Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. [...]

Attackers are mapping your infrastructure before you even realize what's exposed. Sprocket ASM flips the script — giving you the same recon capabilities they use, plus change detection and actionable insights to close gaps fast. See your attack surface the way hackers do and beat them to it. [...]

Law enforcement crackdowns are gathering pace but online marketplaces still teeming with valuable tokens A VPN vendor says billions of stolen cookies currently on sale either on dark web or Telegram-based marketplaces remain active and exploitable.... [...]

Victoria's Secret, the fashion giant, has taken down its website and some store services because of an ongoing security incident [...]

The only links are from The Daily Mail and The Mirror, but a marital affair was discovered because the cheater was recorded using his smart toothbrush at home when he was supposed to be at work. [...]

Sick of paying the US tech tax and relinquishing talent to other continents, politicians finally wake up The European Commission (EC) has kicked off a scheme to make Europe a better place to nurture global technology businesses, providing support throughout their lifecycle, from startup through to maturity.... [...]

Data broker giant LexisNexis Risk Solutions has revealed that unknown attackers stole the personal information of over 364,000 individuals in a December breach. [...]

Knickers outlet knackered Underwear retailer Victoria's Secret’s website has been down for three days, with the company blaming an unspecified security problem.... [...]

The financial sector is adept at balancing risk and opportunity. Adversarial AI is its next big challenge Partner content From the use of ATMs to online banking, the financial services sector has always been at the forefront of technology. Now, it's leading the charge in AI. In their third …

Thousands of home and small office routers manufactured by Asus are being infected with a stealthy backdoor that can survive reboots and firmware updates in an attack by a nation-state or another well-resourced threat actor, researchers said. The unknown attackers gain access to the devices by exploiting now-patched vulnerabilities …

A full conference pass is $1,099. Register today with the code flashsale150 to receive a limited time $150 discount, while supplies last. Join us in Philadelphia on June 16–18, 2025, for AWS re:Inforce, where you can enhance your skills and confidence in cloud security, compliance, identity …

The Chinese APT41 hacking group uses a new malware named 'ToughProgress' that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. [...]

A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. [...]

Data analytics and risk management biz says software dev platform breached, not itself LexisNexis Risk Solutions (LNRS) is the latest big-name organization to disclose a serious cyberattack leading to data theft, with the number of affected individuals pegged at 364,333.... [...]

The Interlock ransomware gang is deploying a previously undocumented remote access trojan (RAT) named NodeSnake against educational institutes for persistent access to corporate networks. [...]

Posted by Mateusz Jurczyk, Google Project Zero In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that …

Authorities in Pakistan have arrested 21 individuals accused of operating “ Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and …

Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. [...]

A sprawling network of fake AI, VPN, and crypto software download sites is being used by the "Dark Partner" threat actors to conduct a crypto theft attacks worldwide. [...]

The Czech Republic says the Chinese-backed APT31 hacking group was behind cyberattacks targeting the country's Ministry of Foreign Affairs and critical infrastructure organizations. [...]

The latest in a long line of techies to face Putin’s wrath A Russian programmer will face the next 14 years in a "strict-regime" (high-security) penal colony after a regional court ruled he leaked sensitive data to Ukraine.... [...]

Russia is proposing a rule that all foreigners in Moscow install a tracking app on their phones. Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence location Fingerprint Face photograph Real-time geo-location monitoring This isn …

Apple says it blocked over $9 billion in fraudulent App Store transactions over the last five years, with over $2 billion in potentially fraudulent sanctions prevented in 2024 alone. [...]

Poor password management is responsible for thousands of data breaches, but it doesn’t have to be this way. Sponsored feature The IT business likes to reinvent things as quickly as possible. Except passwords, that is. We've been using them since Roman times, only now they're digital. They're the …

SimpleHelp was the vector for the attack Updated DragonForce ransomware infected a managed service provider, and its customers, after attackers exploited security flaws in remote monitoring and management tool SimpleHelp.... [...]

