'Sustained focus on Western critical infrastructure' Russia's Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin's snoops persistent access to sensitive networks, according to Amazon's security boss.... [...]
Google is discontinuing its "dark web report" security tool, stating that it wants to focus on other tools it believes are more helpful. [...]
Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. [...]
A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. [...]
Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. [...]
Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in …
AWS incident response operates around the clock to protect our customers, the AWS Cloud, and the AWS global infrastructure. Through that work, we learn from a variety of issues and spot unique trends. Over the past few months, high-profile software supply chain threat campaigns involving third party software repositories …
As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined …
Users accessing the SoundCloud audio streaming platform through a virtual private network (VPN) connection are denied access to the service and see a 403 'forbidden' error. [...]
Who hasn't exploited this max-severity flaw? At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking React2Shell, a maximum-severity flaw in the widely used React JavaScript library, according to Google.... [...]
700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident. [...]
Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing trends and what security teams must know as identity-based attacks continue to evolve in 2026. [...]
Watchdog links schedule change to replanning of UK payments system overhaul The European Central Bank's (ECB) decision to delay its move to a new messaging standard in 2022 ended up costing the Bank of England £23 million as it was forced to adjust migration to a new settlement system …
Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. [...]
Automaker admits raid that crippled its factories in August led to the theft of sensitive info Jaguar Land Rover (JLR) has reportedly told staff the cyber raid that crippled its operations in August didn't just bring production to a screeching halt – it also walked off with the personal payroll …
Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill. Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to regulate artificial intelligence …
The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers. [...]
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse Apple and Google have both issued emergency patches after zero-day bugs were caught being actively exploited in what the companies describe as "sophisticated" real-world attacks.... [...]
Minister insists 'modest' bill is not an assault on privacy-preserving tech The Danish government wants the public to weigh in on its proposed laws restricting use of VPNs to access certain corners of the internet.... [...]
I'm dreaming of a white hat mass Opinion It was 40 years ago that four young British hackers set about changing the law, although they didn't know it at the time. It was a cross-platform attack including a ZX Spectrum, a BBC Micro, and a Tatung Einstein slamming British …
PLUS: Drugs found in ink cartridges; Censorship fighters criticize Vultr; Coupang CEO resigns; And more! Asia In Brief A SpaceX executive has claimed that a Chinese satellite launch came within 200 meters of hitting a Starlink satellite.... [...]
PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more Infosec In Brief The UK's National Cyber Security Centre (NCSC) has found that cyber-deception tactics such as honeypots and decoy accounts designed to fool attackers can be useful if implemented …
This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, at 6:00 PM CT on February 5, 2026. Details to come. I’m speaking at Capricon 44 in Chicago …
An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. [...]
The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. [...]
Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals. [...]
Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release …
I have no context for this video —it’s from Reddit—but one of the commenters adds some context: Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting. With so many people carrying around cameras, we’re getting more videos of giant squid at …
Modern web applications built on Amazon Web Services (AWS) often span multiple services to deliver scalable, performant solutions. However, customers encounter challenges when implementing a cohesive HTTP Strict Transport Security (HSTS) strategy across these distributed architectures. Customers face fragmented security implementation challenges because different AWS services require distinct approaches …
A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. [...]
And the earlier React2Shell patch is vulnerable If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it …
Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images showed that these images were …
A fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. [...]
At Amazon Web Services (AWS), we continue to invest in and deliver digital sovereignty solutions to help customers meet their most sensitive workload requirements. To address the regulatory and digital sovereignty needs of public sector and regulated industry customers, we launched AWS Dedicated Local Zones in 2023, with the …
Welcome to the first Cloud CISO Perspectives for December 2025. Today, Francis deSouza, COO and president, Security Products, Google Cloud, shares our Cybersecurity Forecast report for the coming year, with additional insights from our Office of the CISO colleagues. As with all Cloud CISO Perspectives, the contents of this …
Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support. [...]
When official systems can't support everyday workflows, employees turn to spreadsheets — creating "shadow spreadsheets" that circulate unchecked. Grist shows how these spreadsheets expose sensitive data, create version sprawl, and remove the audit trails security teams depend on. [...]
Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.... [...]
Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.... [...]
Rights groups say digital-only record is leaking data and courting trouble Civil society groups are urging the UK's data watchdog to investigate whether the Home Office's digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and design failures that are exposing sensitive personal information while …
The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about …
Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling.... [...]
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. [...]
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. [...]
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. [...]
Judge said his fraud was on 'epic, generational scale' Terraform Labs founder Do Kwon will spend 15 years in jail after pleading guilty to committing fraud.... [...]
At Amazon Web Services, we’re committed to deeply understanding the evolving needs of both our customers and regulators, and rapidly adapting and innovating to meet them. The upcoming AWS European Sovereign Cloud will be a new independent cloud for Europe, designed to give public sector organizations and customers …
Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and sharing. [...]
Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages. [...]