Phishing platforms, infostealers blamed as identity attacks soar
Get your creds in order or risk BEC, ransomware attacks, orgs warned
CSO07 Jul 2025 |
CSO
Supply chain attacks surge with orgs 'flying blind' about dependencies
Who is the third party that does the thing in our thing? Yep. Attacks explode over past year
CSO25 Jun 2025 | 4
Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack
Interview Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI
CSO18 Jun 2025 | 10
23andMe hit with £2.3M fine after exposing genetic data of millions
Penalty follows year-long probe into flaws that allowed attack to affect so many
CSO17 Jun 2025 | 16
Wanted: Junior cybersecurity staff with 10 years' experience and a PhD
Infosec employers demanding too much from early-career recruits, says ISC2
CSO13 Jun 2025 | 75
Slapped wrists for Financial Conduct Authority staff who emailed work data home
It was one of the offenders' final warning
CSO13 Jun 2025 | 20
Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
SentinelOne discovered the campaign when they tried to hit the security vendor's own servers
Research09 Jun 2025 | 17
Your ransomware nightmare just came true – now what?
Feature Don't negotiate unless you must, and if so, drag it out as long as you can
CSO06 Jun 2025 | 40
8,000+ Asus routers popped in 'advanced' mystery botnet plot
No formal attribution made but two separate probes hint at the same suspect
Research29 May 2025 | 10
Ivanti makes dedicated fans of Chinese spies who just can't resist attacking its buggy kit
If it ain't broke?
Datacenter Networking Nexus23 May 2025 | 1
'Ongoing' Ivanti hijack bug exploitation reaches clouds
Nothing like insecure code in security suites
CSO21 May 2025 | 4
Ex-NSA bad-guy hunter listened to Scattered Spider's fake help-desk calls: 'Those guys are good'
INTERVIEW Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks
CSO18 May 2025 | 66
Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig
Phony LinkedIn recruitment ads? Groundbreaking
Public Sector16 May 2025 | 27
From hype to harm: 78% of CISOs see AI attacks already
AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason
Sponsored feature
Socket buys Coana to tell you which security alerts you can ignore
Sometimes, less information is more
Security15 May 2025 |
Snowflake CISO on the power of 'shared destiny' and 'yes and'
interview Lessons learned from last year's security snafu
CSO15 May 2025 | 3
Why CVSS is failing us and what we can do about it
How Adversarial Exposure Validation is changing the way we approach vulnerability management
Partner content
Ivanti patches two zero-days under active attack as intel agency warns customers
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product
Patches14 May 2025 | 1
Go ahead and ignore Patch Tuesday – it might improve your security
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
Patches14 May 2025 | 34
Everyone's deploying AI, but no one's securing it – what could go wrong?
CYBERUK Crickets as senior security folk asked about risks at NCSC conference
CSO14 May 2025 | 22
Popular
Massive spike in use of .es domains for phishing abuse
¡Cuidado! Time to double-check before entering your Microsoft creds
Ingram Micro confirms ransomware behind multi-day outage
SafePay crew claims responsibility for intrusion at one of world's largest tech distributors
iFixit gives new Fairphone 6 top marks for repairability: 10/10
It's not cheap or high end, but it should last you for years to come
UK puts out tender for space robot to de-orbit satellites
Updated Got to be a 'clean space superpower' – right, Brits?
Atlassian migrated 4 million Postgres databases to shrink AWS bill
Asia In Brief PLUS: Lexmark’s Chinese owners sell to Xerox; India, Australia, target underwater drones; JPMorgan drops custom TLDs; and more!
Stalkerware firm gets scooped by SQL-slinging security snoop
Infosec In Brief Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more
Yes, I wrote a very expensive bug. In my defense I was only seven years old at the time
Who, Me? Years later, deep into a great tech career, your fellow reader remains inspired by the forgiveness received after the error
VMware’s rivals ramp up their efforts to create alternative stacks
Red Hat and Open Nebula deliver big updates, as Edera tools for Xen with Rust
Airbus okays use of ‘Taxibot’ to tow planes to the runway
Airlines get the chance to cool their jets rather than burn fuel on the ground
AI scores a huge own goal if you play up and play the game
Opinion A virtual environment makes a great de-hype advisor
STORIES
Ransomware scum have put a target on the no man's land between IT and operations
Defenses are weaker, and victims are more likely to pay, SANS warns
CSO14 May 2025 | 17
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti
Patches14 May 2025 | 3
Why aggregating your asset inventory leads to better security
Today’s complex IT environments demand a new approach
Partner content
Britain's cyber agents and industry clash over how to tackle shoddy software
CYBERUK Providers argue that if end users prioritized security, they'd get it
CSO12 May 2025 | 76
Unending ransomware attacks are a symptom, not the sickness
Opinion We need to make taking IT systems 'off the books' a problem for corporate types
Cyber-crime12 May 2025 | 63
PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied
Now individual school districts extorted by fiends
CSO08 May 2025 | 33
After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI
CEO: Neural net tech 'flattens our hiring curve, helps us innovate'
CSO07 May 2025 | 14
Super spyware maker NSO must pay Meta $168M in WhatsApp court battle
Don't f&#k with Zuck
CSO06 May 2025 | 17
Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower
What was the plan, showing her his big iron?
