Socket buys Coana to tell you which security alerts you can ignore
Sometimes, less information is more
Security15 May 2025 |
CSO
Snowflake CISO on the power of 'shared destiny' and 'yes and'
interview Lessons learned from last year's security snafu
CSO15 May 2025 | 2
Why CVSS is failing us and what we can do about it
Partner content How Adversarial Exposure Validation is changing the way we approach vulnerability management
Partner content
Ivanti patches two zero-days under active attack as intel agency warns customers
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product
Patches14 May 2025 | 1
Go ahead and ignore Patch Tuesday – it might improve your security
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
Patches14 May 2025 | 26
Everyone's deploying AI, but no one's securing it – what could go wrong?
CYBERUK Crickets as senior security folk asked about risks at NCSC conference
CSO14 May 2025 | 14
Ransomware scum have put a target on the no man's land between IT and operations
Defenses are weaker, and victims are more likely to pay, SANS warns
CSO14 May 2025 | 16
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti
Patches14 May 2025 | 2
Why aggregating your asset inventory leads to better security
Today’s complex IT environments demand a new approach
Partner content
Britain's cyber agents and industry clash over how to tackle shoddy software
CYBERUK Providers argue that if end users prioritized security, they'd get it
CSO12 May 2025 | 74
Unending ransomware attacks are a symptom, not the sickness
Opinion We need to make taking IT systems 'off the books' a problem for corporate types
Cyber-crime12 May 2025 | 63
PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied
Now individual school districts extorted by fiends
CSO08 May 2025 | 33
After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI
CEO: Neural net tech 'flattens our hiring curve, helps us innovate'
CSO07 May 2025 | 14
Super spyware maker NSO must pay Meta $168M in WhatsApp court battle
Don't f&#k with Zuck
CSO06 May 2025 | 17
Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower
What was the plan, showing her his big iron?
AI Infrastructure Month06 May 2025 | 79
RSA Conf wrap: AI and China on everything, everywhere, all at once
RSAC With North Korean IT workers storming the gates, too
Spotlight on RSAC04 May 2025 | 5
Generative AI makes fraud fluent – from phishing lures to fake lovers
RSAC Real-time video deepfakes? Not convincing yet
Spotlight on RSAC02 May 2025 | 5
How Amazon red-teamed Alexa+ to keep your kids from ordering 50 pizzas
RSAC Will the personal assistant shop for groceries? Or get hijacked by a teen?
Spotlight on RSAC01 May 2025 | 35
Ex-NSA cyber-boss: AI will soon be a great exploit coder
RSAC For now it's a potential bug-finder and friend to defenders
Spotlight on RSAC30 Apr 2025 | 13
Ghost in the shell script: Boffins reckon they can catch bugs before programs run
Go ahead, please do Bash static analysis
CSO30 Apr 2025 | 39
Popular
VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals
Admits due diligence fell short - furious users cry ‘gaslighting’
Ransomware scum have put a target on the no man's land between IT and operations
Defenses are weaker, and victims are more likely to pay, SANS warns
Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb
'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation'
Intel's data-leaking Spectre defenses scared off yet again
ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit
Europe plots escape hatch from the enshittification of search
Plus: How to make Google less unhelpful
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti
Everyone's deploying AI, but no one's securing it – what could go wrong?
CYBERUK Crickets as senior security folk asked about risks at NCSC conference
Go ahead and ignore Patch Tuesday – it might improve your security
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
US tech titans rejoice in $600B Saudi shopping spree
Prince Mohammed bin Bone Saw will take a few hundred thousand GPUs with his missiles and fighter jets
Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play
Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated
STORIES
Cloud doesn’t mean secure: How Intruder finds what others miss
A cloud security platform that manages the attack surface and security vulnerabilities in AWS
Sponsored post
Watch out for any Linux malware sneakily evading syscall-watching antivirus
Google dumped io_uring after $1M in bug bounties
CSO29 Apr 2025 | 17
China is using AI to sharpen every link in its attack chain, FBI warns
RSAC Artificial intelligence is helping Beijing's goons break in faster and stay longer
Spotlight on RSAC29 Apr 2025 | 11
Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus
Florida man altered allergen info, DoSed former colleagues
Cyber-crime29 Apr 2025 | 15
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
Updated Sometimes, silence is the best option
CSO28 Apr 2025 | 10
How to survive as a CISO aka 'chief scapegoat officer'
RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel
Spotlight on RSAC28 Apr 2025 | 9
Admission impossible: NSA, CISA brass absent from RSA Conf
RSAC Homeland Security boss Noem added as last-minute keynote, mind you
Spotlight on RSAC28 Apr 2025 | 11
The future of AI in cybersecurity in a word: Optimistic
Think of artificial intelligence as your embedded ally
Sponsored post
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed
Opinion Infosec is a team sport … unless you're in the White House
Public Sector25 Apr 2025 | 98
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member
What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future
CSO25 Apr 2025 | 17
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues
Patches25 Apr 2025 | 2
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
Because coding phishing sites from scratch is a real pain in the neck
Cyber-crime25 Apr 2025 | 5
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year
Cybercriminals are targeting software shops, accountants, lawyers
CSO24 Apr 2025 | 2
Blue Shield says it shared health info on up to 4.7M patients with Google Ads
Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway
CSO23 Apr 2025 | 25
We’re calling it now: Agentic AI will win RSAC buzzword Bingo
RSAC All aboard the hype train
Spotlight on RSAC23 Apr 2025 | 8
Who needs phishing when your login's already in the wild?
Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get
CSO23 Apr 2025 | 11
America's cyber defenses are being dismantled from the inside
Opinion The CVE system nearly dying shows that someone has lost the plot
CSO23 Apr 2025 | 92
Two CISA officials jump ship, both proud of pushing for Secure by Design software
As cyber-agency faces cuts, makes noises about switching up program
Public Sector22 Apr 2025 | 11
A pot of $250K is now available to ransomware researchers, but it feeds a commercial product
Security bods can earn up to $10K per report
Research22 Apr 2025 | 3
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
10 other certificates 'were mis-issued and have now been revoked'
CSO22 Apr 2025 | 13
Today's LLMs craft exploits from patches at lightning speed
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours
AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days
It's now hitting govt, enterprise targets
CSO21 Apr 2025 | 31
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter
Some in the infosec world definitely want to see Big Red crucified
CSO18 Apr 2025 | 6
CVE fallout: The splintering of the standard vulnerability tracking system has begun
Comment MITRE, EUVD, GCVE … WTF?
Spotlight on RSAC18 Apr 2025 | 89
Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances
Illegitimi non carborundum? Nice password, Mr Ex-CISA
Spotlight on RSAC17 Apr 2025 | 69
Whistleblower describes DOGE IT dept rampage at America's labor watchdog
Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim
CSO17 Apr 2025 | 53
Signalgate chats vanish from CIA chief phone
Extraordinary rendition of data, or just dropped it out of a helicopter?
CSO16 Apr 2025 | 22
Identifying the cyber risks that matter
From noise to clarity: Why CISOs are shifting to adversarial exposure validation
Partner content
CVE program gets last-minute funding from CISA – and maybe a new home
Uncertainty is the new certainty
CSO16 Apr 2025 | 32
Guess what happens when ransomware fiends find 'insurance' 'policy' in your files
It involves a number close to three or six depending on the pickle you're in
Spotlight on RSAC16 Apr 2025 | 20
Uncle Sam kills funding for CVE program. Yes, that CVE program
Updated Because vulnerability management has nothing to do with national security, right?
CSO16 Apr 2025 | 179
All right, you can have one: DOGE access to Treasury IT OK'd judge
Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez
Public Sector15 Apr 2025 | 18
New SSL/TLS certs to each live no longer than 47 days by 2029
IT admins, get ready to grumble
CSO14 Apr 2025 | 126
Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks
Feature Military units, government nerds appear to join the fray, with physical infra in sights
CSO13 Apr 2025 | 7
LLMs can't stop making up software dependencies and sabotaging everything
Hallucinated package names fuel 'slopsquatting'
AI Software Development Week12 Apr 2025 | 98
Infosec experts fear China could retaliate against tariffs with a Typhoon attack
World War Fee Scammers are already cashing in with fake invoices for import costs
CSO10 Apr 2025 | 31
Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs
Updated Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories
Public Sector10 Apr 2025 | 113
Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz
Cloud Next How Chocolate Factory hopes to double down on enterprise-sec
CSO09 Apr 2025 | 7
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug
Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low
Patches08 Apr 2025 | 14
As CISA braces for more cuts, threat intel sharing takes a hit
Analysis How will 'gutting' civilian defense agency make American cybersecurity great again?
Public Sector08 Apr 2025 | 11
Oracle says its cloud was in fact compromised
Reliability, honesty, accuracy. And then there's this lot
PaaS + IaaS08 Apr 2025 | 37
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
But this mystery isn't over yet, Unit 42 opines
Devops07 Apr 2025 | 7
UK's attempt to keep details of Apple 'backdoor' case secret… denied
Last month's secret hearing comes to light
CSO07 Apr 2025 | 123
Signalgate: Pentagon watchdog probes Defense Sec Hegseth
Classification compliance? Records retention requirements? How quaint
Public Sector04 Apr 2025 | 108
For flux sake: CISA, annexable allies warn of hot DNS threat
Shape shifting technique described as menace to national security
CSO03 Apr 2025 | 5
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years
Simple denial-of-service blunder turned out to be remote unauth code exec disaster
Cyber-crime03 Apr 2025 | 3
Why is someone mass-scanning Juniper and Palo Alto Networks products?
