Marvell disputes claim Cavium backdoored chips for Uncle Sam Allegations date back a decade to leaked Snowden docs Research19 Sep 2023 | 5
Cryptojackers spread their nets to capture more than just EC2 AMBERSQUID operation takes AWS's paths less travelled in search of compute Research18 Sep 2023 | 3
Probe reveals previously secret Israeli spyware that infects targets via ads Oh s#!t, Sherlock Research16 Sep 2023 | 73
Used cars? Try used car accounts: 15,000 up for grabs online at just $2 a pop Cut and shut is so last century, now it's copy and clone Research13 Sep 2023 | 9
How to snoop on passwords with this one weird trick (involving public Wi-Fi signals) Fun technique – but how practical is it? Research13 Sep 2023 | 20
China caught – again – with its malware in another nation's power grid 'Obtaining a disruptive capability could be one possible motivation behind this surge in attacks' Research12 Sep 2023 | 17
Microsoft: China stole secret key that unlocked US govt email from crash debug dump Mistakes were made, lessons learned, stuff now fixed, says Windows maker Research06 Sep 2023 | 54
Meatbag mishaps more menacing than malware? CISOs think so Company boards, on the other hand, aren't letting cybersecurity disturb their sleep as much Research06 Sep 2023 | 6
Kremlin-backed Sandworm strikes Android devices with data-stealing Infamous Chisel Five Eyes nations warn of hit against Ukrainian military systems Research31 Aug 2023 | 4
Apple's defense against apps vandalizing other apps still broken, developer claims Updated Cupertino appears to be blasé about long-standing macOS bug, so coder has blabbed Research22 Aug 2023 | 17
Microsoft: Codesys PLC bugs could be exploited to 'shut down power plants' What are these gadgets running, Windows? Ka-boom-tsch Research11 Aug 2023 | 10
There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack Especially on Apple gear, uni team says Research10 Aug 2023 | 25
Stalkerware slinger LetMeSpy shuts down for good after database robbery If you can't trust a spyware developer with your info, who can you trust? Research07 Aug 2023 | 4
Old-school hacktivism is back because it never went away Mysterious Team Bangladesh has carried out 846 attacks since June 2022, mostly DDoS Research03 Aug 2023 | 7
Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical Collide+Power vulnerability leaks secrets bit by bit - but could take months or years to learn a useful secret Research01 Aug 2023 | 4
TETRA radio comms used by emergency heroes easily cracked, say experts Updated If it looks like a backdoor, walks like a backdoor, maybe it's ... export control Research24 Jul 2023 | 60
Microsoft puts out Outlook fire, says everything's fine with Teams malware flaw Redmond's not fixing the latter because it 'relies on social engineering' Research06 Jul 2023 | 28
RAM-ramming Rowhammer is back – to uniquely fingerprint devices Just use it sparingly, as it may crash equipment or burn out memory Black Hat and DEF CON05 Jul 2023 | 30
It's 2023 and memory overwrite bugs are not just a thing, they're still number one Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list Research29 Jun 2023 | 71
Warning: JavaScript registry npm vulnerable to 'manifest confusion' abuse Failure to match metadata with packaged files is perfect for supply chain attacks Research27 Jun 2023 | 12
Nvidia's 900 tons of GPU muscle bulks up server market, slims down wallets Fewer boxes shipped, but with 8 H100s apiece, revenue is up amid AI frenzy
VMware staff reportedly told job cuts may start before Broadcom acquisition CVs are starting to appear on social media because staff think it's a sensible time to be in the shop window
GitHub Copilot, Amazon Code Whisperer sometimes emit other people's API keys Updated AI dev assistants can be convinced to spill secrets learned during training
Marvell disputes claim Cavium backdoored chips for Uncle Sam Allegations date back a decade to leaked Snowden docs
So what if China has 7nm chips now, there's no Huawei it can make them 'at scale' Or so says US Commerce Secretary
Buiding Excel-like UI for Uber's China ops exposed Microsoft calculation quirks Updated Developer recounts rideshare outfitattempts to crack the Middle Kingdom market
Google Bard can now tap into your Gmail, Docs, more Web giant promises personal info and files won't be used to train this chatbot