AI Infrastructure Month06 May 2025 | 79
RSA Conf wrap: AI and China on everything, everywhere, all at once
RSAC With North Korean IT workers storming the gates, too
Spotlight on RSAC04 May 2025 | 5
Generative AI makes fraud fluent – from phishing lures to fake lovers
RSAC Real-time video deepfakes? Not convincing yet
Spotlight on RSAC02 May 2025 | 5
How Amazon red-teamed Alexa+ to keep your kids from ordering 50 pizzas
RSAC Will the personal assistant shop for groceries? Or get hijacked by a teen?
Spotlight on RSAC01 May 2025 | 35
Ex-NSA cyber-boss: AI will soon be a great exploit coder
RSAC For now it's a potential bug-finder and friend to defenders
Spotlight on RSAC30 Apr 2025 | 13
Ghost in the shell script: Boffins reckon they can catch bugs before programs run
Go ahead, please do Bash static analysis
CSO30 Apr 2025 | 39
Cloud doesn’t mean secure: How Intruder finds what others miss
A cloud security platform that manages the attack surface and security vulnerabilities in AWS
Sponsored post
Watch out for any Linux malware sneakily evading syscall-watching antivirus
Google dumped io_uring after $1M in bug bounties
CSO29 Apr 2025 | 17
China is using AI to sharpen every link in its attack chain, FBI warns
RSAC Artificial intelligence is helping Beijing's goons break in faster and stay longer
Spotlight on RSAC29 Apr 2025 | 11
Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus
Florida man altered allergen info, DoSed former colleagues
Cyber-crime29 Apr 2025 | 15
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
Updated Sometimes, silence is the best option
CSO28 Apr 2025 | 10
How to survive as a CISO aka 'chief scapegoat officer'
RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel
Spotlight on RSAC28 Apr 2025 | 9
Admission impossible: NSA, CISA brass absent from RSA Conf
RSAC Homeland Security boss Noem added as last-minute keynote, mind you
Spotlight on RSAC28 Apr 2025 | 11
The future of AI in cybersecurity in a word: Optimistic
Think of artificial intelligence as your embedded ally
Sponsored post
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed
Opinion Infosec is a team sport … unless you're in the White House
Public Sector25 Apr 2025 | 98
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member
What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future
CSO25 Apr 2025 | 17
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues
Patches25 Apr 2025 | 2
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
Because coding phishing sites from scratch is a real pain in the neck
Cyber-crime25 Apr 2025 | 5
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year
Cybercriminals are targeting software shops, accountants, lawyers
CSO24 Apr 2025 | 2
Blue Shield says it shared health info on up to 4.7M patients with Google Ads
Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway
CSO23 Apr 2025 | 25
We’re calling it now: Agentic AI will win RSAC buzzword Bingo
RSAC All aboard the hype train
Spotlight on RSAC23 Apr 2025 | 8
Who needs phishing when your login's already in the wild?
Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get
CSO23 Apr 2025 | 11
America's cyber defenses are being dismantled from the inside
Opinion The CVE system nearly dying shows that someone has lost the plot
CSO23 Apr 2025 | 93
Two CISA officials jump ship, both proud of pushing for Secure by Design software
As cyber-agency faces cuts, makes noises about switching up program
Public Sector22 Apr 2025 | 11
A pot of $250K is now available to ransomware researchers, but it feeds a commercial product
Security bods can earn up to $10K per report
Research22 Apr 2025 | 3
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
10 other certificates 'were mis-issued and have now been revoked'
CSO22 Apr 2025 | 13
Today's LLMs craft exploits from patches at lightning speed
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours
AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days
It's now hitting govt, enterprise targets
CSO21 Apr 2025 | 31
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter
Some in the infosec world definitely want to see Big Red crucified
CSO18 Apr 2025 | 6
CVE fallout: The splintering of the standard vulnerability tracking system has begun
Comment MITRE, EUVD, GCVE … WTF?
Spotlight on RSAC18 Apr 2025 | 89
Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances
Illegitimi non carborundum? Nice password, Mr Ex-CISA
Spotlight on RSAC17 Apr 2025 | 69
Whistleblower describes DOGE IT dept rampage at America's labor watchdog
Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim
CSO17 Apr 2025 | 53
Signalgate chats vanish from CIA chief phone
Extraordinary rendition of data, or just dropped it out of a helicopter?
CSO16 Apr 2025 | 22
Identifying the cyber risks that matter
From noise to clarity: Why CISOs are shifting to adversarial exposure validation
Partner content
CVE program gets last-minute funding from CISA – and maybe a new home
Uncertainty is the new certainty
CSO16 Apr 2025 | 32
Guess what happens when ransomware fiends find 'insurance' 'policy' in your files
It involves a number close to three or six depending on the pickle you're in
Spotlight on RSAC16 Apr 2025 | 20
Uncle Sam kills funding for CVE program. Yes, that CVE program
Updated Because vulnerability management has nothing to do with national security, right?
