Fake job applications pack malware that kills endpoint detection before stealing data
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses
Research10 Mar 2026 | 39
CSO
Scattered Lapsus$ Hunters auditioning female voices to sharpen social engineering
Telegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse
Cyber-crime26 Feb 2026 | 4
Every day in every way, passwords are getting worse and worse
opinion The only good password is no password at all
Security23 Feb 2026 | 92
CISA updated ransomware intel on 59 bugs last year without telling defenders
GreyNoise's Glenn Thorpe counts the cost of missed opportunities
CSO03 Feb 2026 | 4
AI security startup CEO posts a job. Deepfake candidate applies, inner turmoil ensues
'I did not think it was going to happen to me, but here we are'
CSO01 Feb 2026 | 58
AI-powered cyberattack kits are 'just a matter of time,' warns Google exec
Security chief says criminals are already automating workflows, with full end-to-end tools likely within years
CSO23 Jan 2026 | 10
Fortinet admits FortiGate SSO bug still exploitable despite December patch
Fix didn't quite do the job – attackers spotted logging in
CSO23 Jan 2026 | 3
CrowdStrike shareholders lose battle to recoup losses from 2024 outage
Investors didn't present a valid claim, says judge, but they're welcome to try again
Security14 Jan 2026 | 7
'Imagination the limit': DeadLock ransomware gang using smart contracts to hide their work
New crooks on the block get crafty with blockchain to evade defenses
Research14 Jan 2026 | 2
No fire sale for firewalls as memory shortages could push prices higher
In SEC filings, Fortinet and Palo Alto show shrinking product margins taking hold.
Security12 Jan 2026 | 4
Ransomware attacks kept climbing in 2025 as gangs refused to stay dead
Cop wins hit crime infrastructure, not the people behind it
Cyber-crime08 Jan 2026 | 15
Palo Alto Networks security-intel boss calls AI agents 2026's biggest insider threat
interview Lock 'em down
Agentic AI04 Jan 2026 | 22
Around 1,000 systems compromised in ransomware attack on Romanian water agency
On-site staff keep key systems working while all but one region battles with encrypted PCs
CSO22 Dec 2025 | 8
Half of exposed React servers remain unpatched amid active exploitation
Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews
Cyber-crime12 Dec 2025 | 14
CISA warns spyware crews are breaking into Signal and WhatsApp accounts
Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users
Cyber-crime25 Nov 2025 | 34
FCC guts post-Salt Typhoon telco rules despite ongoing espionage risk
Months after China-linked spies burrowed into US networks, regulator tears up its own response
CSO24 Nov 2025 | 10
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix
CSO24 Nov 2025 |
SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere
Company 'clearly delighted' with the outcome
CSO20 Nov 2025 | 2
Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood
Updated GlobalProtect login endpoints targeted, sparking concern that something bigger may be brewing
CSO20 Nov 2025 | 6
Amazon security boss: Hostile countries use cyber targeting for physical military strikes
interview And companies are getting caught in the crossfire
AWS Re:invent19 Nov 2025 | 15
Popular
Swiss e-voting pilot can't count 2,048 ballots after USB keys fail to decrypt them
Officials suspend Basel-Stadt trial and launch probe
Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack
Could steal sensitive personal and financial data
Microsoft Authenticator to nuke Entra creds on rooted and jailbroken phones
Warning, lockout, then wipe if your device trips detection
DR-DOS rises again – rebuilt from scratch, not open source
Project claims legal clarity and zero legacy code, but offers binaries only
Fake job applications pack malware that kills endpoint detection before stealing data
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses
Musk admits Starship V3 launch date has slipped as Super Heavy booster rolls into place
