Socket buys Coana to tell you which security alerts you can ignore Sometimes, less information is more Security15 May 2025 |
Snowflake CISO on the power of 'shared destiny' and 'yes and' interview Lessons learned from last year's security snafu CSO15 May 2025 | 2
Why CVSS is failing us and what we can do about it Partner content How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content
Ivanti patches two zero-days under active attack as intel agency warns customers Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Patches14 May 2025 | 1
Go ahead and ignore Patch Tuesday – it might improve your security No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale' Patches14 May 2025 | 26
Everyone's deploying AI, but no one's securing it – what could go wrong? CYBERUK Crickets as senior security folk asked about risks at NCSC conference CSO14 May 2025 | 14
Ransomware scum have put a target on the no man's land between IT and operations Defenses are weaker, and victims are more likely to pay, SANS warns CSO14 May 2025 | 16
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patches14 May 2025 | 2
Why aggregating your asset inventory leads to better security Today’s complex IT environments demand a new approach Partner content
Britain's cyber agents and industry clash over how to tackle shoddy software CYBERUK Providers argue that if end users prioritized security, they'd get it CSO12 May 2025 | 74
Unending ransomware attacks are a symptom, not the sickness Opinion We need to make taking IT systems 'off the books' a problem for corporate types Cyber-crime12 May 2025 | 63
PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied Now individual school districts extorted by fiends CSO08 May 2025 | 33
After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI CEO: Neural net tech 'flattens our hiring curve, helps us innovate' CSO07 May 2025 | 14
Super spyware maker NSO must pay Meta $168M in WhatsApp court battle Don't f&#k with Zuck CSO06 May 2025 | 17
Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower What was the plan, showing her his big iron? AI Infrastructure Month06 May 2025 | 79
RSA Conf wrap: AI and China on everything, everywhere, all at once RSAC With North Korean IT workers storming the gates, too Spotlight on RSAC04 May 2025 | 5
Generative AI makes fraud fluent – from phishing lures to fake lovers RSAC Real-time video deepfakes? Not convincing yet Spotlight on RSAC02 May 2025 | 5
How Amazon red-teamed Alexa+ to keep your kids from ordering 50 pizzas RSAC Will the personal assistant shop for groceries? Or get hijacked by a teen? Spotlight on RSAC01 May 2025 | 35
Ex-NSA cyber-boss: AI will soon be a great exploit coder RSAC For now it's a potential bug-finder and friend to defenders Spotlight on RSAC30 Apr 2025 | 13
Ghost in the shell script: Boffins reckon they can catch bugs before programs run Go ahead, please do Bash static analysis CSO30 Apr 2025 | 39
VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals Admits due diligence fell short - furious users cry ‘gaslighting’
Ransomware scum have put a target on the no man's land between IT and operations Defenses are weaker, and victims are more likely to pay, SANS warns
Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb 'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation'
Intel's data-leaking Spectre defenses scared off yet again ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit
Europe plots escape hatch from the enshittification of search Plus: How to make Google less unhelpful
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti
Everyone's deploying AI, but no one's securing it – what could go wrong? CYBERUK Crickets as senior security folk asked about risks at NCSC conference
Go ahead and ignore Patch Tuesday – it might improve your security No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
US tech titans rejoice in $600B Saudi shopping spree Prince Mohammed bin Bone Saw will take a few hundred thousand GPUs with his missiles and fighter jets
Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated
Cloud doesn’t mean secure: How Intruder finds what others miss A cloud security platform that manages the attack surface and security vulnerabilities in AWS Sponsored post
Watch out for any Linux malware sneakily evading syscall-watching antivirus Google dumped io_uring after $1M in bug bounties CSO29 Apr 2025 | 17
China is using AI to sharpen every link in its attack chain, FBI warns RSAC Artificial intelligence is helping Beijing's goons break in faster and stay longer Spotlight on RSAC29 Apr 2025 | 11
Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus Florida man altered allergen info, DoSed former colleagues Cyber-crime29 Apr 2025 | 15
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn Updated Sometimes, silence is the best option CSO28 Apr 2025 | 10
How to survive as a CISO aka 'chief scapegoat officer' RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel Spotlight on RSAC28 Apr 2025 | 9
Admission impossible: NSA, CISA brass absent from RSA Conf RSAC Homeland Security boss Noem added as last-minute keynote, mind you Spotlight on RSAC28 Apr 2025 | 11
The future of AI in cybersecurity in a word: Optimistic Think of artificial intelligence as your embedded ally Sponsored post
