Oracle Cloud says it's not true someone broke into its login servers and stole data
Despite evidence to the contrary as alleged pilfered info goes on sale
Cyber-crime23 Mar 2025 | 6
CSO
Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US
Interview Plus AI in the infosec world, why CISA should know its place, and more
CSO23 Mar 2025 | 12
Show top LLMs some code and they'll merrily add in the bugs they saw in training
One more time, with feeling ... Garbage in, garbage out
AI + ML19 Mar 2025 | 32
CISA fires, now rehires and immediately benches security crew on full pay
DOGE efficiency in action
Public Sector18 Mar 2025 | 51
UK wants dirt on data brokers before criminals get there first
Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs
CSO18 Mar 2025 | 12
Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up
Don't laugh. This kind of warning shows crims are getting desperate
Cyber-crime18 Mar 2025 | 13
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
Updated One PUT request, one poisoned session file, and the server’s yours
CSO18 Mar 2025 | 8
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database
More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit
CSO17 Mar 2025 | 121
Dems ask federal agencies for reassurance DOGE isn't feeding data into AI willy-nilly
Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail
AI + ML13 Mar 2025 | 33
Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
Feds warn gang still rampant and now cracked 300+ victims around the world
Cyber-crime13 Mar 2025 | 4
UK must pay cyber pros more than its Prime Minister, top civil servant says
Leaders call for fewer contractors and more top talent installed across government
CSO12 Mar 2025 | 72
CISA pen-tester says 100-strong red team binned after DOGE canceled contract
Updated Election infosec advisory center also shuttered
Public Sector12 Mar 2025 | 163
Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it
Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands
CSO10 Mar 2025 | 10
How NOT to f-up your security incident response
Feature Experts say that the way you handle things after the criminals break in can make things better or much, much worse
CSO10 Mar 2025 | 15
The NHS security culture problem is a crisis years in the making
Analysis Insiders say board members must be held accountable and drive positive change from the top down
CSO10 Mar 2025 | 29
Strap in, get ready for more Rust drivers in Linux kernel
Likening memory safety bugs to smallpox may not soothe sensitive C coders
OSes10 Mar 2025 | 68
Developer sabotaged ex-employer with kill switch activated when he was let go
IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes
Bootnotes08 Mar 2025 | 78
Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks
Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox
Cyber-crime06 Mar 2025 | 4
Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security
Video Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told
Public Sector05 Mar 2025 | 57
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets
Updated They're good at zero-day exploits, too
Public Sector05 Mar 2025 | 17
Popular
CISA fires, now rehires and immediately benches security crew on full pay
DOGE efficiency in action
Amazon to kill off local Alexa processing, all voice requests shipped to the cloud
Web souk says Echo hardware doesn't have the oomph for next-gen AI anyway
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database
More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit
Microsoft isn't fixing 8-year-old shortcut exploit abused for spying
'Only' a local access bug but important part of N Korea, Russia, and China attack picture
Microsoft wouldn't look at a bug report without a video. Researcher maliciously complied
Maddening techno bass loop, Zoolander reference, and 14 minutes of time wasted
DoorDash sued for allegedly branding customer a fraudster after delivery photo query
Dispute over app privacy escalates into legal brawl
GitHub supply chain attack spills secrets from 23,000 projects
Large organizations among those cleaning up the mess
Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content
Slop-making machine will feed unauthorized scrapers what they so richly deserve, hopefully without poisoning the internet
It looks like IBM is cutting jobs again, with Classic Cloud hit hard
We're told thousands may soon get a pink slip from Big Blue
Time to ditch US tech for homegrown options, says Dutch parliament
Trump administration 'has made the call for tech sovereignty an urgent geopolitical issue'
STORIES
VMware splats guest-to-hypervisor escape bugs already exploited in wild
The heap overflow zero-day in the memory unsafe code by Miss Creant
Virtualization04 Mar 2025 | 8
It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake
Says the biz trying to sell us stuff to catch that, admittedly
AI + ML04 Mar 2025 | 18
So … Russia no longer a cyber threat to America?