The Clorox Company admits cyberattack causing 'widescale disruption' Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'
'Small monthly payment' only thing that stands between X and bot chaos, says Musk Comment Yes, because automated accounts are really the problem here
Microsoft: Russia sent its B team to wipe Ukrainian hard drives WhisperGate-spreading Cadet Blizzard painted as haphazard but dangerous crew Research16 Jun 2023 | 10
These Microsoft Office security signatures are 'practically worthless' Updated Turns out it's easy to forge documents relying on OOXML Research13 Jun 2023 | 14
Qbot malware adapts to live another day … and another … Operators stay ahead of defenders with new access methods and C2 infrastructure Research05 Jun 2023 | 3
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Research01 Jun 2023 | 3
Alien versus Predator? No, this Android spyware works together Phone-hugging code can record calls, read messages, track geolocation, access camera, other snooping Research27 May 2023 | 8
Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids Updated For simulation or for real, we don't like the vibes from this CosmicEnergy Research25 May 2023 | 8
Upstart encryption app walks back privacy claims, pulls from stores after probe Try not leaving a database full of user info, chats, keys exposed, eh? Research17 May 2023 | 40
Let white-hat hackers stick a probe in those voting machines, say senators HAVA go at breaking electronic ballot box security Research11 May 2023 | 47
DEF CON to set thousands of hackers loose on LLMs Can't wait to see how these AI models hold up against a weekend of red-teaming by infosec's village people Research06 May 2023 | 27
How fiends abuse an out-of-date Microsoft Windows driver to infect victims It's like those TV movies where a spy cuts a wire and the whole building's security goes out Research24 Apr 2023 | 16
Firmware is on shaky ground – let's see what it's made of Opinion Old architectures just don't stack up Research17 Apr 2023 | 69
Another zero-click Apple spyware maker just popped up on the radar again Pegasus, pssh, you so 2000-and-late Research12 Apr 2023 | 8
Welcome to open source, Elon. Your Twitter code just got a CVE for shadow ban bug Plus: Substack shanked by bitter Twitter? Research07 Apr 2023 | 14
CAN do attitude: How thieves steal cars using network bus It starts with a headlamp and fake smart speaker, and ends in an injection attack and a vanished motor Research06 Apr 2023 | 198
April brings tulips, taxes ... and phisherfolk scammers Tactical#Octopus: Don't let users click on that zip file Research03 Apr 2023 | 6
Leaked IT contractor files detail Kremlin's stockpile of cyber-weapons Snowden-esque 'Vulkan' dossier links Moscow firm to FSB, GRU, SRV Defense Tech Week31 Mar 2023 | 28
Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity How someone can nab buffered info, by hook or by kr00k Spotlight on RSA30 Mar 2023 | 15
Gone in 120 seconds: Tesla Model 3 child's play for hackers In brief Plus OIG finds Uncle Sam fibbed over Login.gov Research27 Mar 2023 | 37
Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit Maybe this is deserved given the problem's in a hidden telnet service Research22 Mar 2023 | 24
Refreshed from its holiday, Emotet has gone phishing Notorious botnet starts spamming again after a three-month pause Research09 Mar 2023 | 2
Frankenstein malware stitched together from code of others disguised as PyPI package Crime-as-a-service vendors mix and match components as needed by client Research03 Mar 2023 | 3
Fast-evolving Prilex POS malware can block contactless payments ... forcing users to insert their cards into less-secure PIN systems Research03 Feb 2023 | 16
Malvertising attacks are distributing .NET malware loaders The campaign illustrates another option for miscreants who had relied on Microsoft macros Research02 Feb 2023 | 7
Microsoft closes another door to attackers by blocking Excel XLL files from the internet More of them used by baddies since Redmond blocked VBA macros Research25 Jan 2023 | 6
Microsoft took its macros and went home, so miscreants turned to Windows LNK files Adapt or die Research23 Jan 2023 | 6
How to track equipped cars via exploitable e-ink platemaker Miscreants could have tracked, modified, deleted digital plates Research10 Jan 2023 | 90