Launch predictions continue to be optimistic as 2027 and Artemis III near
Linux PC vendor System76 tries to talk Colorado down over OS age checks
Don't celebrate yet – more states are considering them
Ericsson blames vendor vishing slip-up for breach exposing thousands of records
Crooks used simple phone scam to compromise vendor account, spilling personal and financial data belonging to more than 15,000 people
Polish cops bust alleged teen DDoS kit sellers – youngest just 12
Kids profited from tools used to attack popular websites, say officials
Crooks compromise WordPress sites to push infostealers via fake CAPTCHA prompts
Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate’s campaign page
STORIES
Overconfidence is the new zero-day as teams stumble through cyber simulations
Readiness metrics have flatlined since 2023, with most sectors slipping backward as teams fumble crisis drills
Security17 Nov 2025 | 7
UK's Cyber Security and Resilience Bill makes Parliamentary debut
Various touch-ups added as MPs seek greater resilience to attacks on critical sectors
Security12 Nov 2025 | 15
Cyber insurers paid out over twice as much for UK ransomware attacks last year
Massive increase in policy claims… and data doesn’t even cover the major attacks of 2025
Cyber-crime11 Nov 2025 | 13
Cyberpunks mess with Canada's water, energy, and farm systems
Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls
Cyber-crime30 Oct 2025 | 17
Trump's workforce cuts blamed as America's cyber edge dulls
The Cyberspace Solarium Commission says years of progress are being undone amid current administration's cuts
Public Sector23 Oct 2025 | 26
Feds flag active exploitation of patched Windows SMB vuln
CISA adds high-severity flaw to KEV list, urges swift updating
Cyber-crime21 Oct 2025 | 6
How malware vaccines could stop ransomware's rampage
Feature Security pros explore whether infection-spoofing code can immunize Windows systems against attack
Security21 Oct 2025 | 24
Take this rob and shove it! Salesforce issues stern retort to ransomware extort
CRM giant 'will not engage, negotiate with, or pay' the scumbags
Cyber-crime08 Oct 2025 | 7
Germany slams brakes on EU's Chat Control device-scanning snoopfest
Berlin's opposition likely kills off Brussels' bid to scan everyone's messages
CSO08 Oct 2025 | 47
Employees regularly paste company secrets into ChatGPT
Microsoft Copilot, not so much
AI + ML07 Oct 2025 | 47
Oracle tells Clop-targeted EBS users to apply July patch, problem solved
Researchers suggest internet-facing portals are exposing 'thousands' of orgs
Cybersecurity Month03 Oct 2025 |
Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files
570GB of data claimed to be stolen by the Crimson Collective
Cybersecurity Month02 Oct 2025 | 19
Warnings about Cisco vulns under active exploit are falling on deaf ears
50,000 firewall devices still exposed
Patches30 Sep 2025 | 22
Google warns China-linked spies lurking in 'numerous' enterprises
Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'
Research24 Sep 2025 | 8
Politicos: 'There is a good strong case for government intervention' on JLR cyberattack
Covid-style financial support? Nothing to confirm yet, say MPs
Cyber-crime24 Sep 2025 | 23
Workers fear for their jobs as JLR's latest shutdown extended
With no idea when engines restart, families gear down on spending ahead of Christmas
Cyber-crime23 Sep 2025 | 31
UK chancellor Putin the blame on Russia for cyber chaos, but evidence says otherwise
Reeves points finger at Moscow in interview when authorities reckon it's local lads
Cyber-crime23 Sep 2025 | 88
Ding ding: Fortra rings the perfect-10 bell over latest GoAnywhere MFT bug
Outside experts say the vulnerability has probably already been exploited
Patches19 Sep 2025 | 7
One token to pwn them all: Entra ID bug could have granted access to every tenant
Until Microsoft lobbed it into a virtual volcano
Security19 Sep 2025 | 17
UEFI Secure Boot for Linux Arm64 – where do we stand?
