Leaders call for fewer contractors and more top talent installed across government Senior officials in the UK's civil service understand that future cyber hires in Whitehall will need to be paid a salary higher than that of the Prime Minister if the government wants to get serious about fending …
Election infosec advisory center also shuttered Updated A penetration tester who worked at the US govt's CISA claims his 100-strong team was effectively dismissed after Elon Musk's Trump-blessed DOGE unit cancelled a contract – and that more folks have also been put out of work by the cybersecurity agency.... [...]
Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and another six already being exploited by criminals.... [...]
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows and Windows …
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. [...]
Apple on Tuesday patched a critical zero-day vulnerability in virtually all iPhones and iPad models it supports and said it may have been exploited in “an extremely sophisticated attack against specific targeted individuals” using older versions of iOS. The vulnerability, tracked as CVE-2025-24201, resides in Webkit, the browser engine …
Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks. [...]
Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. [...]
Lots of interesting details in the story : The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security …
Non-password-protected, unencrypted 108GB database... what could possibly go wrong Exclusive More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open misconfigured AWS S3 bucket for months — or possibly even longer …
Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov …
Oh wow, just looks at all the scary stuff in your Windows Event Viewer The Federal Trade Commission (FTC) is distributing over $25.5 million in refunds to consumers deceived by tech support scammers, averaging about $34 per person.... [...]
A newly discovered clipboard hijacking operation dubbed 'MassJacker' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. [...]
Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]
Cybercriminals are using AI for help in planning and conducting cyberattacks—but cybersecurity vendors are fighting back. Learn from Acronis Threat Research Unit about how AI-powered security solutions are closing the gap in the battle against AI-driven cyber threats. [...]
PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September. [...]
CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. [...]
Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it AI models with memory aim to enhance user interactions by recalling past engagements. However, this feature opens the door to manipulation.... [...]
Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.... [...]
Expired SSL cert kerfuffle leaves second-gen, Audio gadgets useless Google's second-generation Chromecast and its Chromecast Audio are suffering a major ongoing outage, with devices failing to cast due to an expired security certificate. The web giant is aware of the breakdown and says a fix is in the works …
The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. [...]
The U.S. Federal Trade Commission (FTC) said today that Americans lost a record $12.5 billion to fraud last year, a 25% increase over the previous year. [...]
Later this week, the Federal Trade Commission (FTC) will start distributing over $25.5 million in refunds to those misled by tech support companies Restoro and Reimage's scare tactics. [...]
Phishing and ancient vulns still do the trick for one of the most prolific groups around Researchers say the Sidewinder offensive cyber crew is starting to target maritime and nuclear organizations.... [...]
Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. [...]
Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024. [...]
Quantum computing threatens to break traditional encryption, putting sensitive data at risk. Learn more from Specops Software about the risks of quantum computing and how to prepare for them. [...]
Terabytes of sensitive info remain available for download Break-ins to systems hosting the data of two US healthcare organizations led to thieves making off with the personal and medical data of more than 300,000 patients.... [...]
Study finds 4 out of 6 providers don't do enough to stop impersonation Four out of six companies offering AI voice cloning software fail to provide meaningful safeguards against the misuse of their products, according to research conducted by Consumer Reports.... [...]
Experts say that the way you handle things after the criminals break in can make things better or much, much worse Feature Experiencing a ransomware infection or other security breach ranks among the worst days of anyone's life — but it can still get worse.... [...]
The malware includes four separate backdoors : Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing websites that don’t monitor 3rd party dependencies …
Insiders say board members must be held accountable and drive positive change from the top down Analysis Walk into any hospital and ask the same question – "Which security system should we invest in?" – to both a doctor and a board member, and you may get different answers. The doctor …
Likening memory safety bugs to smallpox may not soothe sensitive C coders Rust is alive and well in the Linux kernel and is expected to translate into noticeable benefits shortly, though its integration with the largely C-oriented codebase still looks uneasy.... [...]
Also, phone cleaner apps are a data-sucking scam, Singapore considering the literal rod for scammers, and more Infosec in Brief Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves.... [...]
PLUS: Malaysia teams with Arm for local chip designs; NTT warns of possible breach; Samsung strikers settle; and more Asia in Brief India’s government has proposed giving its tax authorities sweeping powers to access private email systems and applications.... [...]
US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. [...]
A software developer has been found guilty of sabotaging his ex-employer's systems by running custom malware and installing a "kill switch" after being demoted at the company. [...]
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks. [...]
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks. [...]
iPhone giant compartmentalizes OS for the sake of security Apple has been working to harden the XNU kernel that powers its various operating systems, including iOS and macOS, with a feature called "exclaves."... [...]
iPhone giant compartmentalizes OS for the sake of security Apple has been working to harden the XNU kernel that powers its various operating systems, including iOS and macOS, with a feature called "exclaves."... [...]
Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos. [...]
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular …
IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes A federal jury in Cleveland has found a senior software developer guilty of sabotaging his employer's systems – and he's now facing a potential ten years behind bars.... [...]
Squid is a loyalty card platform in Ireland. Blog moderation policy. [...]
Nearly 1 million Windows devices were targeted in recent months by a sophisticated "malvertising" campaign that surreptitiously stole login credentials, cryptocurrency, and other sensitive information from infected machines, Microsoft said. The campaign began in December, when the attackers, who remain unknown, seeded websites with links that downloaded ads from …
U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack. [...]
U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack. [...]
$96B in transactions, some even labeled 'dirty funds,' since 2019, say prosecutors The Feds today revealed more details about the US Secret Service-led Garantex takedown, a day after seizing websites and freezing assets belonging to the Russian cryptocurrency exchange in coordination with German and Finnish law enforcement agencies.... [...]
A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. [...]