Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. [...]

Let's Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities. [...]

Watch out for supply chain hacks especially interview The ceasefire between Iran and Israel may prevent the two countries from firing missiles at each other, but it won't carry any weight in cyberspace, according to former NATO hacker Candan Bolukbas.... [...]

Taking advantage of the ridiculously complex US healthcare billing system Criminals masquerading as insurers are tricking patients and healthcare providers into handing over medical records and bank account information via emails and text messages, according to the FBI.... [...]

Tips on what to do if you find a mop of squid eggs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. [...]

Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors [...]

Getting it in might mean re-racking the entire datacenter and rebuilding the network, though Cisco is talking up the integration of security into network infrastructure such as its latest Catalyst switches, claiming this is vital to AI applications, and in particular the current vogue for "agentic AI."... [...]

'No impact on safety,' FAA tells The Reg update Hawaiian Airlines said a "cybersecurity incident" affected some of its IT systems, but noted that flights are operating as scheduled. At least one researcher believes Scattered Spider, which previously targeted retailers and insurance companies, could be to blame.... [...]

In today's cloud landscape, safeguarding your cloud environment requires bolstering your Identity and Access Management (IAM) approach with more than allow policies and the principle of least privilege. To bolster your defenses, we offer a powerful tool: IAM Deny Policies. Relying only on IAM Allow policies leaves room for …

Pen Test Partners hijack data from Renault Clio to steer, brake, and accelerate in SuperTuxKart Cybersecurity nerds figured out a way to make those at-home racing simulators even more realistic by turning an actual car into a game controller.... [...]

A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. [...]

Finance, health, and national identification details compromised Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove.... [...]

We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity …

Ahold Delhaize, one of the world's largest food retail chains, is notifying over 2.2 million individuals that their personal, financial, and health information was stolen in a November ransomware attack that impacted its U.S. systems. [...]

American grocery wholesale giant United Natural Foods (UNFI) reports that it has restored its core systems and brought online the electronic ordering and invoicing systems affected by a cyberattack. [...]

Hawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems. [...]

Hackers are exploiting a maximum-severity vulnerability that has the potential to give them complete control over thousands of servers, many of which handle mission-critical tasks inside data centers, the US Cybersecurity and Infrastructure Security Agency is warning. The vulnerability, carrying a severity rating of 10 out of a possible …

Pro tip: Don't use your personal email account on BreachForums The notorious data thief known as IntelBroker allegedly broke into computer systems belonging to more than 40 victims worldwide and stole their data, costing them at least $25 million in damages, according to newly unsealed court documents that also …

Czech researcher lays out a business case for reducing reliance on Redmond Comment A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations – a viewpoint unlikely to win favor with Redmond or its millions of corporate customers.... [...]

A total of 689 printer models from Brother, along with 53 other models from Fujifilm, Toshiba, and Konica Minolta, come with a default administrator password that remote attackers can generate. Even worse, there is no way to fix the flaw via firmware in existing printers. [...]

A 10.0 and a 9.8 – these aren’t patches to dwell on Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems.... [...]

New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University's systems on multiple occasions, starting with a scheme to obtain cheaper parking. [...]

Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). [...]

A Kansas City man has pleaded guilty to hacking multiple organizations to advertise his cybersecurity services, the U.S. Department of Justice announced on Wednesday. [...]

Scattered Spider recently pivoted from targeting worldwide retailers to U.S. based insurance firms, with no signs of slowing down. Learn about Scattered Spider TTPs and how to defend your organization against MFA bypass, help desk scams, and more. [...]

An ongoing phishing campaign abuses a little‐known feature in Microsoft 365 called "Direct Send" to evade detection by email security and steal credentials. [...]

Nothing confirmed but authority is operating under the assumption that data has been stolen A cyberattack on Glasgow City Council is causing massive disruption with a slew of its digital services unavailable.... [...]

Pathology outage caused by Synnovis breach linked to harm across dozens of healthcare facilities The NHS says Qilin's ransomware attack on pathology services provider Synnovis last year led to the death of a patient.... [...]

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security …

Aircraft meant to bolster NATO deterrent will rely on allied support to stay airborne The UK government is to buy 12 F-35A fighters capable of carrying nuclear weapons as part of the NATO deterrent, but there's a snag: the new jets are incompatible with the RAF's refueling tanker aircraft …

CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation. [...]

Privacy campaigner brands Iceland's use of 'Orwellian' camera tech 'chilling,' CEO responds: 'It'll cut violent crime' Privacy campaigners are branding frozen food retailer Iceland's decision to trial facial recognition technology (FRT) at several stores "chilling" – the UK supermarket chain says it's deploying the cameras to cut down on crime …

Charming Kitten unsheathes its claws and tries to catch credentials The cyber-ops arm of Iran's Islamic Revolutionary Guard Corps has started a spear-phishing campaign intent on stealing credentials from Israeli journalists, cybersecurity experts, and computer science professors from leading Israeli universities.... [...]

A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages. [...]

A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages. [...]

Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's Authenticode signature. [...]

Two emergency patches issued in two weeks Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an emergency patch for yet another super-serious flaw in the same products …

A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft's ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. [...]

Ubuntu users could see up to a 20 percent boost in graphics performance on Intel-based systems under a change that will turn off security mitigations for blunting a class of attacks known as Spectre. Spectre, you may recall, came to public notice in 2018. Spectre attacks are based on …

A new wave of North Korea's 'Contagious Interview' campaign is targeting job seekers with malicious npm packages that infect dev's devices with infostealers and backdoors. [...]

It's meant to cut down on false positives but could be a trove for mischief-makers Ring doorbells and cameras are using AI to "learn the routines of your residence," via a new feature called Video Descriptions.... [...]

We are excited to announce that Google has been named a Strong Performer in The Forrester WaveTM: Security Analytics Platforms, Q2 2025, in our first year of participation. The report acknowledges Google Cloud’s vision which relies heavily on Mandiant’s roots in threat-intelligence-driven security operations, which are evident …

A bottomless appetite for tracking people as 'objects' A new study shows academic computer vision papers feeding surveillance-enabling patents jumped more than fivefold from the 1990s to the 2010s.... [...]

Who is the third party that does the thing in our thing? Yep. Attacks explode over past year The vast majority of global businesses are handling at least one material supply chain attack per year, but very few are doing enough to counter the growing threat.... [...]

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. [...]

WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. [...]

A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices. [...]

As organizations build new generative AI applications and AI agents to automate business workflows, security and risk management management leaders face a new set of governance challenges. The complex, often opaque nature of AI models and agents, coupled with their reliance on vast datasets and potential for autonomous action …

Twentysomethings claimed to be linked to spate of high-profile cybercrimes The Paris police force's cybercrime brigade (BL2C) has arrested a further four men as part of a long-running investigation into the criminals behind BreachForums.... [...]

The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions. [...]