Intel's data-leaking Spectre defenses scared off yet again
ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit
Research13 May 2025 | 5
Research
You think ransomware is bad now? Wait until it infects CPUs
RSAC Rapid7 threat hunter wrote a PoC. No, he's not releasing it
Research11 May 2025 | 64
Ghost in the shell script: Boffins reckon they can catch bugs before programs run
Go ahead, please do Bash static analysis
CSO30 Apr 2025 | 39
Enterprise tech dominates zero-day exploits with no signs of slowdown
As Big Tech gets used to the pain, smaller vendors urged to up their game
Research29 Apr 2025 | 1
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
Because coding phishing sites from scratch is a real pain in the neck
Cyber-crime25 Apr 2025 | 5
Booby-trapped Alpine Quest Android app geolocates Russian soldiers
Back of the nyet!
Research24 Apr 2025 | 37
Who needs phishing when your login's already in the wild?
Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get
CSO23 Apr 2025 | 11
A pot of $250K is now available to ransomware researchers, but it feeds a commercial product
Security bods can earn up to $10K per report
Research22 Apr 2025 | 3
Today's LLMs craft exploits from patches at lightning speed
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours
AI Software Development Week21 Apr 2025 | 19
Hacking US crosswalks to talk like Zuck is as easy as 1234
Video AI-spoofed Mark joins fellow billionaires as the voice of the street – here's how it was probably done
Bootnotes19 Apr 2025 | 88
Uncle Sam kills funding for CVE program. Yes, that CVE program
Updated Because vulnerability management has nothing to do with national security, right?
CSO16 Apr 2025 | 179
Chinese snoops use stealth RAT to backdoor US orgs – still active last week
Let the espionage and access resale campaigns begin (again)
Research15 Apr 2025 | 3
Scattered Spider stops the Rickrolls, starts the RAT race
Despite arrests, eight-legged menace targeted more victims this year
Research08 Apr 2025 | 5
As CISA braces for more cuts, threat intel sharing takes a hit
Analysis How will 'gutting' civilian defense agency make American cybersecurity great again?
Public Sector08 Apr 2025 | 11
For flux sake: CISA, annexable allies warn of hot DNS threat
Shape shifting technique described as menace to national security
CSO03 Apr 2025 | 5
Top cybersecurity boffin, wife vanish as FBI raids homes
Updated Indiana Uni rm -rf online profiles while agents haul boxes of evidence
Research31 Mar 2025 | 21
Malware in Lisp? Now you're just being cruel
Miscreants warming to Delphi, Haskell, and the like to evade detection
Research29 Mar 2025 | 56
You know that generative AI browser assistant extension is probably beaming everything to the cloud, right?
Just an FYI, like
Applications25 Mar 2025 | 18
VanHelsing ransomware emerges to put a stake through your Windows heart
There's only one rule – don't attack Russia, duh
Research25 Mar 2025 | 7
Paragon spyware deployed against journalists and activists, Citizen Lab claims
Infosec newsbytes Plus: Customer info stolen from 'parental control' software slinger SpyX; F-35 kill switch denied
Research21 Mar 2025 | 17
Popular
NASA keeps ancient Voyager 1 spacecraft alive with Hail Mary thruster fix
Failure could've triggered a small explosion
VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals
Admits due diligence fell short - furious users cry ‘gaslighting’
Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb
'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation'
Go ahead and ignore Patch Tuesday – it might improve your security
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
The 'End of 10' is nigh, but don't bury your PC just yet
Linux types mobilize website to help people avoid creating more e-waste
Here's what we know about the DragonForce ransomware that hit Marks & Spencer
Would you believe it, this RaaS cartel says Russia is off limits
Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play
Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated
Metal maker meltdown: Nucor stops production after cyber-intrusion
Ransomware or critical infra hit? Top US manufacturer maintains steely silence
Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU
Expert tells us: 'It is the most unique breach disclosure I've ever seen'
Ivanti patches two zero-days under active attack as intel agency warns customers
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product
STORIES
Too many software supply chain defense bibles? Boffins distill advice
How to avoid another SolarWinds, Log4j, and XZ Utils situation
Security20 Mar 2025 | 10
US tech jobs outlook clouded by DOGE cuts, Trump tariffs
Hiring remains relatively strong as analysts warn of slowdown
Research18 Mar 2025 | 57
Microsoft isn't fixing 8-year-old shortcut exploit abused for spying
'Only' a local access bug but important part of N Korea, Russia, and China attack picture
Research18 Mar 2025 | 41
Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos
Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal
Research18 Mar 2025 | 4
GitHub supply chain attack spills secrets from 23,000 projects
Large organizations among those cleaning up the mess
Cyber-crime17 Mar 2025 | 34
Google says it's rolling out fix for stricken Chromecasts
It'll take a few days, give or take your situation
Personal Tech13 Mar 2025 | 20
That 'angry guest' email from Booking.com? It's a scam, not a 1-star review
Phishers check in, your credentials check out, Microsoft warns
Research13 Mar 2025 | 9
DeepSeek can be gently persuaded to spit out malware code
It might need polishing, but a useful find for any budding cybercrooks out there