Still exotic for now, but moves are afoot
OSes17 Sep 2025 | 31
JLR stuck in neutral as losses skyrocket amid cyberattack cleanup
Latest extension to factory closures takes incident response into fourth week
Cyber-crime16 Sep 2025 | 59
Former FinWise employee may have accessed nearly 700K customer records
Bank says incident went undetected for over a year before discovery in June
Cyber-crime15 Sep 2025 | 4
Nork snoops whip up fake South Korean military ID with help from ChatGPT
Kimsuky gang proves that with the right wording, you can turn generative AI into a counterfeit factory
AI + ML15 Sep 2025 | 9
Jaguar Land Rover supply chain workers must get Covid-style support, says union
As post-cyberattack layoffs begin, labor org argues UK goverment should step in
Cybersecurity Month15 Sep 2025 | 56
No gains, just pains as 1.6M fitness phone call recordings exposed online
Exclusive HelloGym's data security clearly skipped leg day
Cyber-crime09 Sep 2025 | 7
PACER buckles under MFA rollout as courts warn of support delays
Busy lawyers on hold for five hours as staff handhold users into deploying the security measure
Cyber-crime08 Sep 2025 | 16
UK government dragged for incomplete security reforms after Afghan leak fallout
Senior officials summoned to science and tech committee to explain further
CSO29 Aug 2025 | 25
Law firm email blunder exposes Church of England abuse victim details
Apology issued after names tied to redress scheme revealed in mass mailing
CSO28 Aug 2025 | 25
US spy chief claims UK backed down over Apple backdoor demand
Tulsi Gabbard boasts Washington forced Blighty to drop iPhone encryption fight
CSO19 Aug 2025 | 74
Workday warns of CRM breach after social engineers make off with business contact details
HR SaaS giant insists core systems untouched
CSO18 Aug 2025 | 7
Red teams are safe from robots for now, as AI makes better shield than spear
Black Hat/DEF CON The bad news? The machines, and their operators, are coming on fast
CSO11 Aug 2025 | 4
Deepfake detectors are slowly coming of age, at a time of dire need
DEF CON By video, picture, and voice – the fakers are coming for your money
AI + ML11 Aug 2025 | 6
Ex-White House cyber, counter-terrorism guru: Microsoft considers security an annoyance, not a necessity
Comment Tells The Reg China's ability to p0wn Redmond's wares 'gives me a political aneurysm'
CSO08 Aug 2025 | 40
CISA releases malware analysis for Sharepoint Server attack
Indications of compromise and Sigma rules report for your security scanners amid ongoing 'ToolShell' blitz
CSO07 Aug 2025 |
China says US spies exploited Microsoft Exchange zero-day to steal military info
Spy vs. spy
CSO01 Aug 2025 | 11
Security pros are drowning in threat-intel data and it's making everything more dangerous
Plus, 60% don't have enough analysts to make sense of it
CSO28 Jul 2025 | 17
Phishing platforms, infostealers blamed as identity attacks soar
Get your creds in order or risk BEC, ransomware attacks, orgs warned
CSO07 Jul 2025 |
Supply chain attacks surge with orgs 'flying blind' about dependencies
Who is the third party that does the thing in our thing? Yep. Attacks explode over past year
CSO25 Jun 2025 | 4
Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack
Interview Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI
CSO18 Jun 2025 | 10
23andMe hit with £2.3M fine after exposing genetic data of millions
Penalty follows year-long probe into flaws that allowed attack to affect so many
CSO17 Jun 2025 | 16
Wanted: Junior cybersecurity staff with 10 years' experience and a PhD
Infosec employers demanding too much from early-career recruits, says ISC2
CSO13 Jun 2025 | 75
Slapped wrists for Financial Conduct Authority staff who emailed work data home
It was one of the offenders' final warning
CSO13 Jun 2025 | 20
Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
SentinelOne discovered the campaign when they tried to hit the security vendor's own servers
Research09 Jun 2025 | 17
Your ransomware nightmare just came true – now what?
Feature Don't negotiate unless you must, and if so, drag it out as long as you can
CSO06 Jun 2025 | 40
8,000+ Asus routers popped in 'advanced' mystery botnet plot
No formal attribution made but two separate probes hint at the same suspect
Research29 May 2025 | 10
Ivanti makes dedicated fans of Chinese spies who just can't resist attacking its buggy kit
If it ain't broke?
Datacenter Networking Nexus23 May 2025 | 1
'Ongoing' Ivanti hijack bug exploitation reaches clouds
Nothing like insecure code in security suites
CSO21 May 2025 | 4
Ex-NSA bad-guy hunter listened to Scattered Spider's fake help-desk calls: 'Those guys are good'
INTERVIEW Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks
CSO18 May 2025 | 66
Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig
Phony LinkedIn recruitment ads? Groundbreaking
Public Sector16 May 2025 | 27
Socket buys Coana to tell you which security alerts you can ignore
Sometimes, less information is more
Security15 May 2025 |
Snowflake CISO on the power of 'shared destiny' and 'yes and'
interview Lessons learned from last year's security snafu
CSO15 May 2025 | 3
Ivanti patches two zero-days under active attack as intel agency warns customers
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product
Patches14 May 2025 | 1
Go ahead and ignore Patch Tuesday – it might improve your security
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
Patches14 May 2025 | 34
Everyone's deploying AI, but no one's securing it – what could go wrong?