Dridex malware pops back up and turns its attention to macOS Malware testers spot attempt to attack Macs. But (try not to weep for the bad guys) there are still compatibility issues with MS exe files Research06 Jan 2023 | 6
Legit Android apps poisoned by sticky 'Zombinder' malware Sure, go ahead and load APKs instead of using an app store. You won't enjoy the results Research09 Dec 2022 | 25
Meta links US military to fake social media influence campaigns Didn't say they were good, though – covert ops apparently got 'little to no engagement' from targets Research24 Nov 2022 | 20
Still using a discontinued Boa web server? Microsoft warns of supply chain attacks Flaws in the open-source tool exploited – and India's power grid was a target Research23 Nov 2022 | 10
WASP malware stings Python developers Info-stealing trojan hides in malicious PyPI packages on GitHub Research16 Nov 2022 | 9
Robin Banks crooks back at the table with fresh phish from Russia Phishing-as-a-service group's toolset now includes ways to get around MFA Research08 Nov 2022 | 1
All the US midterm-related lies to expect when you're electing Don't like the results? The election must have been rigged Research07 Nov 2022 | 149
Oh, look: More malware in the Google Play store in brief Also, US media hit with JavaScript supply chain attack, while half of govt employees use out-of-date mobile OSes Research07 Nov 2022 | 25
Double-check demand payment emails from law firms: Convincing fakes surface Crimson Kingsnake impersonates legit attorneys, fakes email threads from your colleagues in far-reaching BEC campaign Research04 Nov 2022 | 15
Ordinary web access request or command to malware? Cranefly group unleashes nasty little technique using Microsoft Internet Information Services (IIS) logs Research31 Oct 2022 | 4
This Windows worm evolved into slinging ransomware. Here's how to detect it Raspberry Robin hits 1,000 orgs in just one month Research28 Oct 2022 | 12
Purpleurchin cryptocurrency miners spotted scouring free GitHub, Heroku accounts This is why we can't have nice things Research27 Oct 2022 | 14
DHL named most-spoofed brand in phishing With Microsoft and LinkedIn close on shipping giant's heels Research24 Oct 2022 | 4
Good news, URSNIF no longer a banking trojan. Bad news, it's now a backdoor And one designed to slip ransomware and data-stealing code onto infected machines Research21 Oct 2022 | 1
Tear in Microsoft Azure Service Fabric can give attackers full admin privileges Orca Security disclosed the bug, and older versions remain vulnerable Research19 Oct 2022 |
Phishing works so well crims won't bother with deepfakes, says Sophos chap People reveal passwords if you ask nicely, so AI panic is overblown Research17 Oct 2022 | 15
Criminal multitool LilithBot arrives on malware-as-a-service scene Bespoke botnet up for grabs from outfit praised for, er, customer service Research10 Oct 2022 | 1
Loads of PostgreSQL systems are sitting on the internet without SSL encryption They probably shouldn't be connected in the first place, says database expert Research07 Oct 2022 | 20
Steganography alert: Backdoor spyware stashed in Microsoft logo Now that's sticker shock Research02 Oct 2022 | 27
Microsoft warns of North Korean crew posing as LinkedIn recruiters State-sponsored ZINC allegedly passes on malware-laden open source apps Research30 Sep 2022 | 10
How CIA betrayed informants with shoddy front websites built for covert comms Top tip, don't give your secret login box the HTML form type 'password' Research29 Sep 2022 | 37
Pentagon is far too tight with its security bug bounties But overpriced, useless fighter jets? That's something we can get behind Research29 Sep 2022 | 16
Matrix chat encryption sunk by five now-patched holes You take the green pill, you'll spend six hours in a 'don't roll your own crypto' debate Research28 Sep 2022 | 8
The web's cruising at 13 million new and nefarious domain names a month Or so Akamai is dying to tell us Research28 Sep 2022 | 10
Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web Beware what could be hiding in those LNK shortcuts Research28 Sep 2022 | 4
China's infosec researchers obeyed Beijing and stopped reporting vulns ... or did they? Report finds increase in anonymous vuln reports Research27 Sep 2022 | 4
Can reflections in eyeglasses actually leak info from Zoom calls? Here's a study into it About time someone shone some light onto this Security17 Sep 2022 | 68