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed Opinion Infosec is a team sport … unless you're in the White House Public Sector25 Apr 2025 | 98
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future CSO25 Apr 2025 | 17
Emergency patch for potential SAP zero-day that could grant full system control German software giant paywalls details, but experts piece together the clues Patches25 Apr 2025 | 2
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry Because coding phishing sites from scratch is a real pain in the neck Cyber-crime25 Apr 2025 | 5
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year Cybercriminals are targeting software shops, accountants, lawyers CSO24 Apr 2025 | 2
Blue Shield says it shared health info on up to 4.7M patients with Google Ads Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway CSO23 Apr 2025 | 25
We’re calling it now: Agentic AI will win RSAC buzzword Bingo RSAC All aboard the hype train Spotlight on RSAC23 Apr 2025 | 8
Who needs phishing when your login's already in the wild? Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get CSO23 Apr 2025 | 11
America's cyber defenses are being dismantled from the inside Opinion The CVE system nearly dying shows that someone has lost the plot CSO23 Apr 2025 | 92
Two CISA officials jump ship, both proud of pushing for Secure by Design software As cyber-agency faces cuts, makes noises about switching up program Public Sector22 Apr 2025 | 11
A pot of $250K is now available to ransomware researchers, but it feeds a commercial product Security bods can earn up to $10K per report Research22 Apr 2025 | 3
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps 10 other certificates 'were mis-issued and have now been revoked' CSO22 Apr 2025 | 13
Today's LLMs craft exploits from patches at lightning speed Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days It's now hitting govt, enterprise targets CSO21 Apr 2025 | 31
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter Some in the infosec world definitely want to see Big Red crucified CSO18 Apr 2025 | 6
CVE fallout: The splintering of the standard vulnerability tracking system has begun Comment MITRE, EUVD, GCVE … WTF? Spotlight on RSAC18 Apr 2025 | 89
Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances Illegitimi non carborundum? Nice password, Mr Ex-CISA Spotlight on RSAC17 Apr 2025 | 69
Whistleblower describes DOGE IT dept rampage at America's labor watchdog Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim CSO17 Apr 2025 | 53
Signalgate chats vanish from CIA chief phone Extraordinary rendition of data, or just dropped it out of a helicopter? CSO16 Apr 2025 | 22
Identifying the cyber risks that matter From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content
CVE program gets last-minute funding from CISA – and maybe a new home Uncertainty is the new certainty CSO16 Apr 2025 | 32
Guess what happens when ransomware fiends find 'insurance' 'policy' in your files It involves a number close to three or six depending on the pickle you're in Spotlight on RSAC16 Apr 2025 | 20
Uncle Sam kills funding for CVE program. Yes, that CVE program Updated Because vulnerability management has nothing to do with national security, right? CSO16 Apr 2025 | 179
All right, you can have one: DOGE access to Treasury IT OK'd judge Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez Public Sector15 Apr 2025 | 18
New SSL/TLS certs to each live no longer than 47 days by 2029 IT admins, get ready to grumble CSO14 Apr 2025 | 126
Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks Feature Military units, government nerds appear to join the fray, with physical infra in sights CSO13 Apr 2025 | 7
LLMs can't stop making up software dependencies and sabotaging everything Hallucinated package names fuel 'slopsquatting' AI Software Development Week12 Apr 2025 | 98
Infosec experts fear China could retaliate against tariffs with a Typhoon attack World War Fee Scammers are already cashing in with fake invoices for import costs CSO10 Apr 2025 | 31
Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs Updated Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories Public Sector10 Apr 2025 | 113
Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz Cloud Next How Chocolate Factory hopes to double down on enterprise-sec CSO09 Apr 2025 | 7
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low Patches08 Apr 2025 | 14
As CISA braces for more cuts, threat intel sharing takes a hit Analysis How will 'gutting' civilian defense agency make American cybersecurity great again? Public Sector08 Apr 2025 | 11
Oracle says its cloud was in fact compromised Reliability, honesty, accuracy. And then there's this lot PaaS + IaaS08 Apr 2025 | 37
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token But this mystery isn't over yet, Unit 42 opines Devops07 Apr 2025 | 7
UK's attempt to keep details of Apple 'backdoor' case secret… denied Last month's secret hearing comes to light CSO07 Apr 2025 | 123
Signalgate: Pentagon watchdog probes Defense Sec Hegseth Classification compliance? Records retention requirements? How quaint Public Sector04 Apr 2025 | 108
For flux sake: CISA, annexable allies warn of hot DNS threat Shape shifting technique described as menace to national security CSO03 Apr 2025 | 5