CYBERUK Crickets as senior security folk asked about risks at NCSC conference
CSO14 May 2025 | 22
Ransomware scum have put a target on the no man's land between IT and operations
Defenses are weaker, and victims are more likely to pay, SANS warns
CSO14 May 2025 | 17
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti
Patches14 May 2025 | 3
Britain's cyber agents and industry clash over how to tackle shoddy software
CYBERUK Providers argue that if end users prioritized security, they'd get it
CSO12 May 2025 | 76
Unending ransomware attacks are a symptom, not the sickness
Opinion We need to make taking IT systems 'off the books' a problem for corporate types
Cyber-crime12 May 2025 | 63
PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied
Now individual school districts extorted by fiends
CSO08 May 2025 | 33
After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI
CEO: Neural net tech 'flattens our hiring curve, helps us innovate'
CSO07 May 2025 | 14
Super spyware maker NSO must pay Meta $168M in WhatsApp court battle
Don't f&#k with Zuck
CSO06 May 2025 | 17
Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower
What was the plan, showing her his big iron?
AI Infrastructure Month06 May 2025 | 79
RSA Conf wrap: AI and China on everything, everywhere, all at once
RSAC With North Korean IT workers storming the gates, too
Spotlight on RSAC04 May 2025 | 5
Generative AI makes fraud fluent – from phishing lures to fake lovers
RSAC Real-time video deepfakes? Not convincing yet
Spotlight on RSAC02 May 2025 | 5
How Amazon red-teamed Alexa+ to keep your kids from ordering 50 pizzas
RSAC Will the personal assistant shop for groceries? Or get hijacked by a teen?
Spotlight on RSAC01 May 2025 | 35
Ex-NSA cyber-boss: AI will soon be a great exploit coder
RSAC For now it's a potential bug-finder and friend to defenders
Spotlight on RSAC30 Apr 2025 | 13
Ghost in the shell script: Boffins reckon they can catch bugs before programs run
Go ahead, please do Bash static analysis
CSO30 Apr 2025 | 39
Watch out for any Linux malware sneakily evading syscall-watching antivirus
Google dumped io_uring after $1M in bug bounties
CSO29 Apr 2025 | 17
China is using AI to sharpen every link in its attack chain, FBI warns
RSAC Artificial intelligence is helping Beijing's goons break in faster and stay longer
Spotlight on RSAC29 Apr 2025 | 11
Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus
Florida man altered allergen info, DoSed former colleagues
Cyber-crime29 Apr 2025 | 15
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
Updated Sometimes, silence is the best option
CSO28 Apr 2025 | 10
How to survive as a CISO aka 'chief scapegoat officer'
RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel
Spotlight on RSAC28 Apr 2025 | 9
Admission impossible: NSA, CISA brass absent from RSA Conf
RSAC Homeland Security boss Noem added as last-minute keynote, mind you
Spotlight on RSAC28 Apr 2025 | 11
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed
Opinion Infosec is a team sport … unless you're in the White House
Public Sector25 Apr 2025 | 98
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member
What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future
CSO25 Apr 2025 | 17
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues
Patches25 Apr 2025 | 2
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
Because coding phishing sites from scratch is a real pain in the neck
Cyber-crime25 Apr 2025 | 5
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year
Cybercriminals are targeting software shops, accountants, lawyers
CSO24 Apr 2025 | 2
Blue Shield says it shared health info on up to 4.7M patients with Google Ads
Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway
CSO23 Apr 2025 | 25
We’re calling it now: Agentic AI will win RSAC buzzword Bingo
RSAC All aboard the hype train
Spotlight on RSAC23 Apr 2025 | 8
Biting the hand that feeds IT