Research13 Mar 2025 | 12
MINJA sneak attack poisons AI models for other chatbot users
Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it
AI + ML11 Mar 2025 | 15
Google begs owners of crippled Chromecasts not to hit factory reset
Updated Expired security cert kerfuffle leaves second-gen, Audio gadgets useless
Personal Tech10 Mar 2025 | 63
Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift
Phishing and ancient vulns still do the trick for one of the most prolific groups around
Research10 Mar 2025 | 8
We call this kernel saunters: How Apple rearranged its XNU core with exclaves
iPhone giant compartmentalizes OS for the sake of security
Research08 Mar 2025 | 17
The Badbox botnet is back, powered by up to a million backdoored Androids
Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort
Cyber-crime07 Mar 2025 | 10
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets
Updated They're good at zero-day exploits, too
Public Sector05 Mar 2025 | 17
Ransomware criminals love CISA's KEV list – and that's a bug, not a feature
1 in 3 entries are used to extort civilians, says new paper
Ransomware in Focus28 Feb 2025 | 5
Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o
Updated Model was fine-tuned to write vulnerable software – then suggested enslaving humanity
AI + ML27 Feb 2025 | 127
Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time
Boffins poked around inside censorship engines – here's what they found
Networks27 Feb 2025 | 38
MITRE Caldera security suite scores perfect 10 for insecurity
Is a trivial remote-code execution hole in every version part of the training, or?
Research25 Feb 2025 | 9
China's Silver Fox spoofs medical imaging apps to hijack patients' computers
Sly like a PRC cyberattack
Research25 Feb 2025 | 2
Malware variants that target operational tech systems are very rare – but 2 were found last year
Fuxnet and FrostyGoop were both used in the Russia-Ukraine war
Research25 Feb 2025 | 3
Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes
Said bugs 'can have significant implications' – glad to hear that from Redmond
AI + ML20 Feb 2025 | 7
Critical flaws in Mongoose library expose MongoDB to data thieves, code execution
Bugs fixed, updating to the latest version is advisable
Research20 Feb 2025 | 2
Check out this free automated tool that hunts for exposed AWS secrets in public repos
You can find out if your GitHub codebase is leaking keys ... but so can miscreants
Security19 Feb 2025 | 2
Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload
Because stealing your credentials, banking info, and IP just wasn’t enough
Research18 Feb 2025 | 8
XCSSET macOS malware returns with first new version since 2022
Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert
Research17 Feb 2025 | 6
Critical PostgreSQL bug tied to zero-day attack on US Treasury
High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further
Research14 Feb 2025 | 22
North Korea targets crypto developers via NPM supply chain attack
Yet another cash grab from Kim's cronies and an intel update from Microsoft
Research13 Feb 2025 | 8
Russia's Sandworm caught snarfing credentials, data from American and Brit orgs
'Near-global' initial access campaign active since 2021
Research12 Feb 2025 | 9
Canvassing apps used by UK political parties riddled with privacy, security issues
Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org's report
Research30 Jan 2025 | 21
SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon
It's another cousin of Spectre, here to read your email, browsing history, and more
Research29 Jan 2025 | 15
Security pros more confident about fending off ransomware, despite being battered by attacks
Data leak, shmata leak. It will all work out, right?
Cyber-crime28 Jan 2025 | 5
Hackers game out infowar against China with the US Navy
Taipei invites infosec bods to come and play on its home turf
Public Sector20 Jan 2025 | 5
Fortinet: FortiGate config leaks are genuine but misleading
Competition hots up with Ivanti over who can have the worst start to a year
Cyber-crime17 Jan 2025 | 5
Microsoft eggheads say AI can never be made secure – after testing Redmond's own products
If you want a picture of the future, imagine your infosec team stamping on software forever
AI + ML17 Jan 2025 | 85
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used
Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg
Networks14 Jan 2025 | 26
Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days
'Codefinger' crims on the hunt for compromised keys
Research13 Jan 2025 | 5
Security pros baited with fake Windows LDAP exploit traps
Tricky attackers trying yet again to deceive the good guys on home territory
Cyber-crime09 Jan 2025 | 7
DNA sequencers found running ancient BIOS, posing risk to clinical research
Updated Devices on six-year-old firmware vulnerable to takeover and destruction
Research08 Jan 2025 | 24
Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed
Here's what $20 gets you these days
Research08 Jan 2025 | 13
FireScam infostealer poses as Telegram Premium app to surveil Android devices
updated Once installed, it helps itself to your data like it's a free buffet
Research06 Jan 2025 | 5
How cops taking down LockBit, ALPHV led to RansomHub's meteoric rise
Cut off one head, two more grow back in its place
Cyber-crime28 Dec 2024 | 4
How Androxgh0st rose from Mozi's ashes to become 'most prevalent malware'
Botnet's operators 'driven by similar interests as that of the Chinese state'
Cyber-crime24 Dec 2024 | 3
UK ICO not happy with Google's plans to allow device fingerprinting
Infosec in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more
