Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack Interview Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI CSO18 Jun 2025 | 8
23andMe hit with £2.3M fine after exposing genetic data of millions Penalty follows year-long probe into flaws that allowed attack to affect so many CSO17 Jun 2025 | 16
Wanted: Junior cybersecurity staff with 10 years' experience and a PhD Infosec employers demanding too much from early-career recruits, says ISC2 CSO13 Jun 2025 | 72
Slapped wrists for Financial Conduct Authority staff who emailed work data home It was one of the offenders' final warning CSO13 Jun 2025 | 20
Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs SentinelOne discovered the campaign when they tried to hit the security vendor's own servers Research09 Jun 2025 | 17
Your ransomware nightmare just came true – now what? Feature Don't negotiate unless you must, and if so, drag it out as long as you can CSO06 Jun 2025 | 40
8,000+ Asus routers popped in 'advanced' mystery botnet plot No formal attribution made but two separate probes hint at the same suspect Research29 May 2025 | 10
Ivanti makes dedicated fans of Chinese spies who just can't resist attacking its buggy kit If it ain't broke? Datacenter Networking Nexus23 May 2025 | 1
'Ongoing' Ivanti hijack bug exploitation reaches clouds Nothing like insecure code in security suites CSO21 May 2025 | 4
Ex-NSA bad-guy hunter listened to Scattered Spider's fake help-desk calls: 'Those guys are good' INTERVIEW Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks CSO18 May 2025 | 66
Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig Phony LinkedIn recruitment ads? Groundbreaking Public Sector16 May 2025 | 27
From hype to harm: 78% of CISOs see AI attacks already AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason Sponsored feature
Socket buys Coana to tell you which security alerts you can ignore Sometimes, less information is more Security15 May 2025 |
Snowflake CISO on the power of 'shared destiny' and 'yes and' interview Lessons learned from last year's security snafu CSO15 May 2025 | 3
Why CVSS is failing us and what we can do about it How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content
Ivanti patches two zero-days under active attack as intel agency warns customers Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Patches14 May 2025 | 1
Go ahead and ignore Patch Tuesday – it might improve your security No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale' Patches14 May 2025 | 34
Everyone's deploying AI, but no one's securing it – what could go wrong? CYBERUK Crickets as senior security folk asked about risks at NCSC conference CSO14 May 2025 | 22
Ransomware scum have put a target on the no man's land between IT and operations Defenses are weaker, and victims are more likely to pay, SANS warns CSO14 May 2025 | 17
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patches14 May 2025 | 3
Microsoft broke DHCP for Windows Server last Patch Tuesday Some servers can't renew IP addresses, and there's no fix yet
Logitech's latest keyboard and mouse combo is wired, quiet, and suspiciously sensible For that laptop feel without the laptop
Eat or be eaten by AI, Amazon CEO warns staff Expect headcount reductions over the next few years, says Andy Jassy
AWS locks down cloud security, hits 100% MFA enforcement for root users Plus adds a ton more security capabilities for cloud customers at re:Inforce
Brain activity much lower when using AI chatbots, MIT boffins find EEG and recall tests suggest people who use ChatGPT to write essays aren't learning much
European consumers are mostly saying 'non' to trading in their old phones Are they using it to death then locking it in a drawer? Schemes needed as shipments of refurbed kit dips
Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack Interview Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI
Trump administration set to waive TikTok sell-or-die deadline for a third time Quick reminder: The law that banned the app is called ‘Protecting Americans from Foreign Adversary Controlled Applications Act’
Japan set to join the re-usable rocket club after Honda sticks a landing France announced its own effort to build re-usable engines on the same day
Why aggregating your asset inventory leads to better security Today’s complex IT environments demand a new approach Partner content
Britain's cyber agents and industry clash over how to tackle shoddy software CYBERUK Providers argue that if end users prioritized security, they'd get it CSO12 May 2025 | 76
Unending ransomware attacks are a symptom, not the sickness Opinion We need to make taking IT systems 'off the books' a problem for corporate types Cyber-crime12 May 2025 | 63
PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied Now individual school districts extorted by fiends CSO08 May 2025 | 33
After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI CEO: Neural net tech 'flattens our hiring curve, helps us innovate' CSO07 May 2025 | 14
Super spyware maker NSO must pay Meta $168M in WhatsApp court battle Don't f&#k with Zuck CSO06 May 2025 | 17
Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower What was the plan, showing her his big iron? AI Infrastructure Month06 May 2025 | 79
RSA Conf wrap: AI and China on everything, everywhere, all at once RSAC With North Korean IT workers storming the gates, too Spotlight on RSAC04 May 2025 | 5
