The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions. [...]
Cybercriminals lifted info including addresses, ID numbers, and financial records from agency systems A "significant amount of personal data" belonging to legal aid applicants dating back to 2010 in the UK was stolen by cybercriminals, the Ministry of Justice (MoJ) confirmed today.... [...]
In response to a FOIA request, the NSA released “ Fifty Years of Mathematical Cryptanalysis (1937-1987),” by Glenn F. Stahly, with a lot of redactions. Weirdly, this is the second time the NSA has declassified the document. John Young got a copy in 2019. This one has a few less …
Enormous org has been hit by ransomware again and again, on multiple fronts, over the past year Top cybersecurity officials within the UK government and the National Health Service (NHS) are asking CEOs of tech suppliers to pledge their allegiance to sound security by signing a public charter.... [...]
PLUS: Euro-cops take down investment scammers; Fancy Bear returns to Ukraine; and more Infosec In Brief The Alabama state government is investigating an unspecified "cybersecurity event" that it said has affected some state systems, but didn't involve the theft of citizen's personal info.... [...]
PLUS: South Korea signs for massive supercomputer; HCL gets into chipmaking; US tariffs slow APAC tech buying; and more Asia In Brief Chinese company Guoxing Aerospace last launched a dozen satellites, each packing a 744 TOPS of computing power, in the first step towards creating an orbiting constellation of …
Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks INTERVIEW The call came into the help desk at a large US retailer. An employee had been locked out of their corporate accounts.... [...]
ZKLP system allows apps to confirm user presence in a region without exposing exactly where Computer scientists from universities in Germany, Hong Kong, and the United Kingdom have proposed a way to provide verifiable claims about location data without surrendering privacy.... [...]
A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed. [...]
Phony LinkedIn recruitment ads? Groundbreaking Chinese government snoops - hiding behind the guise of fake consulting companies - are actively trying to recruit the thousands upon thousands of US federal employees who have been fired since President Trump took office.... [...]
Crooks must be licking their lips at the possibilities Uncle Sam's consumer watchdog has scrapped plans to implement Biden-era rules that would've treated certain data brokers as credit bureaus, forcing them to follow stricter laws when flogging Americans' sensitive data.... [...]
From Hackaday.com, this is a neural network simulation of a pet squid. Autonomous Behavior: The squid moves autonomously, making decisions based on his current state (hunger, sleepiness, etc.). Implements a vision cone for food detection, simulating realistic foraging behavior. Neural network can make decisions and form associations. Weights …
'We hope it makes attendees feel safe reporting violations' A Seattle court this week dismissed with prejudice the defamation case brought against DEF CON and its organizer Jeff Moss by former conference stalwart Christopher Hadnagy.... [...]
During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. [...]
For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer. [...]
Ransomware gang members increasingly use a new malware called Skitnet ("Bossnet") to perform stealthy post-exploitation activities on breached networks. [...]
This is a weird story : U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said. [...] Over the past nine months, undocumented …
The tech biz was in the process of dropping the payroll company as it learned of the breach EXCLUSIVE A ransomware attack at a Middle Eastern business partner of payroll company ADP has led to customer data theft at Broadcom, The Register has learned.... [...]
We suspect Philippe Salle will need it, not to mention staff and customers If at first you don't succeed, transform, transform, and transform again is the corporate motto at Atos these days. The lumbering French-based megacorp has created another blueprint to return to its glory days, and it includes …
Twelve more suspects were charged in a RICO conspiracy for their alleged involvement in the theft of over $230 million in cryptocurrency and laundering the funds using crypto exchanges and mixing services. [...]
AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason Sponsored feature From the written word through to gunpowder and email, whenever an enabling technology comes along, you can be sure someone will be ready to use it for evil. Most tech is dual-use …
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. [...]
They're smishing, they're vishing The FBI has warned that fraudsters are impersonating "senior US officials" using deepfakes as part of a major fraud campaign.... [...]
Entire process took less than five minutes, prosecutors say A former DoorDash driver has pleaded guilty to participating in a $2.59 million scheme that used fake accounts, insider access to reassign orders, and bogus delivery reports to trigger payouts for food that was never delivered.... [...]
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a …
Hackers are running a worldwide cyberespionage campaign dubbed 'RoundPress,' leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. [...]
The FBI warned that cybercriminals using AI-generated audio deepfakes to target U.S. officials in voice phishing attacks that started in April. [...]
Today’s businesses have a vital need to manage and, when appropriate, transfer cyber risk in their cloud environments — even with robust security measures in place. At Google Cloud Next last month, we unveiled significant advancements to our Risk Protection Program, an industry-first collaboration between Google and leading cyber …
DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon Interview The same miscreants behind recent cyberattacks on British retailers are now trying to dig their claws into major American retailers' IT environments – and in some cases even deploying ransomware, according to …
Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month. [...]
Expert tells us: 'It is the most unique breach disclosure I've ever seen' Coinbase says some of its overseas support staff were paid off to steal information on behalf of cybercriminals, and the company is now being extorted for $20 million.... [...]
On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox. [...]
Sometimes, less information is more In its latest gambit to reduce the noise of unnecessary security alerts, Socket has acquired Coana, a startup founded in 2022 by researchers from Aarhus University in Denmark that tells users which vulnerabilities they can safely ignore.... [...]
Tor has announced Oniux, a new command-line tool for routing any Linux application securely through the Tor network for anonymized network connections. [...]
Lessons learned from last year's security snafu interview Being the chief information security officer at Snowflake is never an easy job, but last spring it was especially challenging.... [...]
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. [...]
Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information. [...]
Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly exploited in decades past. XSS is short for cross-site scripting. Vulnerabilities result from programming errors found in webserver software …
On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of …
Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. [...]
Would you believe it, this RaaS cartel says Russia is off limits DragonForce, a new-ish ransomware-as-a-service operation, has given organizations another cyber threat to worry about — unless they’re in Russia, which is off limits to the would-be extortionists.... [...]
Financial services institutions (FSIs) are increasingly adopting AI technologies to drive innovation and improve customer experiences. However, this adoption brings new governance, risk, and compliance (GRC) considerations that organizations need to address. To help FSI customers navigate these challenges, AWS is excited to announce the launch of the AWS …
Ransomware or critical infra hit? Top US manufacturer maintains steely silence Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.... [...]
Google is rolling out a change to Chromium that "de-elevates" Google Chrome so it does not run as an administrator to increase security in Windows. [...]
Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. [...]
How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content Two decades ago, CVSS revolutionized vulnerability management, enabling security teams to speak a common language when measuring and prioritizing risks posed by the vulnerability to the affected asset. However, today, the same tool that once …
Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet insists the pushback had nothing to do with it …
Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. [...]
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns are linked to two mystery open source libraries which …
The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. [...]