Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. [...]
A Chinese company has developed an AI-piloted submersible that can reach speeds “similar to a destroyer or a US Navy torpedo,” dive “up to 60 metres underwater,” and “remain static for more than a month, like the stealth capabilities of a nuclear submarine.” In case you’re worried about …
Lead dev likens flood to 'effectively being DDoSed' Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated "slop" bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers' time.... [...]
Prime Minister bemoans bullying, addiction, and inappropriate content – but isn’t planning a rapid vote New Zealand’s government has signaled its support for a bill to ban social media for children under 16, but without explicitly making it a government initiative.... [...]
A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. The verdict, reached Tuesday, comes as a major victory not just for Meta-owned WhatsApp but also …
Don't f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure communications.... [...]
What was the plan, showing her his big iron? A now-former manager at Computacenter claims he was unfairly fired after alerting management that a colleague was repeatedly giving his girlfriend unauthorized access to Deutsche Bank's server rooms.... [...]
(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its "outdated" software procurement systems, and insists it's putting security at the forefront of decision-making processes.... [...]
A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. [...]
Government agencies face an unprecedented challenge when designing security against unauthorized access to IT infrastructure and data. Traditional perimeter-based security models—which rely on the assumption of trust within an organization’s network boundaries—are no longer sufficient. The wide adoption of bring-your-own-device (BYOD) and cloud-based resources requires adopting …
Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. [...]
The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. [...]
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. [...]
You can't protect what you can't see. From shadow IT to supplier risk, modern attack surfaces are sprawling fast — and External Attack Surface Management (EASM) is how security teams take back control. Learn from Outpost24 how EASM powers proactive digital risk protection. [...]
Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability. [...]
Reporting on the rise of fake students enrolling in community college courses: The bots’ goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out. They often accomplish this by submitting AI-generated work …
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. [...]
A California man has pleaded guilty to hacking an employee of The Walt Disney Company by tricking the person into running a malicious version of a widely used open source AI image generation tool. Ryan Mitchell Kramer, 25, pleaded guilty to one count of accessing a computer and obtaining …
Because who needs cybersecurity when there’s culture wars to win President Trump's dream 2026 budget would gut the US govt's Cybersecurity and Infrastructure Security Agency, aka CISA, by $491 million - about 17 percent – and accuses the organization of abandoning its core mission in favor of policing online speech …
The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. [...]
A messaging service used by former National Security Advisor Mike Waltz has temporarily shut down while the company investigates an apparent hack. The messaging app is used to access and archive Signal messages, but is not made by Signal itself. 404 Media reported yesterday that a hacker stole data …
No, really? That's a shocking surprise An unidentified miscreant is said to have obtained US government communications from TeleMessage, a messaging and archiving app based on the open-source Signal app and used by ousted national security advisor Michael Waltz.... [...]
A new "Bring Your Own Installer" EDR bypass technique is exploited in attacks to bypass SentinelOne's tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. [...]
Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. [...]
TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked. [...]
Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment card information and other sensitive data, security researchers said Monday. The infections are the result of a supply-chain …
The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide. [...]
Deepfakes are now mimicking heartbeats In a nutshell Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats. The assumption that deepfakes lack physiological signals, such as heart rate …
Following three high-profile cyberattacks impacting major UK retailers, the country's National Cyber Security Centre (NCSC) has published guidance that all companies are advised to follow to strengthen their cybersecurity defenses. [...]
Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures US President Donald Trump has said TikTok will be “very strongly protected” as the made-in-China social network has “a warm spot in my heart”.... [...]
PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! Asia in brief India’s ambition to become a global semiconductor manufacturing player went backwards last week after two big players changed their plans.... [...]
PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more! Infosec In Brief Microsoft has decided to push its consumer customers to dump password in favor of passkeys.... [...]
With North Korean IT workers storming the gates, too RSAC Another RSA Conference has come and gone, with almost 44,000 attendees this year spread across San Francisco's Moscone Center and the surrounding facilities, according to event organizers.... [...]
With North Korean IT workers storming the gates, too RSAC Another RSAC has come and gone, with almost 44,000 attendees this year spread across San Francisco's Moscone Center and the surrounding facilities, according to conference organizers. Hopefully, all of us made it home safely, didn't get deported to …
The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. [...]
El Reg checks out shop in SF On Thursday, six stores across America opened their doors with a curious proposition: Come on in, let a metal orb scan your irises, and walk out with a new online profile that promises you're an individual human – and a few bucks in …
Microsoft has announced that it will discontinue the password storage and autofill feature in the Authenticator app starting in July and will complete the deprecation in August 2025. [...]
The small pyjama squid ( Sepioloidea lineolata ) produces toxic slime, “a rare example of a poisonous predatory mollusc.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. [...]
Microsoft says it’s making passwordless logins the default means for signing in to new accounts, as the company helps drive an industry-wide push to transition away from passwords and the costly security problems they have created for companies and their users. A key part of the “passwordless by …
The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. [...]
A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. [...]
Sooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea. In 2019, I joined Inrupt, a …
25-year-old fella pleads guilty to stealing, dumping 1.1TB of data from the House of Mouse When someone stole more than a terabyte of data from Disney last year, it was believed to be the work of Russian hacktivists protesting for artist rights. We now know it was actually …
Real-time video deepfakes? Not convincing yet RSAC Spam messages predate the web itself, and generative AI has given it a fluency upgrade, churning out slick, localized scams and letting crooks hit regions and dialects they used to ignore.... [...]
A 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers. [...]
The United Kingdom's National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call." [...]
UK starts prosecution days after FBI vowed to clamp down on the crime Three young Brits are accused of stateside swatting offences and will appear in a UK court today to face their charges after a joint investigation by the FBI and Merseyside cops.... [...]
The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection regulations. [...]
The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and secure multiparty …
Experts suggest the obvious: There is an ongoing coordinated attack on UK retail sector Harrods, a globally recognized purveyor of all things luxury, is the third major UK retailer to confirm an attempted cyberattack on its systems in under two weeks.... [...]