Really strong USB ports make a difference too by reducing the need for motherboard replacements Computex Analysts rate Taiwan’s ASUS the world’s fifth most prolific PC-maker, but the company wants to climb the charts by targeting business buyers, according to Shawn Chang, Head of Go-To-Market for the …

Millions may fall for it - and end up with malware instead A group of miscreants tracked as UNC6032 is exploiting interest in AI video generators by planting malicious ads on social media platforms to steal credentials, credit card details, and other sensitive info, according to Mandiant.... [...]

Customers often tell me that they want a simpler path to meet the compliance and industry regulatory mandates they have in their geographic regions. In our deep engagements with partners and customers, we have learned that one of the greatest challenges for customers is the translation of security and …

The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. [...]

AWS Secrets Manager is a service that you can use to manage, retrieve, and rotate database credentials, application credentials, API keys, and other secrets throughout their lifecycles. You can use Secrets Manager to replace hard-coded credentials in application source code with a runtime call to the Secrets Manager service …

A full conference pass is $1,099. Register today with the code flashsale150 to receive a limited time $150 discount, while supplies last. From proof of concepts to large scale production deployments, the rapid advancement of generative AI has ushered in unique opportunities for innovation, but it also introduces …

An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. [...]

Dutch intel services, Microsoft go big-game hunting A previously unknown Kremlin-linked group has conducted cyber-espionage operations against Dutch police, NATO member states, Western tech companies, and other organizations of interest to the Russian government since at least April 2024, according to Dutch intelligence services and Microsoft.... [...]

A full conference pass is $1,099. Register today with the code flashsale150 to receive a limited time $150 discount, while supplies last. We’re counting down to AWS re:Inforce, our annual cloud security event! We are thrilled to invite security enthusiasts and builders to join us in …

Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters. [...]

Hackers take personal data bytes from the brand with three stripes Adidas is warning customers some of their data was stolen after an "unauthorized" person lifted it from a "third-party customer service provider."... [...]

MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. [...]

Commercial customers, STEM students all feeling the pain after mega outage of engineering data-analysis tool Software biz MathWorks is cleaning up a ransomware attack more than a week after it took down MATLAB, its flagship product used by more than five million people worldwide.... [...]

A previously unknown Russian-backed cyberespionage group now tracked as Laundry Bear has been linked to a September 2024 Dutch police security breach. [...]

One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are (often surreptitiously) owned by …

German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. [...]

PLUS: Interpol kills more malware; GoDaddy settles in awful infosec case; Giant stolen creds DB exposed Infosec In Brief Secrets of the Trump administration may have been exposed after a successful attack on messaging service TeleMessage, which has been used by some officials.... [...]

PLUS: Original emoji retired; Xiaomi's custom silicon; Pakistan dedicates 2,000 MW to AI and crypto Asia In Brief China last week approved rules that will see Beijing issue identity numbers that netizens can use as part of a federated identity scheme that will mean they can use one …

Glitch has announced it is ending app hosting and user profiles on July 8, 2025, responding to changing market dynamics and extensive abuse problems that have raised operational costs. [...]

Michael Daniel also thinks Uncle Sam should increase help to orgs hit by ransomware INTERVIEW Uncle Sam's cybersecurity apparatus can't only focus on China and other nation-state actors, but also has to fight the much bigger damage from plain old cybercrime, says former White House advisor Michael Daniel. And …

The Bumblebee malware SEO poisoning campaign uncovered earlier this week aimpersonating RVTools is using more typosquatting domainsi mimicking other popular open-source projects to infect devices used by IT staff. [...]

The original leak site that never sold out, never surrendered Obituary John Young, the co-founder of the legendary internet archive Cryptome, died at the age of 89 on March 28. The Register talked to friends and peers who gave tribute to a bright, pugnacious man who was devoted to …

Interesting story : USS Stein was underway when her anti-submarine sonar gear suddenly stopped working. On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome’s rubber “NOFOUL” coating. In some areas, the coating was described as being shredded, with …

The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a …

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a to-do list” that eliminates the burden of “wading through weeks of commits.” What these companies don’t say is that these …