Updated Espionage? Botnets? Trying to exploit a zero-day?
Networks03 Apr 2025 | 11
Heterogeneous stacks, ransomware, and ITaaS: A DR nightmare
Comment Recovery's never been harder in today's tangled, outsourced infrastructure
Disaster Recovery Week03 Apr 2025 | 6
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling
Double-oh-sh...
CSO02 Apr 2025 | 10
Crimelords at Hunters International tell lackeys ransomware too 'risky'
Bosses say theft now the name of the game with a shift in tactics, apparent branding
Cyber-crime02 Apr 2025 | 6
For healthcare orgs, DR means making sure docs can save lives during ransomware infections
Organizational, technological resilience combined defeat the disease that is cybercrime
Disaster Recovery Week02 Apr 2025 | 6
Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed
1990s incident response in 2025
PaaS + IaaS31 Mar 2025 | 8
China’s FamousSparrow flies back into action, breaches US org after years off the radar
Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET
Networks27 Mar 2025 | 2
Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat
Updated So F-18 launch times, weapons, drone support aren't classified now ... who knew?
CSO26 Mar 2025 | 265
US defense contractor cops to sloppy security, settles after infosec lead blows whistle
MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade
CSO26 Mar 2025 | 11
There are 10,000 reasons to doubt Oracle Cloud's security breach denial
Customers come forward claiming info was swiped from prod
Cyber-crime25 Mar 2025 | 43
FCC on the prowl for Huawei and other blocked Chinese makers in America
Be vewy vewy quiet, I'm hunting rackets
Networks24 Mar 2025 | 8
As nation-state hacking becomes 'more in your face,' are supply chains secure?
Interview Ex-US Air Force officer says companies shouldn't wait for govt mandates
CSO24 Mar 2025 | 10
Oracle Cloud says it's not true someone broke into its login servers and stole data
Despite evidence to the contrary as alleged pilfered info goes on sale
Cyber-crime23 Mar 2025 | 29
Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US
Interview Plus AI in the infosec world, why CISA should know its place, and more
CSO23 Mar 2025 | 43
Show top LLMs some code and they'll merrily add in the bugs they saw in training
One more time, with feeling ... Garbage in, garbage out
AI + ML19 Mar 2025 | 33
CISA fires, now rehires and immediately benches security crew on full pay
DOGE efficiency in action
Public Sector18 Mar 2025 | 51
UK wants dirt on data brokers before criminals get there first
Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs
CSO18 Mar 2025 | 12
Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up
Don't laugh. This kind of warning shows crims are getting desperate
Cyber-crime18 Mar 2025 | 13
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
Updated One PUT request, one poisoned session file, and the server’s yours
CSO18 Mar 2025 | 8
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database
More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit
CSO17 Mar 2025 | 129
Dems ask federal agencies for reassurance DOGE isn't feeding data into AI willy-nilly
Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail
AI + ML13 Mar 2025 | 33
Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
Feds warn gang still rampant and now cracked 300+ victims around the world
Cyber-crime13 Mar 2025 | 4
UK must pay cyber pros more than its Prime Minister, top civil servant says
Leaders call for fewer contractors and more top talent installed across government
CSO12 Mar 2025 | 72
CISA pen-tester says 100-strong red team binned after DOGE canceled contract
Updated Election infosec advisory center also shuttered
Public Sector12 Mar 2025 | 166
Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it
Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands
CSO10 Mar 2025 | 10
How NOT to f-up your security incident response
Feature Experts say that the way you handle things after the criminals break in can make things better or much, much worse
Spotlight on RSAC10 Mar 2025 | 15
The NHS security culture problem is a crisis years in the making
Analysis Insiders say board members must be held accountable and drive positive change from the top down
CSO10 Mar 2025 | 29
Strap in, get ready for more Rust drivers in Linux kernel
Likening memory safety bugs to smallpox may not soothe sensitive C coders
OSes10 Mar 2025 | 70
Developer sabotaged ex-employer with kill switch activated when he was let go
IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes
Bootnotes08 Mar 2025 | 79
Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks
Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox
Cyber-crime06 Mar 2025 | 4
Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security
Video Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told
Public Sector05 Mar 2025 | 57
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets
Updated They're good at zero-day exploits, too
Public Sector05 Mar 2025 | 17
VMware splats guest-to-hypervisor escape bugs already exploited in wild
The heap overflow zero-day in the memory unsafe code by Miss Creant
Virtualization04 Mar 2025 | 8
It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake
Says the biz trying to sell us stuff to catch that, admittedly
AI + ML04 Mar 2025 | 18
Biting the hand that feeds IT