CSO16 Apr 2025 | 179
All right, you can have one: DOGE access to Treasury IT OK'd judge
Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez
Public Sector15 Apr 2025 | 18
New SSL/TLS certs to each live no longer than 47 days by 2029
IT admins, get ready to grumble
CSO14 Apr 2025 | 126
Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks
Feature Military units, government nerds appear to join the fray, with physical infra in sights
CSO13 Apr 2025 | 7
LLMs can't stop making up software dependencies and sabotaging everything
Hallucinated package names fuel 'slopsquatting'
AI Software Development Week12 Apr 2025 | 98
Infosec experts fear China could retaliate against tariffs with a Typhoon attack
World War Fee Scammers are already cashing in with fake invoices for import costs
CSO10 Apr 2025 | 31
Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs
Updated Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories
Public Sector10 Apr 2025 | 113
Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz
Cloud Next How Chocolate Factory hopes to double down on enterprise-sec
CSO09 Apr 2025 | 7
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug
Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low
Patches08 Apr 2025 | 14
As CISA braces for more cuts, threat intel sharing takes a hit
Analysis How will 'gutting' civilian defense agency make American cybersecurity great again?
Public Sector08 Apr 2025 | 11
Oracle says its cloud was in fact compromised
Reliability, honesty, accuracy. And then there's this lot
PaaS + IaaS08 Apr 2025 | 37
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
But this mystery isn't over yet, Unit 42 opines
Devops07 Apr 2025 | 7
UK's attempt to keep details of Apple 'backdoor' case secret… denied
Last month's secret hearing comes to light
CSO07 Apr 2025 | 124
Signalgate: Pentagon watchdog probes Defense Sec Hegseth
Classification compliance? Records retention requirements? How quaint
Public Sector04 Apr 2025 | 108
For flux sake: CISA, annexable allies warn of hot DNS threat
Shape shifting technique described as menace to national security
CSO03 Apr 2025 | 5
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years
Simple denial-of-service blunder turned out to be remote unauth code exec disaster
Cyber-crime03 Apr 2025 | 3
Why is someone mass-scanning Juniper and Palo Alto Networks products?
Updated Espionage? Botnets? Trying to exploit a zero-day?
Networks03 Apr 2025 | 11
Heterogeneous stacks, ransomware, and ITaaS: A DR nightmare
Comment Recovery's never been harder in today's tangled, outsourced infrastructure
Disaster Recovery Week03 Apr 2025 | 6
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling
Double-oh-sh...
CSO02 Apr 2025 | 10
Crimelords at Hunters International tell lackeys ransomware too 'risky'
Bosses say theft now the name of the game with a shift in tactics, apparent branding
Cyber-crime02 Apr 2025 | 6
For healthcare orgs, DR means making sure docs can save lives during ransomware infections
Organizational, technological resilience combined defeat the disease that is cybercrime
Disaster Recovery Week02 Apr 2025 | 6
Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed
1990s incident response in 2025
PaaS + IaaS31 Mar 2025 | 8
China’s FamousSparrow flies back into action, breaches US org after years off the radar
Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET
Networks27 Mar 2025 | 2
Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat
Updated So F-18 launch times, weapons, drone support aren't classified now ... who knew?
CSO26 Mar 2025 | 265
US defense contractor cops to sloppy security, settles after infosec lead blows whistle
MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade
CSO26 Mar 2025 | 11
There are 10,000 reasons to doubt Oracle Cloud's security breach denial
Customers come forward claiming info was swiped from prod
Cyber-crime25 Mar 2025 | 43
FCC on the prowl for Huawei and other blocked Chinese makers in America
Be vewy vewy quiet, I'm hunting rackets
Networks24 Mar 2025 | 8
As nation-state hacking becomes 'more in your face,' are supply chains secure?
Interview Ex-US Air Force officer says companies shouldn't wait for govt mandates
CSO24 Mar 2025 | 10
Oracle Cloud says it's not true someone broke into its login servers and stole data
Despite evidence to the contrary as alleged pilfered info goes on sale
Cyber-crime23 Mar 2025 | 29
Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US
Interview Plus AI in the infosec world, why CISA should know its place, and more
CSO23 Mar 2025 | 43
Show top LLMs some code and they'll merrily add in the bugs they saw in training
One more time, with feeling ... Garbage in, garbage out
AI + ML19 Mar 2025 | 33
CISA fires, now rehires and immediately benches security crew on full pay
DOGE efficiency in action
Public Sector18 Mar 2025 | 51
UK wants dirt on data brokers before criminals get there first
Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs
CSO18 Mar 2025 | 12
Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up
Don't laugh. This kind of warning shows crims are getting desperate
Cyber-crime18 Mar 2025 | 13
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
Updated One PUT request, one poisoned session file, and the server’s yours
CSO18 Mar 2025 | 8
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database
More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit
CSO17 Mar 2025 | 129
Biting the hand that feeds IT