Security23 Dec 2024 | 75
Boffins trick AI model into giving up its secrets
All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days
Research18 Dec 2024 | 20
Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks
IOCONTROL targets IoT and OT devices from a ton of makers, apparently
Research13 Dec 2024 | 14
AMD secure VM tech undone by DRAM meddling
Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory
Systems10 Dec 2024 | 10
Fully patched Cleo products under renewed 'zero-day-ish' mass attack
Thousands of servers targeted while customers wait for patches
Research10 Dec 2024 |
Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket
Exclusive ShinyHunters-linked heist thought to have been ongoing since March
Research09 Dec 2024 | 9
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system
Feature 'It's a double-edged sword,' security researchers tell The Reg
Public Sector08 Dec 2024 | 52
Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday'
Redmond threat intel maven talks explains this persistent pain to The Reg
Security06 Dec 2024 | 16
Data broker leaves 600K+ sensitive files exposed online
Exclusive Researcher spotted open database before criminals … we hope
Research27 Nov 2024 | 22
First-ever UEFI bootkit for Linux in the works, experts say
Bootkitty doesn’t bite… yet
Research27 Nov 2024 | 15
The workplace has become a surveillance state
Cracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices
CxO27 Nov 2024 | 72
'Alarming' security bugs lay low in Linux's needrestart utility for 10 years
Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server
Research21 Nov 2024 | 15
Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed
OSS-Fuzz is making a strong argument for LLMs in security research
AI + ML20 Nov 2024 | 9
China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer
No word on when or if the issue will be fixed
Security19 Nov 2024 | 2
America's drinking water systems have a hard-to-swallow cybersecurity problem
More than 100M rely on gear rife with vulnerabilities, says EPA OIG
Public Sector19 Nov 2024 | 20
Rust haters, unite! Fil-C aims to Make C Great Again
It's memory-safe, with a few caveats
Software16 Nov 2024 | 104
Letting chatbots run robots ends as badly as you'd expect
LLM-controlled droids easily jailbroken to perform mayhem, researchers warn
AI + ML16 Nov 2024 | 44
Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'
Updated Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds
Research14 Nov 2024 | 5
China's Volt Typhoon crew and its botnet surge back with a vengeance
Ohm, for flux sake
Public Sector13 Nov 2024 | 4
Don't open that 'copyright infringement' email attachment – it's an infostealer
Curiosity gives crims access to wallets and passwords
Research07 Nov 2024 | 21
Cybercrooks are targeting Bengal cat lovers in Australia for some reason
In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos
Research06 Nov 2024 | 15
Criminals open DocuSign's Envelope API to make BEC special delivery
Why? Because that's where the money is
Research05 Nov 2024 | 4
Ongoing typosquatting campaign impersonates hundreds of popular npm packages
Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials
Research05 Nov 2024 | 10
Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed
You snooze, you lose, er, win
AI + ML05 Nov 2024 | 18
Gang gobbles 15K credentials from cloud and email providers' garbage Git configs
Emeraldwhale looked sharp – until it made a common S3 bucket mistake
Research31 Oct 2024 | 2
AWS Cloud Development Kit flaw exposed accounts to full takeover
Remember Bucket Monopoly? Yeah, it gets worse
Cybersecurity Month24 Oct 2024 | 13
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers
Attacks on unprotected servers reach 'critical level'
Cybersecurity Month24 Oct 2024 | 1
Millions of Android and iOS users at risk from hardcoded creds in popular apps
Azure Blob Storage, AWS, and Twilio keys all up for grabs
Cybersecurity Month23 Oct 2024 | 17
WeChat devs introduced security flaws when they modded TLS, say researchers
No attacks possible, but enough issues to cause concern
Cybersecurity Month17 Oct 2024 | 15
WhatsApp may expose the OS you use to run it – which could expose you to crooks
Updated Meta knows messaging service creates persistent user IDs that have different qualities on each device
Research16 Oct 2024 | 16
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption
With an off-the-shelf D-Wave machine, but only against very short keys
Cybersecurity Month14 Oct 2024 | 22
INC ransomware rebrands to Lynx – same code, new name, still up to no good
Researchers point to evidence that scumbags visited the strategy boutique
Cybersecurity Month11 Oct 2024 | 9
Smart TVs are spying on everyone
Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change
Cybersecurity Month09 Oct 2024 | 127
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds
'You can build this in a few days – even as a very naïve developer'
Cybersecurity Month04 Oct 2024 | 114
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant
Exclusive Crooks 'like a sysadmin, with a malicious slant'
Cybersecurity Month03 Oct 2024 | 3
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great
Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline
Cybersecurity Month02 Oct 2024 | 7
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find
Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works
Security02 Oct 2024 | 9
Cloud threats have execs the most freaked out because they're not prepared
Ransomware? More like 'we don't care' for everyone but CISOs
Research30 Sep 2024 | 3
Biting the hand that feeds IT