Comment Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks
Public Sector04 Mar 2025 | 218
Cybersecurity not the hiring-'em-like-hotcakes role it once was
Analysis Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts
CSO03 Mar 2025 | 15
C++ creator calls for help to defend programming language from 'serious attacks'
Bjarne Stroustrup wants standards body to respond to memory-safety push as Rust monsters lurk at the door
Software02 Mar 2025 | 213
Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in
Plus: New figurehead of DOGE emerges and they aren't called Elon
Public Sector26 Feb 2025 | 37
Drug-screening biz DISA took a year to disclose security breach affecting millions
If there's something nasty on your employment record, extortion scum could come calling
Cyber-crime26 Feb 2025 | 5
Xi know what you did last summer: China was all up in Republicans' email, says book
Of course, Microsoft is in the mix, isn't it
Cyber-crime25 Feb 2025 | 29
How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit
Analysis Blueprints shared for jail-breaking models that expose their chain-of-thought process
AI + ML25 Feb 2025 | 30
Google binning SMS MFA at last and replacing it with QR codes
Everyone knew texted OTPs were a dud back in 2016
CSO25 Feb 2025 | 105
Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable
Final update Nobody wants memory bugs. Penguinistas continue debate on how to squish 'em
OSes21 Feb 2025 | 178
Trump’s DoD CISO pick previously faced security clearance suspension
Hey, at least Katie Arrington brings a solid resume
Public Sector19 Feb 2025 | 13
Time to make C the COBOL of this century
Opinion Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees
CSO18 Feb 2025 | 222
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish
Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir
CSO15 Feb 2025 | 27
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
updated Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew
Networks14 Feb 2025 | 9
More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs
Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks
Networks13 Feb 2025 | 5
Mysterious Palo Alto firewall reboots? You're not alone
Limited-edition hotfix to get wider release before end of month
Networks13 Feb 2025 | 6
Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities
FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff
CSO13 Feb 2025 | 75
Sophos sheds 6% of staff after swallowing Secureworks
De-dupes some roles, hints others aren't needed as the infosec scene shifts
CSO13 Feb 2025 | 7
Trump’s cyber chief pick has little experience in The Cyber
GOP lawyer Sean Cairncross will be learning on the fly, as we also say hi to new intelligence boss Tulsi Gabbard
Public Sector12 Feb 2025 | 54
Probe finds US Coast Guard has left maritime cybersecurity adrift
Numerous systemic vulnerabilities could scuttle $5.4T industry
Public Sector11 Feb 2025 | 13
Yup, AMD's Elba and Giglio definitely sound like they work corporate security
Which is why Cisco is adding these Pensando DPUs to more switches
Networks11 Feb 2025 | 3
I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice
Remote position, webcam not working, then glitchy AI face ... Red alert!
CSO11 Feb 2025 | 82
If Ransomware Inc was a company, its 2024 results would be a horror show
35% drop in payments across the year as your backups got better and law enforcement made a difference
CSO07 Feb 2025 | 2
Federal judge tightens DOGE leash over critical Treasury payment system access
Final update Lawsuit: 'Scale of intrusion into individuals' privacy is massive and unprecedented'
Public Sector06 Feb 2025 | 28
Democrats demand to know WTF is up with that DOGE server on OPM's network
Updated Are you trying to make this easy for China and Russia?
Public Sector06 Feb 2025 | 153
Mixing Rust and C in Linux likened to cancer by kernel maintainer
Updated Some worry multiple languages will make it harder to maintain this open source uber-project, others disagree
Software05 Feb 2025 | 127
Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant'
When cloud customers don't clean up after themselves, part 97
CSO04 Feb 2025 | 33
What does it mean to build in security from the ground up?
Systems Approach As if secure design is the only bullet point in a list of software engineering best practices
CSO02 Feb 2025 | 12
Another banner year for ransomware gangs despite takedowns by the cops
And it doesn't take a crystal ball to predict the future
Cyber-crime31 Jan 2025 | 6
Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek
Oh someone's in DeepShi...
CSO30 Jan 2025 | 71
North Koreans clone open source projects to plant backdoors, steal credentials
Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better?
Devops29 Jan 2025 | 2
Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
And now you won't stop calling me, I'm kinda busy
CSO29 Jan 2025 | 4
Spending watchdog blasts UK govt over sloth-like progress to shore up IT defenses
Think government cybersecurity is bad? Guess again. It’s alarmingly so
Public Sector29 Jan 2025 | 13
The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster
Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings
CSO29 Jan 2025 | 57
US freezes foreign aid, halting cybersecurity defense and policy funds for allies
Updated Uncle Sam will 'no longer blindly dole out money,' State Dept says
Public Sector27 Jan 2025 | 86
Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet
Who could be so interested in chips, manufacturing, and more, in the US, UK, Europe, Russia...
