
President's campaign continues against man he claims covered up evidence of electoral fraud in 2020
Security01 May 2025 | 36
Data watchdog will leave British Library alone – further probes 'not worth our time'
No MFA? No problem – as long as you show you’ve learned your lesson
Cyber-crime01 May 2025 | 7
Ex-NSA cyber-boss: AI will soon be a great exploit coder
RSAC For now it's a potential bug-finder and friend to defenders
Spotlight on RSAC30 Apr 2025 | 13
Ex-CISA chief decries cuts as Trump demands loyalty above all else
RSAC Cybersecurity is national security, says Jen Easterly
Spotlight on RSAC30 Apr 2025 | 11
Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China
Feds say $970K scheme defrauded 13+ companies
Cyber-crime30 Apr 2025 | 10
FBI steps in amid rash of politically charged swattings
No specific law against it yet, but that's set to change
Security30 Apr 2025 | 57
Ghost in the shell script: Boffins reckon they can catch bugs before programs run
Go ahead, please do Bash static analysis
CSO30 Apr 2025 | 39
Cloud doesn’t mean secure: How Intruder finds what others miss
A cloud security platform that manages the attack surface and security vulnerabilities in AWS
Sponsored post
Watch out for any Linux malware sneakily evading syscall-watching antivirus
Google dumped io_uring after $1M in bug bounties
CSO29 Apr 2025 | 17
Enterprise tech dominates zero-day exploits with no signs of slowdown
As Big Tech gets used to the pain, smaller vendors urged to up their game
Research29 Apr 2025 | 1
China now America's number one cyber threat – US must get up to speed
RSAC Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable
Spotlight on RSAC29 Apr 2025 | 22
Infosec pros tell Trump to quit bullying Chris Krebs – it's undermining security
Top voices warn that political retaliation puts democracy and national defense at risk
Security29 Apr 2025 | 70
China is using AI to sharpen every link in its attack chain, FBI warns
RSAC Artificial intelligence is helping Beijing's goons break in faster and stay longer
Spotlight on RSAC29 Apr 2025 | 11
The one interview question that will protect you from North Korean fake workers
RSAC FBI and others list how to spot NK infiltrators, but AI will make it harder
Spotlight on RSAC29 Apr 2025 | 96
Swiss boffins admit to secretly posting AI-penned posts to Reddit in the name of science
They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse
AI + ML29 Apr 2025 | 22
Open source text editor poisoned with malware to target Uyghur users
Who could possibly be behind this attack on an ethnic minority China despises?
Security29 Apr 2025 | 19
Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus
Florida man altered allergen info, DoSed former colleagues
Cyber-crime29 Apr 2025 | 15
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
Updated Sometimes, silence is the best option
CSO28 Apr 2025 | 10
How to survive as a CISO aka 'chief scapegoat officer'
RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel
Spotlight on RSAC28 Apr 2025 | 9
Admission impossible: NSA, CISA brass absent from RSA Conf
RSAC Homeland Security boss Noem added as last-minute keynote, mind you
Spotlight on RSAC28 Apr 2025 | 11
The future of AI in cybersecurity in a word: Optimistic
Think of artificial intelligence as your embedded ally
Sponsored post
From 112K to 4M folks' data – HR biz attack goes from bad to mega bad
It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands
Cyber-crime28 Apr 2025 | 7
Back online after 'catastrophic' attack, 4chan says it's too broke for good IT
Image board hints that rumors of a poorly maintained back end may be true
Security28 Apr 2025 | 39
Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025
Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year
OSes28 Apr 2025 | 38
Samsung admits Galaxy devices can leak passwords through clipboard wormhole
Infosec in brief PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more!
Security28 Apr 2025 | 11
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed
Opinion Infosec is a team sport … unless you're in the White House
Public Sector25 Apr 2025 | 98
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member
What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future
CSO25 Apr 2025 | 17
More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans
GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures
Security25 Apr 2025 | 8
Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions
Where have we heard this before? Feb security update needs its own fix
OSes25 Apr 2025 | 1
M&S stops online orders as 'cyber incident' issues worsen
One step forward and one step back as earlier hopes of progress dashed by latest update
Cyber-crime25 Apr 2025 | 21
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues
Patches25 Apr 2025 | 2
Claims assistance firm fined for cold-calling people who put themselves on opt-out list
Third-party data supplier also in hot water with Brit regulator over consent issues
Security25 Apr 2025 | 33
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
Because coding phishing sites from scratch is a real pain in the neck
Cyber-crime25 Apr 2025 | 5
SSNs and more on 5.5M+ patients feared stolen from Yale Health
At least it wasn't Harvard
Cyber-crime24 Apr 2025 | 5
Biting the hand that feeds IT