Mandiant links APT42 to Iranian 'terrorist org' 'It's hard to imagine a more dangerous scenario,' Mandiant Intel VP told The Reg Research07 Sep 2022 | 27
Oh no, that James Webb Space Telescope snap might actually contain malware Is nothing sacred? Research01 Sep 2022 | 25
Find a security hole in Google's open source and you could bag a $31,337 reward Will it be enough to prevent the next software supply-chain attack? Research30 Aug 2022 | 5
Twitter, Meta kill hundreds of pro-Western troll accounts It turns out online chicanery aiming to destabilize foreign nations is a two-way street Research25 Aug 2022 | 38
Microsoft finds critical hole in operating system that for once isn't Windows Oh wow, get a load of Google using strcpy() all wrong – strcpy! Haha, you'll never ever catch us doing that Research23 Aug 2022 | 65
Two years on, Apple iOS VPNs still leak IP addresses Privacy, it's a useful marketing term. *Offer does not apply in China Research19 Aug 2022 | 18
Software developer cracks Hyundai car security with Google search Top tip: Your RSA private key should not be copied from a public code tutorial Research17 Aug 2022 | 81
Mozilla finds 18 of 25 popular reproductive health apps share your data Scary in post-Roe America, and Poland, and far too many other places Research17 Aug 2022 | 44
Oh Deere: Farm hardware jailbroken to run Doom Corn-y demo heralded as right-to-repair win Research16 Aug 2022 | 51
Student crashes Cloudflare beta party, redirects email, bags a bug bounty Simple to exploit, enough to pocket $3,000 Research04 Aug 2022 | 8
Post-quantum crypto cracked in an hour with one core of an ancient Xeon NIST's nifty new algorithm looks like it's in trouble Research03 Aug 2022 | 83
Miscreants aim to cause Discord discord with malicious npm packages LofyLife campaign comes amid GitHub security lockdown Research02 Aug 2022 | 2
Vietnamese attacker circumvents Facebook security with ‘DUCKTAIL’ malware Session cookies and 2FA subversion allow takeover of biz and ad accounts, lead to unauthorized ad buys Research27 Jul 2022 | 8
Node.js prototype pollution is bad for your app environment Boffins find common code constructs that may be exploitable to achieve remote code execution Research25 Jul 2022 | 5
US Cyber Command spots another 20 malware strains targeting Ukraine Plus Mandiant, Cisco Talos uncover digital espionage Research21 Jul 2022 | 1
Boffins release tool to decrypt Intel microcode. Have at it, x86 giant says Peek behind the curtain to see SGX implemented, Spectre mitigated, and more Research20 Jul 2022 | 18
Botnet malware disguises itself as password cracker for industrial controllers Can't get into that machine? No problem, just trust this completely sketchy looking tool Research18 Jul 2022 | 8
SCOTUS judges 'doxxed' after overturning Roe v Wade Physical and IP addresses as well as credit card info revealed in privacy breach Research13 Jul 2022 | 137
Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant Speculative execution side-channels continue to haunt silicon world Research12 Jul 2022 | 8
How data on a billion people may have leaked from a Chinese police dashboard Record-breaking dump thanks to password-less Kibana endpoint? Research10 Jul 2022 | 24
Someone may be prepping an NPM crypto-mining spree 1,300 packages from 1,000 automated user accounts set the stage for something big Research07 Jul 2022 | 8
Hive ransomware gang rapidly evolves with complex encryption, Rust code RaaS malware devs have been busy bees Research06 Jul 2022 | 3
Near-undetectable malware linked to Russia's Cozy Bear The fun folk who attacked Solar Winds using a poisoned CV and tools from the murky world of commercial hackware Research06 Jul 2022 | 64
Actual quantum computers don't exist yet. The cryptography to defeat them may already be here NIST pushes ahead with CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+ algorithms Research05 Jul 2022 | 42
Pentagon: We'll pay you if you can find a way to hack us DoD puts money behind bug bounty program after reward-free pilot Research05 Jul 2022 | 18
What to do about inherent security flaws in critical infrastructure? Industrial systems' security got 99 problems and CVEs are one. Or more Research03 Jul 2022 | 46
We're now truly in the era of ransomware as pure extortion without the encryption Feature Why screw around with cryptography and keys when just stealing the info is good enough Research25 Jun 2022 | 22