Networks25 Jan 2025 | 78
Who is DDoSing you? Rivals, probably, or cheesed-off users
Plus: 'Largest-ever' duff traffic tsunami clocks in at 5.6 Tbps
Networks23 Jan 2025 | 7
Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch
Feature Everyone agrees defense matters. How to do it is up for debate
CSO22 Jan 2025 | 20
Ransomware scum make it personal for Reg readers by impersonating tech support
That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems
CSO22 Jan 2025 | 18
Sage Copilot grounded briefly to fix AI misbehavior
'Minor issue' with showing accounting customers 'unrelated business information' required repairs
AI + ML20 Jan 2025 | 23
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries
The S in LLM stands for Security
AI + ML19 Jan 2025 | 31
FCC to telcos: By law you must secure your networks from foreign spies. Get on it
Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping
CSO17 Jan 2025 | 29
Biden signs sweeping cybersecurity order, just in time for Trump to gut it
Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive
Public Sector17 Jan 2025 | 40
Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling
Some of you have apparently already botched chatbots or allowed ‘shadow AI’ to creep in
Nvidia GTC17 Jan 2025 | 11
GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches'
Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools
CSO15 Jan 2025 | 13
China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says
We are only seeing 'the tip of the iceberg,' Easterly warns
Security15 Jan 2025 | 11
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used
Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg
Networks14 Jan 2025 | 26
Database tables of student, teacher info stolen from PowerSchool in cyberattack
Class act: Cloud biz only serves 60M-plus folks globally, no biggie
Cyber-crime09 Jan 2025 | 23
I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director
In colossal surprise, ONCD boss Harry Coker says more work is needed
CSO08 Jan 2025 | 12
Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid
OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop
CSO02 Jan 2025 | 3
Trump administration wants to go on cyber offensive against China
The US has never attacked Chinese critical infrastructure before, right?
Cyber-crime16 Dec 2024 | 25
China's Salt Typhoon recorded top American officials' calls, says White House
No word yet on who was snooped on. Any bets?
CSO09 Dec 2024 | 24
OpenWrt orders router firmware updates after supply chain attack scare
A couple of bugs lead to a potentially bad time
CSO09 Dec 2024 | 6
Microsoft dangles $10K for hackers to hijack LLM email service
Outsmart an AI, win a little Christmas cash
CSO09 Dec 2024 | 12
Salt Typhoon forces FCC's hand on making telcos secure their networks
Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns
Security06 Dec 2024 | 4
Solana blockchain's popular web3.js npm package backdoored to steal keys, funds
Damage likely limited to those running bots with private PKI access
Cyber-crime05 Dec 2024 | 7
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career'
Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat
CSO05 Dec 2024 | 54
Microsoft says premature patch could make Windows Recall forget how to work
Installed the final non-security preview update of 2024? Best not hop onto the Dev Channel
CSO04 Dec 2024 | 25
T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes'
Funny what putting more effort and resources into IT security can do
CSO27 Nov 2024 | 9
Security? We've heard of it: How Microsoft plans to better defend Windows
Ignite Did we say CrowdStrike? We meant, er, The July Incident...
CSO25 Nov 2024 | 28
Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain?
Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration
Public Sector23 Nov 2024 | 41
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole
Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more
CSO22 Nov 2024 | 22
Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator
Meet Liminal Panda, which prowls telecom networks in South Asia and Africa
CSO20 Nov 2024 | 32
D-Link tells users to trash old VPN routers over bug too dangerous to identify
Vendor offers 20% discount on new model, but not patches
CSO20 Nov 2024 | 59
Data is the new uranium – incredibly powerful and amazingly dangerous
Column CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value
CSO20 Nov 2024 | 56
Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit
Yank access to management interface, stat
CSO15 Nov 2024 | 28
Five Eyes infosec agencies list 2023's most exploited software flaws
Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns
CSO14 Nov 2024 | 28
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue
Plus: CISA's ScubaGear dives deep to fix M365 misconfigs
CSO14 Nov 2024 | 2
Air National Guardsman gets 15 years after splashing classified docs on Discord
22-year-old talked of 'culling the weak minded' – hmm!
Cyber-crime13 Nov 2024 | 93
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code
'Once again, we've lost a little more faith in the internet,' researcher says
CSO12 Nov 2024 | 3
Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms
Arguments continue but change suggests it's not Free Software anymore
Applications24 Oct 2024 | 16
US healthcare org admits up to 400,000 people's personal info was snatched
It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it
Cybersecurity Month14 Oct 2024 | 3
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
Usual three-week window to address significant risks to federal agencies applies
Cybersecurity Month10 Oct 2024 |
Ransomware gang Trinity joins pile of scumbags targeting healthcare
As if hospitals and clinics didn't have enough to worry about
Cybersecurity Month09 Oct 2024 | 5
Average North American CISO pay now $565K, mainly thanks to one weird trick
Best way to boost your package is to leave, or pretend to
Cybersecurity Month03 Oct 2024 | 12
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant
Exclusive Crooks 'like a sysadmin, with a malicious slant'
Cybersecurity Month03 Oct 2024 | 3
Brits hate how big tech handles their data, but can't be bothered to do much about it
Managing the endless stream of cookie banners leaves little energy for anything else
Cybersecurity Month03 Oct 2024 | 38
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking
With 14 serious security flaws found, what a gift for spies and crooks
Cybersecurity Month02 Oct 2024 | 21
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing
Poor use of PHP include() strikes again
Cybersecurity Month02 Oct 2024 | 4
Biting the hand that feeds IT