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years Simple denial-of-service blunder turned out to be remote unauth code exec disaster Cyber-crime03 Apr 2025 | 3
Why is someone mass-scanning Juniper and Palo Alto Networks products? Updated Espionage? Botnets? Trying to exploit a zero-day? Networks03 Apr 2025 | 11
Heterogeneous stacks, ransomware, and ITaaS: A DR nightmare Comment Recovery's never been harder in today's tangled, outsourced infrastructure Disaster Recovery Week03 Apr 2025 | 6
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling Double-oh-sh... CSO02 Apr 2025 | 10
Crimelords at Hunters International tell lackeys ransomware too 'risky' Bosses say theft now the name of the game with a shift in tactics, apparent branding Cyber-crime02 Apr 2025 | 6
For healthcare orgs, DR means making sure docs can save lives during ransomware infections Organizational, technological resilience combined defeat the disease that is cybercrime Disaster Recovery Week02 Apr 2025 | 6
Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed 1990s incident response in 2025 PaaS + IaaS31 Mar 2025 | 8
China’s FamousSparrow flies back into action, breaches US org after years off the radar Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET Networks27 Mar 2025 | 2
Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat Updated So F-18 launch times, weapons, drone support aren't classified now ... who knew? CSO26 Mar 2025 | 265
US defense contractor cops to sloppy security, settles after infosec lead blows whistle MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade CSO26 Mar 2025 | 11
There are 10,000 reasons to doubt Oracle Cloud's security breach denial Customers come forward claiming info was swiped from prod Cyber-crime25 Mar 2025 | 43
FCC on the prowl for Huawei and other blocked Chinese makers in America Be vewy vewy quiet, I'm hunting rackets Networks24 Mar 2025 | 8
As nation-state hacking becomes 'more in your face,' are supply chains secure? Interview Ex-US Air Force officer says companies shouldn't wait for govt mandates CSO24 Mar 2025 | 10
Oracle Cloud says it's not true someone broke into its login servers and stole data Despite evidence to the contrary as alleged pilfered info goes on sale Cyber-crime23 Mar 2025 | 29
Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US Interview Plus AI in the infosec world, why CISA should know its place, and more CSO23 Mar 2025 | 43
Show top LLMs some code and they'll merrily add in the bugs they saw in training One more time, with feeling ... Garbage in, garbage out AI + ML19 Mar 2025 | 33
CISA fires, now rehires and immediately benches security crew on full pay DOGE efficiency in action Public Sector18 Mar 2025 | 51
UK wants dirt on data brokers before criminals get there first Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs CSO18 Mar 2025 | 12
Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up Don't laugh. This kind of warning shows crims are getting desperate Cyber-crime18 Mar 2025 | 13
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild' Updated One PUT request, one poisoned session file, and the server’s yours CSO18 Mar 2025 | 8
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit CSO17 Mar 2025 | 129
Dems ask federal agencies for reassurance DOGE isn't feeding data into AI willy-nilly Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail AI + ML13 Mar 2025 | 33
Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand Feds warn gang still rampant and now cracked 300+ victims around the world Cyber-crime13 Mar 2025 | 4
UK must pay cyber pros more than its Prime Minister, top civil servant says Leaders call for fewer contractors and more top talent installed across government CSO12 Mar 2025 | 72
CISA pen-tester says 100-strong red team binned after DOGE canceled contract Updated Election infosec advisory center also shuttered Public Sector12 Mar 2025 | 166
Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands CSO10 Mar 2025 | 10
How NOT to f-up your security incident response Feature Experts say that the way you handle things after the criminals break in can make things better or much, much worse Spotlight on RSAC10 Mar 2025 | 15
The NHS security culture problem is a crisis years in the making Analysis Insiders say board members must be held accountable and drive positive change from the top down CSO10 Mar 2025 | 29
Strap in, get ready for more Rust drivers in Linux kernel Likening memory safety bugs to smallpox may not soothe sensitive C coders OSes10 Mar 2025 | 70
Developer sabotaged ex-employer with kill switch activated when he was let go IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes Bootnotes08 Mar 2025 | 79
Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox Cyber-crime06 Mar 2025 | 4
Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security Video Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told Public Sector05 Mar 2025 | 57
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets Updated They're good at zero-day exploits, too Public Sector05 Mar 2025 | 17
VMware splats guest-to-hypervisor escape bugs already exploited in wild The heap overflow zero-day in the memory unsafe code by Miss Creant Virtualization04 Mar 2025 | 8
It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake Says the biz trying to sell us stuff to catch that, admittedly AI + ML04 Mar 2025 | 18