Generative AI makes fraud fluent – from phishing lures to fake lovers RSAC Real-time video deepfakes? Not convincing yet Spotlight on RSAC02 May 2025 | 5
How Amazon red-teamed Alexa+ to keep your kids from ordering 50 pizzas RSAC Will the personal assistant shop for groceries? Or get hijacked by a teen? Spotlight on RSAC01 May 2025 | 35
Ex-NSA cyber-boss: AI will soon be a great exploit coder RSAC For now it's a potential bug-finder and friend to defenders Spotlight on RSAC30 Apr 2025 | 13
Ghost in the shell script: Boffins reckon they can catch bugs before programs run Go ahead, please do Bash static analysis CSO30 Apr 2025 | 39
Cloud doesn’t mean secure: How Intruder finds what others miss A cloud security platform that manages the attack surface and security vulnerabilities in AWS Sponsored post
Watch out for any Linux malware sneakily evading syscall-watching antivirus Google dumped io_uring after $1M in bug bounties CSO29 Apr 2025 | 17
China is using AI to sharpen every link in its attack chain, FBI warns RSAC Artificial intelligence is helping Beijing's goons break in faster and stay longer Spotlight on RSAC29 Apr 2025 | 11
Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus Florida man altered allergen info, DoSed former colleagues Cyber-crime29 Apr 2025 | 15
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn Updated Sometimes, silence is the best option CSO28 Apr 2025 | 10
How to survive as a CISO aka 'chief scapegoat officer' RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel Spotlight on RSAC28 Apr 2025 | 9
Admission impossible: NSA, CISA brass absent from RSA Conf RSAC Homeland Security boss Noem added as last-minute keynote, mind you Spotlight on RSAC28 Apr 2025 | 11
The future of AI in cybersecurity in a word: Optimistic Think of artificial intelligence as your embedded ally Sponsored post
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed Opinion Infosec is a team sport … unless you're in the White House Public Sector25 Apr 2025 | 98
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future CSO25 Apr 2025 | 17
Emergency patch for potential SAP zero-day that could grant full system control German software giant paywalls details, but experts piece together the clues Patches25 Apr 2025 | 2
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry Because coding phishing sites from scratch is a real pain in the neck Cyber-crime25 Apr 2025 | 5
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year Cybercriminals are targeting software shops, accountants, lawyers CSO24 Apr 2025 | 2
Blue Shield says it shared health info on up to 4.7M patients with Google Ads Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway CSO23 Apr 2025 | 25
We’re calling it now: Agentic AI will win RSAC buzzword Bingo RSAC All aboard the hype train Spotlight on RSAC23 Apr 2025 | 8
Who needs phishing when your login's already in the wild? Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get CSO23 Apr 2025 | 11
America's cyber defenses are being dismantled from the inside Opinion The CVE system nearly dying shows that someone has lost the plot CSO23 Apr 2025 | 93
Two CISA officials jump ship, both proud of pushing for Secure by Design software As cyber-agency faces cuts, makes noises about switching up program Public Sector22 Apr 2025 | 11
A pot of $250K is now available to ransomware researchers, but it feeds a commercial product Security bods can earn up to $10K per report Research22 Apr 2025 | 3
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps 10 other certificates 'were mis-issued and have now been revoked' CSO22 Apr 2025 | 13
Today's LLMs craft exploits from patches at lightning speed Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days It's now hitting govt, enterprise targets CSO21 Apr 2025 | 31
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter Some in the infosec world definitely want to see Big Red crucified CSO18 Apr 2025 | 6
CVE fallout: The splintering of the standard vulnerability tracking system has begun Comment MITRE, EUVD, GCVE … WTF? Spotlight on RSAC18 Apr 2025 | 89
Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances Illegitimi non carborundum? Nice password, Mr Ex-CISA Spotlight on RSAC17 Apr 2025 | 69
Whistleblower describes DOGE IT dept rampage at America's labor watchdog Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim CSO17 Apr 2025 | 53
Signalgate chats vanish from CIA chief phone Extraordinary rendition of data, or just dropped it out of a helicopter? CSO16 Apr 2025 | 22
Identifying the cyber risks that matter From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content
CVE program gets last-minute funding from CISA – and maybe a new home Uncertainty is the new certainty CSO16 Apr 2025 | 32
Guess what happens when ransomware fiends find 'insurance' 'policy' in your files It involves a number close to three or six depending on the pickle you're in Spotlight on RSAC16 Apr 2025 | 20
Uncle Sam kills funding for CVE program. Yes, that CVE program Updated Because vulnerability management has nothing to do with national security, right? CSO16 Apr 2025 | 179
All right, you can have one: DOGE access to Treasury IT OK'd judge Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez Public Sector15 Apr 2025 | 18
New SSL/TLS certs to each live no longer than 47 days by 2029 IT admins, get ready to grumble CSO14 Apr 2025 | 126
Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks Feature Military units, government nerds appear to join the fray, with physical infra in sights CSO13 Apr 2025 | 7
LLMs can't stop making up software dependencies and sabotaging everything Hallucinated package names fuel 'slopsquatting' AI Software Development Week12 Apr 2025 | 98
Infosec experts fear China could retaliate against tariffs with a Typhoon attack World War Fee Scammers are already cashing in with fake invoices for import costs CSO10 Apr 2025 | 31
Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs Updated Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories Public Sector10 Apr 2025 | 113
Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz Cloud Next How Chocolate Factory hopes to double down on enterprise-sec CSO09 Apr 2025 | 7
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low Patches08 Apr 2025 | 14
As CISA braces for more cuts, threat intel sharing takes a hit Analysis How will 'gutting' civilian defense agency make American cybersecurity great again? Public Sector08 Apr 2025 | 11
Oracle says its cloud was in fact compromised Reliability, honesty, accuracy. And then there's this lot PaaS + IaaS08 Apr 2025 | 37
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token But this mystery isn't over yet, Unit 42 opines Devops07 Apr 2025 | 7
UK's attempt to keep details of Apple 'backdoor' case secret… denied Last month's secret hearing comes to light CSO07 Apr 2025 | 124
Signalgate: Pentagon watchdog probes Defense Sec Hegseth Classification compliance? Records retention requirements? How quaint Public Sector04 Apr 2025 | 108
For flux sake: CISA, annexable allies warn of hot DNS threat Shape shifting technique described as menace to national security CSO03 Apr 2025 | 5
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years Simple denial-of-service blunder turned out to be remote unauth code exec disaster Cyber-crime03 Apr 2025 | 3
Why is someone mass-scanning Juniper and Palo Alto Networks products? Updated Espionage? Botnets? Trying to exploit a zero-day? Networks03 Apr 2025 | 11
Heterogeneous stacks, ransomware, and ITaaS: A DR nightmare Comment Recovery's never been harder in today's tangled, outsourced infrastructure Disaster Recovery Week03 Apr 2025 | 6
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling Double-oh-sh... CSO02 Apr 2025 | 10
Crimelords at Hunters International tell lackeys ransomware too 'risky' Bosses say theft now the name of the game with a shift in tactics, apparent branding Cyber-crime02 Apr 2025 | 6
For healthcare orgs, DR means making sure docs can save lives during ransomware infections Organizational, technological resilience combined defeat the disease that is cybercrime Disaster Recovery Week02 Apr 2025 | 6
Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed 1990s incident response in 2025 PaaS + IaaS31 Mar 2025 | 8
China’s FamousSparrow flies back into action, breaches US org after years off the radar Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET Networks27 Mar 2025 | 2
Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat Updated So F-18 launch times, weapons, drone support aren't classified now ... who knew? CSO26 Mar 2025 | 265
US defense contractor cops to sloppy security, settles after infosec lead blows whistle MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade CSO26 Mar 2025 | 11
There are 10,000 reasons to doubt Oracle Cloud's security breach denial Customers come forward claiming info was swiped from prod Cyber-crime25 Mar 2025 | 43
FCC on the prowl for Huawei and other blocked Chinese makers in America Be vewy vewy quiet, I'm hunting rackets Networks24 Mar 2025 | 8
As nation-state hacking becomes 'more in your face,' are supply chains secure? Interview Ex-US Air Force officer says companies shouldn't wait for govt mandates CSO24 Mar 2025 | 10
Oracle Cloud says it's not true someone broke into its login servers and stole data Despite evidence to the contrary as alleged pilfered info goes on sale Cyber-crime23 Mar 2025 | 29
Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US Interview Plus AI in the infosec world, why CISA should know its place, and more CSO23 Mar 2025 | 43
Show top LLMs some code and they'll merrily add in the bugs they saw in training One more time, with feeling ... Garbage in, garbage out AI + ML19 Mar 2025 | 33
CISA fires, now rehires and immediately benches security crew on full pay DOGE efficiency in action Public Sector18 Mar 2025 | 51
UK wants dirt on data brokers before criminals get there first Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs CSO18 Mar 2025 | 12
Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up Don't laugh. This kind of warning shows crims are getting desperate Cyber-crime18 Mar 2025 | 13
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild' Updated One PUT request, one poisoned session file, and the server’s yours CSO18 Mar 2025 | 8
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit CSO17 Mar 2025 | 129
Dems ask federal agencies for reassurance DOGE isn't feeding data into AI willy-nilly Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail AI + ML13 Mar 2025 | 33
Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand Feds warn gang still rampant and now cracked 300+ victims around the world Cyber-crime13 Mar 2025 | 4