Plus, PAN under attack, IT whistleblowers get a payout, and China kills online scammers Infosec in brief On August 29, the US Federal Emergency Management Agency fired its CISO, CIO, and 22 other staff for incompetence but insisted it wasn't in response to an online attack. New material suggests …
Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]
Researchers monitoring for larger.ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. [...]
Hackers are more likely to target educational institutions than private businesses, government survey shows When hackers attacked UK nurseries last month and published children’s data online, they were accused of hitting a new low. But the broader education sector is well used to being a target. Continue reading …
ParkMobile has finally wrapped up a class action lawsuit over the platform's 2021 data breach that hit 22 million users. But there's a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it comes with an expiration date. [...]
United States immigration authorities are moving to dramatically expand their social media surveillance, with plans to hire nearly 30 contractors to sift through posts, photos, and messages—raw material to be transformed into intelligence for deportation raids and arrests. Federal contracting records reviewed by WIRED show that the agency …
Article. Report. [...]
Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing threats. [...]
Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was compromised following a data breach at a third-party provider. [...]
Japanese beer-making giant Asahi has disclosed today that a ransomware attack caused the IT disruptions that forced it to shut down factories this week. [...]
An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. [...]
A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. [...]
Boards want answers on AI: Where is it used? What risks does it create? How is it governed? Keep Aware released a free template to help CISOs present GenAI adoption, risk, exposure & controls clearly to leadership. [...]
Cupertino yanks ICEBlock citing safety risks for law enforcement Apple has deep-sixed an app that tracks the movements of US Immigration and Customs Enforcement (ICE) agents – apparently bowing to government pressure.... [...]
Overnight shutdown leaves thousands stuck as Oktoberfest crowds stretch city security Munich Airport was temporarily closed last night following reports of drones buzzing around the area.... [...]
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. [...]
Even spy-tech biz Palantir says 'steady on' as 2.76M Brits demand it be ditched The British government has finally given more details about the proposed digital ID project, directly responding to the 2.76 million naysayers that signed an online petition calling for it to be ditched.... [...]
Researchers suggest internet-facing portals are exposing 'thousands' of orgs Oracle has finally broken its silence on those Clop-linked extortion emails, but only to tell customers what they already should have known: patch your damn systems.... [...]
Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. [...]
Names, numbers, and reg plates exposed in latest auto industry cyber-shunt Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.... [...]
Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. [...]
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. [...]
Software maker Kodex said its domain registrar fell for a fraudulent legal order A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after attackers socially engineered AWS into freezing its domain.... [...]
Building on top of open source packages can help accelerate development. By using common libraries and modules from npm, PyPI, Maven Central, NuGet, and others, teams can focus on writing code that is unique to their situation. These open source package registries host millions of packages that are integrated …
His conclusion : Context wins Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest. And if …
Bug bounty platform HackerOne announced that it paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months. [...]
Extortion emails name-drop Big Red's E-Business Suite, though Google and Mandiant yet to find proof of any breach Criminals with potential links to the notorious Clop ransomware mob are bombarding Oracle execs with extortion emails, claiming to have stolen sensitive data from Big Red's E-Business Suite, according to researchers …
Experts say Commission is ‘fanning the flames’ of the continent’s own Watergate An arsenal of angry European Parliament members (MEPs) is demanding answers from senior commissioners about why EU subsidies are ending up in the pockets of spyware companies.... [...]
570GB of data claimed to be stolen by the Crimson Collective A hacking crew claims to have broken into Red Hat's private GitHub repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers.... [...]
Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said. The routers, manufactured by China-based Milesight IoT Co., Ltd., are rugged Internet of Things devices that use cellular networks to connect traffic lights …
A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers. [...]
Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. [...]
The longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register The US government shut down at 1201 ET on October 1, halting non-essential IT modernization and leaving cybersecurity operations to run on skeleton crews.... [...]
Who wouldn't want root access on cluster master nodes? A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt services, and fully hijack the platform.... [...]
A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. [...]
Uncle Sam can't quit Redmond Exclusive The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.... [...]
F-Droid is warning that the project could reach an end due to Google's new requirements for all Android developers to verify their identity. [...]
Canadian airline WestJet is informing customers that the cyberattack disclosed in June compromised the personal information of 1.2 million customers, including passports and ID documents. [...]
Google has begun rolling out a new AI-powered security feature for Google Drive desktop, which will automatically pause file syncing when it detects a ransomware attack to minimize impact. [...]
Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted. [...]
CISA says microsegmentation isn't optional—it's foundational to Zero Trust. But legacy methods make it slow & complex. Learn from Zero Networks how modern, automated, agentless approaches make containment practical for every org. [...]
Allianz Life and WestJet lead the way, along with a niche software shop A trio of companies disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America.... [...]
Only 15% considering deployments and just 7% say it'll replace humans in next four years Enterprises aren't keen on letting autonomous agents take the wheel amid fears over trust and security as research once again shows that AI hype is crashing against the rocks of reality.... [...]
New report: “ Scam GPT: GenAI and the Automation of Fraud.” This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception …
ICO investigation into platform's lack of age assurance continues The UK's data watchdog has described Imgur's move to block UK users as "a commercial decision" after signaling plans to fine parent company MediaLab.... [...]
Politico avoids the topic at Labour conference speech, homes in on AI instead UK prime minister Keir Starmer avoided mentioning the mandatory digital ID scheme in his keynote speech to the Labour Party conference amid calls for him to put meat on the bones of the plans or risk …
Coursework 'gone forever' as 10% report critical damage Schools and colleges hit by cyberattacks are taking longer to restore their networks — and the consequences are severe, with students' coursework being permanently lost in some cases.... [...]
‘Phantom Taurus’ created custom malware to hunt secrets across Asia, Africa, and the Middle East Threat-hunters at Palo Alto Networks’ Unit 42 have decided a gang they spotted two years ago is backed by China, after seeing it sling a new variety of malware.... [...]
It's not just big tech anymore The North Korean IT worker threat extends well beyond tech companies, with fraudsters interviewing at a "surprising" number of healthcare orgs, according to Okta Threat Intelligence.... [...]
Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy Tile Bluetooth trackers leak identifying data in plain text, giving stalkers an easy way to track victims despite Life360's security promises, a group of Georgia Tech researchers warns.... [...]