Travel biz tells customers to change passwords beyond its own services Eurail has confirmed customer information was stolen in a data breach, according to notification emails sent out this week.... [...]
U-turn leaves questions on costs, funding, and benefits unanswered The UK government has backed down from making digital ID mandatory for proof of a right to work in the country, adding to confusion over the scheme's cost and purpose.... [...]
Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. [...]
The Department of Education in Victoria, Australia, notified parents that attackers gained access to a database containing the personal information of current and former students. [...]
Endesa says payment info stolen after alleged crook boasted of 1 TB-plus haul Spanish energy giant Endesa is warning customers about a data breach after a cybercrim claimed to have walked off with a vast cache of personal information allegedly tied to more than 20 million people.... [...]
Monroe University revealed that threat actors stole the personal, financial, and health information of over 320,000 people after breaching its systems in a December 2024 cyberattack. [...]
AI upstart also upscales its Labs to find the next frontier The Python Software Foundation (PSF) has an extra $1.5 million heading its way, after AI upstart Anthropic entered into a partnership aimed at improving security in the Python ecosystem.... [...]
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January’s Microsoft zero-day …
First Patch Tuesday of 2026 goes big Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack.... [...]
Officials of Ukraine's Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. [...]
A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures. [...]
Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers. The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to …
The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes automatically when a …
A data breach last year at Central Maine Healthcare (CMH) exposed sensitive information of more than 145,000 individuals. [...]
Belgian hospital AZ Monica was forced to shut down all servers, cancel scheduled procedures, and transfer critical patients earlier today due to a cyberattack. [...]
Microsoft has started rolling out new Secure Boot certificates that will automatically install on eligible Windows 11 24H2 and 25H2 systems. [...]
Microsoft has released the KB5073724 extended security update to fix the Patch Tuesday security updates, including 3 zero-days and a fix for expiring Secure Boot certificates. [...]
Today is Microsoft's January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. [...]
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services …
Forrester models slow, structural shift rather than sudden employment collapse AI-pocalypse AI and automation could wipe out 6.1 percent of jobs in the US by 2030 – equating to 10.4 million fewer positions that are held by humans today.... [...]
U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers. [...]
Scammers are flooding LinkedIn posts with fake "reply" comments that appear to come from the platform, warning of bogus policy violations and urging users to click external links. Some even abuse LinkedIn's official lnkd.in shortener, making the phishing attempts harder to spot. [...]
33-year-old was under surveillance for some time before returning home from the UAE Dutch police believe they have arrested a man behind the AVCheck online platform - a service used by cybercrims that Operation Endgame shuttered in May.... [...]
Multiple current and former Target employees confirmed that leaked source code samples posted by a threat actor match real internal systems. The company also rolled out an "accelerated" lockdown of its Git server, requiring VPN access, a day after being contacted by BleepingComputer. [...]
Git server flaw that attackers have been abusing for months has now caught the attention of US cyber cops CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the self-hosted Git service was added to its Known Exploited Vulnerabilities …
AuraInspector automates the most common abuses and generates fixes for customers Mandiant has released an open source tool to help Salesforce admins detect misconfigurations that could expose sensitive data.... [...]
Dutchman fails to convince judges his trial was unfair because cops read his encrypted chats A Dutch appeals court has kept a seven-year prison sentence in place for a man who hacked port IT systems with malware-stuffed USB sticks to help cocaine smugglers move containers, brushing off claims that …
Forty years ago, The Mentor— Loyd Blankenship —published “ The Conscience of a Hacker ” in Phrack. You bet your ass we’re all alike... we’ve been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and …
Project Nightfall aims to deliver a UK-built long-range strike capability at speed The British government is asking defense firms to rapidly produce a new ground-launched ballistic missile to aid Ukraine's fight against Russia - hardware that might also be adopted by UK's armed forces in future.... [...]
Government is fed up with bad actors using digi-cash to fund dodgy deeds India’s government has updated the regulations it imposes on cryptocurrency services providers, as part of its efforts to combat fraud, money laundering, and terrorism.... [...]
Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia …
The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. [...]
In SEC filings, Fortinet and Palo Alto show shrinking product margins taking hold. PCs and datacenters aren't the only devices that need DRAM. The global memory shortage is roiling the cybersecurity market, with the cost of firewalls expected to balloon and hit both customers and vendors in the pocketbook …
Gang members 'systematically exploited children and young people,' cops say A 21-year-old Swedish man accused of being a key organizer of violence-as-a-service linked to the Foxtrot criminal network, which police say has recruited and exploited minors, has been arrested in Iraq.... [...]
Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials. [...]
CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. [...]
Apex Legends players over the weekend experienced disruptions during live matches as threat actors hijacked their characters, disconnected them, and changed their nicknames. [...]
University of Hawaii says a ransomware gang breached its Cancer Center in August 2025, stealing data of study participants, including documents from the 1990s containing Social Security numbers. [...]
Survey finds security checks nearly doubled in a year as leaders wise up The number of organizations that have implemented methods for identifying security risks in the AI tools they use has almost doubled in the space of a year.... [...]
Hackers are claiming to be selling internal source code belonging to Target Corporation, after publishing what appears to be a sample of stolen code repositories on a public software development platform. After BleepingComputer notified Target, the files were taken offline and the retailer's developer Git server was inaccessible. [...]
Agents must be 'safer and better than humans,' James Nettesheim tells The Reg exclusive When it comes to security, AI agents are like self-driving cars, according to Block Chief Information Security Officer James Nettesheim.... [...]
A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add warnings to proxy links after researchers demonstrated that such one-click …
Spanish energy provider Endesa and its Energía XXI operator are notifying customers that hackers accessed the company's systems and accessed contract-related information, which includes personal details. [...]
Microsoft 365 has made file sharing effortless, but that convenience often leaves organizations with little visibility into who can access sensitive data. Tenfold explains how access reviews for shared cloud content can help organizations regain visibility, reduce unnecessary permissions, and prevent data leaks in Microsoft 365. [...]
Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare." [...]
Website built around buying and selling stolen data has lost control of its own Updated BreachForums, the serially resurrected cybercrime marketplace, has tripped over itself after a data breach spilled details tied to about 324,000 user accounts.... [...]
Tech minister Liz Kendall says the government will back a robust regulatory response Ofcom is investigating X over potential violations of the Online Safety Act, Britian's comms watchdog has confirmed.... [...]
Fascinating research: Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs. Abstract LLMs are useful because they generalize so well. But can you have too much of a good thing? We show that a small amount of finetuning in narrow contexts can dramatically shift behavior outside those contexts …
Opposition leader Kemi Badenoch pitches age limits and classroom curbs as fixes for behavior and mental health The Tories have pledged to kick under-16s off social media, betting that banning teens from TikTok and Instagram will fix what they see as a growing crisis in kids' mental health and …
Says ongoing talks about security are about understanding best practice, not strong-arming vendors India’s government has denied that it is working on rules that would require smartphone manufacturers to provide access to their source code.... [...]