PLUS: Japan woos Micron, again; China launches chip dumping probe; Mitsubishi expands opsec empire; and more! Asia in Brief Criminals appear to be moving cyber-scam centers to vulnerable countries.... [...]
PLUS: China's Great Firewall springs a leak; FBI issues rare 'Flash Alert' of Salesforce attacks; $10m bounty for alleged Russian hacker; and more Infosec In Brief 15 ransomware gangs, including Scattered Spider and Lapsus$, have announced that they are going dark, and say no more attacks will be carried …
The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations' Salesforce environments to steal data and extort victims. [...]
This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Cambridge Public Library on October 22, 2025 at 6 PM ET. The event is sponsored by Harvard Bookstore. I’m giving a virtual talk about my book …
A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. [...]
Doing a simple system reset may not be enough to save you from fines and lawsuits With the end of Windows 10's regular support cycle fast approaching, and a good five years since the COVID pandemic spurred a wave of hardware replacements to support remote work, many IT departments …
A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. [...]
Although it hasn't been seen in the wild yet A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and …
Research : Nondestructive detection of multiple dried squid qualities by hyperspectral imaging combined with 1D-KAN-CNN Abstract: Given that dried squid is a highly regarded marine product in Oriental countries, the global food industry requires a swift and noninvasive quality assessment of this product. The current study therefore uses visiblenear-infrared …
Interesting analysis : When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true identity of victims and may …
A similar vuln on Apple devices was used against 'specific targeted users' Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.... [...]
A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. [...]
Get ready for a fight over who steers the global standard for vulnerability identification The Cybersecurity and Infrastructure Security Agency (CISA) nearly let the Common Vulnerabilities and Exposures (CVE) program lapse earlier this year, but a new "vision" document it released this week signals that it now wants more …
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. [...]
Dorm management refuses to cover costs after payment system borked More than a thousand university students in the Netherlands must continue to travel to wash their clothes after their building management company failed to bring its borked smart laundry machines back online.... [...]
When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what's happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how MSPs and IT teams can prepare now for the difference between recovery and catastrophe. [...]
A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies. [...]
Big Brother Watch says a so-called BritCard could turn daily life into one long identity check – and warn that Whitehall can’t be trusted to run A national digital ID could hand the government the tools for population-wide surveillance – and if history is anything to go by, ministers probably …
Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. [...]
UK data watchdog says students behind most education cyberattacks The UK's data protection watchdog says more than half of cyberattacks in schools are caused by students, and that parents should act early to prevent their offspring from falling into the wrong crowds.... [...]
Ethical concerns raised after crook offered themselves up on silver platter Security outfit Huntress has been forced onto the defensive after its latest research – described by senior staff as "hilarious" – split opinion across the cybersecurity community.... [...]
Atlantic Council warns US investors are fueling a market that undermines national security After years of being dominated by outsiders, the computer surveillance software industry is booming in the United States as investors rush into the ethically dodgy but highly lucrative field.... [...]
Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and session tokens in real time, according to security researchers.... [...]
U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations. [...]
Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). [...]
Panama's Ministry of Economy and Finance (MEF) has disclosed that one of its computers may have been compromised in a cyberattack.. [...]
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done …
Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. [...]
Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit Villager, a new penetration-testing tool linked to a suspicious China-based company and described by researchers as "Cobalt Strike's AI successor," has been downloaded about 10,000 times since its release in July.... [...]
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. [...]
FastNetMon says 1.5 Gpps deluge from hijacked routers, IoT kit nearly drowned scrubbing shop A DDoS mitigation provider was given a taste of the poison it tries to prevent, after being smacked by one of the largest packet-rate attacks ever recorded – a 1.5 billion packets per second …
Security leaders are clear about their priorities: After AI, cloud security is the top training topic for decision-makers. As threats against cloud workloads become more sophisticated, organizations are looking for highly-skilled professionals to help defend against these attacks. To help organizations meet their need for experts who can manage …
A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. [...]
AMD Zen hardware and Intel Coffee Lake affected If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries.... [...]
Ron Wyden urges FTC to probe failure to secure Windows after attackers used Kerberoasting to cripple Ascension Microsoft is back in the firing line after US Senator Ron Wyden accused Redmond of shipping "dangerous, insecure software" that helped cybercrooks cripple one of America's largest hospital networks.... [...]
Over 600 security boffins say planned surveillance crosses the line Europe, long seen as a bastion of privacy and digital rights, will debate this week whether to enforce surveillance on citizens' devices.... [...]
Major UK player cagey on specifics but latest attack follows string blamed on 'third party' suppliers One of the UK's largest rail operators, LNER, is the latest organization to spill user data via a third-party data breach.... [...]
Academics and OSA stakeholders say watchdog needs to amend how controversial legislation is enforced Industry experts expressed both concern and sympathy for Ofcom, the Brit regulator that is overseeing the Online Safety Act, as questions mount over the effectiveness of the controversial legislation.... [...]
Battery powered now, fuel-cells tomorrow - all packed in a shipping box Following a series of trials, defense biz BAE Systems says it is readying an autonomous military submarine for the end of next year.... [...]
You don’t need to be a rocket scientist to figure out the reasons why NASA has barred Chinese nationals from accessing its premises and assets, even those who hold visas that permit them to reside in the USA.... [...]
Ovoid-themed in-memory malware offers a menu for mayhem ‘EggStreme’ framework looks like the sort of thing Beijing would find handy in its ongoing territorial beefs Infosec outfit Bitdefender says it’s spotted a strain of in-memory malware that looks like the work of Chinese advanced persistent threat groups that …
Patch, turn on MFA, and restrict access to trusted networks...or else Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-old bug.... [...]
A prominent US senator has called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the company’s continued use of an obsolete and vulnerable form of encryption that Windows uses by default. In a letter to FTC Chairman Andrew Ferguson, Sen. Ron Wyden (D …
'We do believe that this was likely the creation of a cybercrime group,' threat hunter tells The Reg ChillyHell, a modular macOS backdoor believed to be long dormant, has likely been infecting computers for years while flying under the radar, according to security researchers who spotted a malware sample …
When modernizing applications, customers in regulated industries like government, financial, and research face a critical challenge: how to transform their systems while meeting strict digital sovereignty and security compliance requirements. A common misconception tied to this is that data must be moved to an AWS Region to fully use …
Systems offline as specialists continue to comb through wreckage Jaguar Land Rover (JLR) says "some data" was affected after the luxury car maker suffered a digital break-in early last week.... [...]
Prosecutors claim Ukrainian ran LockerGoga, MegaCortex, and Nefilim ops – $11M bounty on his head A Ukrainian national faces serious federal charges and an $11 million bounty after allegedly orchestrating ransomware operations that caused an estimated $18 billion in damages across hundreds of organizations worldwide.... [...]
One parent expressed concern for their child's safety A clumsy data breach has affected hundreds of children at a Birmingham secondary school.... [...]
Are you sure you know who has access to your systems? Feature Jaguar Land Rover (JLR) is the latest UK household name to fall victim to a major cyberattack. IT systems across multiple sites have been offline for over a week after what the company described as a "severe …
At Google Cloud, our services are built with interoperability and openness in mind to enable customer choice and multicloud strategies. W e pioneered a multicloud data warehouse, enabling workloads to run across clouds. We were the first company to provide digital sovereignty solutions for European governments and to waive …