Nice short article on the bobtail squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. [...]

Health details, tax ID numbers, even images of checks were stolen, reportedly by the Interlock gang Ransomware scum breached kidney dialysis firm Davita's labs database in April and stole about 2.4 million people's personal and health-related information.... [...]

This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. (It’s not a real sabbatical—I’m just an adjunct—but it’s the same idea.) I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the …

The Pakistani APT36 cyberspies are using Linux.desktop files to load malware in new attacks against government and defense entities in India. [...]

The attack first affected an upstream provider of bespoke software Exclusive A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company.... [...]

A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. [...]

ClickFix tricks Microsoft's security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity.... [...]

Crypto mines, BEC scams, fake passports, and a $300M fraud empire allegedly brought down during Serengeti 2.0 Interpol's latest clampdown on cybercrime resulted in 1,209 arrests across the African continent, from ransomware crooks to business email compromise (BEC) scammers, the agency says.... [...]

Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a “Magna Carta for the Web” to restore the balance of power between individuals and institutions. This mirrors the original charter’s purpose: ensuring that those who occupy a territory …

Law enforcement authorities in Africa have arrested over 1,200 suspects as part of 'Operation Serengeti 2.0,' an INTERPOL-led international crackdown targeting cross-border cybercriminal gangs. [...]

Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals. [...]

Pro tip: When taking revenge, don't use your real name A US court sentenced a former developer at power management biz Eaton to four years in prison after he installed malware on the company’s servers.... [...]

A software developer has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with custom malware and a kill switch that locked out employees when his account was disabled. [...]

Because savvy terrorists always use public internet services to plan their mischief, right? Anthropic says it has scanned an undisclosed portion of conversations with its Claude AI model to catch concerning inquiries about nuclear weapons.... [...]

Better late than never after SharePoint assault? Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program.... [...]

Underground forums now recruiting English-speaking social engineers English speakers adept at social engineering are a hot commodity in the cybercrime job market.... [...]

Google’s Gemini-powered tools tripped up by image-scaling prompt injection Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge for machine learning systems.... [...]

UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files. [...]

Bill would let US President commission white hat hackers to go after foreign threats, seize assets on the online seas It's been more than 200 years since the United States issued a letter of marque allowing privateers to attack the vessels of foreign nations, but those letters may return …

Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists. [...]

Everything a criminal needs for targeted attacks exposed, but telco insists 'no critical data compromised' A significant data theft at Orange Belgium has opened hundreds of thousands of its customers to serious cybersecurity risks.... [...]

From hybrid cloud to AI, IT complexity and security risks are accelerating. Certified VMware pros bring clarity and resilience that keep teams ahead. See why CIOs are making certification a workforce strategy with VMUG. [...]

Feds say Mirai-spawned botnet blasted 370K attacks before AWS and pals helped yank its servers RapperBot, a botnet-for-hire blamed for hundreds of thousands of DDoS attacks, has been yanked offline by the Feds, who also hauled in its alleged Oregon-based mastermind.... [...]

Another 'extremely sophisticated' exploit chewing at Cupertino's walled garden Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.... [...]

The Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia's Federal Security Service (FSB) are targeting critical infrastructure organizations in attacks exploiting a 7-year-old vulnerability in Cisco devices. [...]

Worried about your data? No probs, says firm, we'll check the dark web crims' list for you! Yes really A week after its services were disrupted by a cyberattack, UK telco Colt Technology Services has gone back on its initial statement to confirm that data has indeed been stolen …

Researcher claims extension didn't start out by exfiltrating info... while dev says its actions are 'compliant' Security boffins at Koi Security have warned of a shift in behavior of a popular Chrome VPN extension, FreeVPN.One, which recently appears to have begun snaffling screenshots of users' page activity and …

Well, this is interesting: The auction, which will include other items related to cryptology, will be held Nov. 20. RR Auction, the company arranging the sale, estimates a winning bid between $300,000 and $500,000. Along with the original handwritten plain text of K4 and other papers related …

One fetcher bot seen smacking a website with 39,000 requests per minute Updated Cloud services giant Fastly has released a report claiming AI crawlers are putting a heavy load on the open web, slurping up sites at a rate that accounts for 80 percent of all AI bot …

Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April. [...]

Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers. [...]

Great Firewall took out all traffic to port 443 at a time Beijing didn't have an obvious need to keep its netizens in the dark China cut itself off from much of the global internet for just over an hour on Wednesday.... [...]

A 20-year-old Florida man at the center of a prolific cybercrime group known as “ Scattered Spider ” was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to …

Redmond doesn't bother informing customers about some security fixes UPDATED Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.... [...]

Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. [...]

Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.... [...]

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack." [...]

Snarfing up config files for 'thousands' of devices...just for giggles, we're sure The FBI and security researchers today warned that Russian government spies exploited a seven-year-old bug in end-of-life Cisco networking devices to snoop around in American critical infrastructure networks and collect information on industrial systems.... [...]

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet. [...]

Researchers disclosing their findings said 'it's as bad as it sounds' Researchers at watchTowr just published working proof-of-concept exploits for two unauthenticated remote code execution bug chains in backup giant Commvault.... [...]

iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.... [...]

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. [...]

As organizations increase their focus on security and regulatory compliance, Google Cloud is helping our customers meet these obligations by fostering better collaboration between security and compliance teams, and the wider organization they serve. To help simplify and enhance how organizations manage security, privacy, and compliance in the cloud …

In the age of data democratization and generative AI, the way organizations handle data has changed dramatically. This evolution creates opportunities — and security risks. The challenge for security teams isn't just about protecting data; it's about scaling security and compliance to meet this new reality. While traditional security controls …

Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. [...]

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. [...]

Email security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it's time for an "EDR for email" mindset: visibility, post-compromise controls, and SaaS-wide protection. [...]

In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out corrective actions …

Burger slinger gets a McRibbing, reacts by firing staffer who helped A white-hat hacker has discovered a series of critical flaws in McDonald's staff and partner portals that allowed anyone to order free food online, get admin rights to the burger slinger's marketing materials, and could allow an attacker …

Reconfigure local app settings via a 'simple' POST request A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people's personal computers, spy on their local chats, and even control the models the victim's app talks …