The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. [...]
They're good at zero-day exploits, too Updated Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local government agencies since late 2024, according to Microsoft …
The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. [...]
YouTube warns that scammers are using an AI-generated video featuring the company's CEO in phishing attacks to steal creators' credentials. [...]
With increased unidentified drone sightings worldwide, some are concerned they pose a cybersecurity risk. Learn more from Acronis about these risks and a real attack on a Taiwan drone manufacturer. [...]
A first-of-its-kind legal challenge set to be heard this month, per reports Updated Apple has reportedly filed a legal complaint with the UK's Investigatory Powers Tribunal (IPT) contesting the British government's order that it must forcibly break the encryption of iCloud data.... [...]
As AI use increases, security remains a top concern, and we often hear that organizations are worried about risks that can come with rapid adoption. Google Cloud is committed to helping our customers confidently build and deploy AI in a secure, compliant, and private manner. Today, we’re introducing …
The Toronto Zoo, the largest zoo in Canada, has provided more information about the data stolen during a ransomware attack in January 2024. [...]
Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot thread. [...]
English football club offers apologies after fans' card details stolen from online retail store English football club Leeds United says cyber criminals targeted its retail website during a five-day assault in February and stole the card details of "a small number of customers."... [...]
'No regrets' crew continues extorting victims, leaking highly sensitive data Qilin – the "no regrets" ransomware crew wreaking havoc on the global healthcare industry – just claimed responsibility for fresh attacks on a cancer treatment clinic in Japan and a women's healthcare facility in the US.... [...]
List of attacks by 'No regrets' crew leaking highly sensitive data continues to grow Qilin – the "no regrets" ransomware crew wreaking havoc on the global healthcare industry – just claimed responsibility for fresh attacks on a cancer treatment clinic in Japan and a women's healthcare facility in the US.... [...]
Stop cyberattacks before they happen with preventative endpoint security Sponsored Post Every organization is vulnerable to cyber threats, and endpoint devices are a common target for cyber criminals.... [...]
Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. [...]
Hunters International ready to off-shore 1.4 TB of info allegedly swiped from Indian giant A subsidiary of Indian multinational Tata has allegedly fallen victim to the notorious ransomware gang Hunters International.... [...]
New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. [...]
Three critical vulnerabilities in multiple virtual-machine products from VMware can give hackers unusually broad access to some of the most sensitive environments inside multiple customers’ networks, the company and outside researchers warned Tuesday. The class of attack made possible by exploiting the vulnerabilities is known under several names, including …
A new botnet malware named 'Eleven11bot' has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. [...]
The heap overflow zero-day in the memory unsafe code by Miss Creant Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.... [...]
Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. [...]
We're pleased to announce that Google has been recognized as a Leader in The Forrester WaveTM: Data Security Platforms, Q1 2025 report. We believe this is a testament to our unwavering commitment to providing cutting-edge data security in the cloud. In today's AI era, comprehensive data security is paramount …
Google has announced an increased rollout of new AI-powered scam detection features on Android to help protect users from increasingly sophisticated phone and text social engineering scams. [...]
A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. [...]
The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure. [...]
The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company. [...]
Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. [...]
This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job. [...]
Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices. [...]
No warning, no opt-out, and critic claims... no consent Research from a leading academic shows Android users have advertising cookies and other gizmos working to build profiles on them even before they open their first app.... [...]
Says the biz trying to sell us stuff to catch that, admittedly High-profile deepfake scams that were reported here at The Register and elsewhere last year may just be the tip of the iceberg. Attacks relying on spoofed faces in online meetings surged by 300 percent in 2024, it …
Enhancing API security for financial institutions Partner Content Open banking has revolutionized financial services, empowering consumers to share their financial data with third-party providers, including fintech innovators.... [...]
Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks Comment America's cybersecurity chiefs in recent days have been sending mixed messages about the threat posed by Russia in the digital world.... [...]
Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. [...]
The US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged. [...]
CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. [...]
A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. [...]
On Monday, the United Kingdom's privacy watchdog announced that it is investigating TikTok, Reddit, and Imgur because of privacy concerns about how they are processing children's data. [...]
Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts Analysis It's a familiar refrain in the security industry that there is a massive skills gap in the sector. And while it's true there are specific shortages in certain areas …
Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a US entity, even with the guarantees in place.... [...]
Officials vow to uncover who was behind it The Polish Space Agency (POLSA) is currently dealing with a "cybersecurity incident," it confirmed via its X account on Sunday.... [...]
ICO looking at what data is used to serve up recommendations The UK's data protection watchdog has launched three investigations into certain social media platforms following concerns about the protection of privacy among teenage users.... [...]
Cut off one head and 100 grow back? Decapitation may not be the way to go Opinion With Apple pulling the plug on at-rest end-to-end encryption (E2EE) for UK users, and Signal threatening to pull out of Sweden if that government demands E2EE backdoors, it's looking bleak.... [...]
PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more Infosec In Brief US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia – as the USA’s Cybersecurity and Infrastructure Security Agency (CISA) has …
Bjarne Stroustrup says standards committee needs to show it can respond to memory safety push Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory …
Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models. [...]
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. [...]
Amazon Web Services (AWS) successfully completed an onboarding audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, and 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. EY CertifyPoint auditors conducted the audit and reissued …
U.S. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, a Binance Smart Chain-based DeFi protocol. [...]
Amnesty International on Friday said it determined that a zero-day exploit sold by controversial exploit vendor Cellebrite was used to compromise the phone of a Serbian student who had been critical of that country's government. The human rights organization first called out Serbian authorities in December for what it …
Firefly squid is now a delicacy in New York. Blog moderation policy. [...]