A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations. [...]

Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.... [...]

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet …

Netgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as soon as possible. [...]

Contact info and partial payment details may be compromised US food and grocery delivery platform Grubhub says a security incident at a third-party service provider is to blame after user data was compromised.... [...]

A 59-year-old man from Irvine, California, was sentenced to 87 months in prison for his involvement in an investor fraud ring that stole $50 million between 2012 and October 2020. [...]

As the gateways to corporate networks, VPNs are an attractive target for attackers. Learn from Specops Software about how hackers use compromised VPN passwords and how you can protect your organization. [...]

Suspect, still at large, said to back concept that 'code is law' New York feds today unsealed a five-count criminal indictment charging a 22-year-old Canadian math prodigy with exploiting vulnerabilities in two decentralized finance protocols, allegedly using them to fraudulently siphon around $65 million from investors in the platforms …

A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. [...]

Federal prosecutors have indicted a man on charges he stole $65 million in cryptocurrency by exploiting vulnerabilities in two decentralized finance platforms and then laundering proceeds and attempting to extort swindled investors. The scheme, alleged in an indictment unsealed on Monday, occurred in 2021 and 2023 against the DeFI …

Interesting analysis : We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project ( source for our analysis), which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide. In each case, we identified what AI was used for …

Healthcare chiefs say impact will persist for months NHS execs admit that last year's cyberattack on hospitals in Wirral, northwest England, continues to "significantly" impact waiting times for cancer treatments, and suspect this will last for "months."... [...]

When cloud customers don't clean up after themselves, part 97 Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make Russia's "SolarWinds adventures look amateurish and insignificant," watchTowr Labs security researchers have claimed.... [...]

Tackle longstanding issues around productivity, cyber resilience and public sector culture, advises spending watchdog The UK's government spending watchdog has called on the current administration to make better use of technology to kickstart the misfiring economy and ensure better delivery public services amid tightened budgets.... [...]

​Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of customers, merchants, and drivers after attackers breached its systems using a service provider account. [...]

Also, Netgear fixes critical router, access point vulnerabilities Google has released its February Android security updates, including a fix for a high-severity kernel-level vulnerability, which is suspected to be in use by targeted exploits.... [...]

Going beyond the traditional “Prevent, Detect, and Respond” framework and taking a proactive approach Partner Content In today's highly connected and technology-driven world, digital resilience is not just a competitive advantage for banks - it is a necessity.... [...]

Senators ask, Homeland Security watchdog answers: Is it worth the money? The Department of Homeland Security's Inspector General has launched an audit of the Transportation Security Administration's use of facial recognition technology at US airports, following criticism from lawmakers and privacy advocates.... [...]

Amazon has announced key security enhancements for Redshift, a popular data warehousing solution, to help prevent data exposures due to misconfigurations and insecure default settings. [...]

The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in the wild. [...]

The U.S. Justice Department has charged a Canadian man with stealing roughly $65 million after exploiting two decentralized finance (DeFI) protocols. [...]

Casio UK's e-shop at casio.co.uk was hacked to include malicious scripts that stole credit card and customer information between January 14 and 24, 2025. [...]

In part 1 of this blog series, we walked through the risks associated with using sensitive data as part of your generative AI application. This overview provided a baseline of the challenges of using sensitive data with a non-deterministic large language model (LLM) and how to mitigate these challenges …

Threat actors are taking advantage of the rise in popularity of the DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools for the AI platform. [...]

This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had …

Investigating compensation to police whose sensitive info was leaked in 2023 The Police Service of Northern Ireland (PSNI) has bailed two officers after they were arrested as part of a fraud investigation related to the payments to cops whose sensitive data was mistakenly published in 2023.... [...]

Australian government staff mixed medical info for folk who share names and birthdays Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a name and date of birth and whose government …

PLUS: MGM settles breach suits; AWS doesn't trust you with security defaults; A new.NET backdoor; and more Infosec in brief The United States Food and Drug Administration has told medical facilities and caregivers that monitor patients using Contec equipment to disconnect the devices from the internet ASAP.... [...]

As if secure design is the only bullet point in a list of software engineering best practices Systems Approach As my Systems Approach co-author Bruce Davie and I think through what it means to apply the systems lens to security, I find that I keep asking myself what it …

The Python Package Index (PyPI) has announced the introduction of 'Project Archival,' a new system that allows publishers to archive their projects, indicating to the users that no updates are to be expected. [...]

Nulled and Cracked had a Lorelai-cal rise - until Operation Talent stepped in Law enforcement officers across Europe assembled again to collectively disrupt major facilitators of cybercrime, with at least one of those cuffed apparently a fan of the dramedy series The Gilmore Girls.... [...]

Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for reconnaissance on targets. [...]

Interesting. Blog moderation policy. [...]

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “ The Manipulaters,” have been the subject of three stories published here …

Tata Technologies Ltd. had to suspend some of its IT services following a ransomware attack that impacted the company network. [...]

Insurance giant Globe Life finished the investigation into the data breach it suffered last June and says that the incident may have impacted an additional 850,000 customers. [...]

​Mizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024. [...]

How to communicate risk to executives Partner Content Have you ever watched ? It's one of my all-time favorite movies, not just for the story but for how it handles complexity.... [...]

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients that their personal and health information was stolen in an October breach. [...]

​Law enforcement authorities in the United States and the Netherlands have seized 39 domains and associated servers used by the HeartSender phishing gang operating out of Pakistan. [...]

And it doesn't take a crystal ball to predict the future If the nonstop flood of ransomware attacks doesn't already make every day feel like Groundhog Day, then a look back at 2024 – and predictions for 2025 – definitely will.... [...]

And you, China, Russia, North Korea... Guardrails block malware generation Google says it's spotted Chinese, Russian, Iranian, and North Korean government agents using its Gemini AI for nefarious purposes, with Tehran by far the most frequent naughty user out of the four.... [...]

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device. [...]

Why organizations should protect everything, everywhere, all at once Sponsored Feature Considering it has such a large share of the data protection market, Veeam doesn't talk much about backups in meetings with enterprise customers these days.... [...]

Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to credential leakage under certain conditions.... [...]

Google blocked 2.3 million Android app submissions to the Play Store in 2024 due to violations of its policies that made them potentially risky for users. [...]

Today, I’m thrilled to announce that Amazon Redshift, a widely used, fully managed, petabyte-scale data warehouse, is taking a significant step forward in strengthening the default security posture of our customers’ data warehouses. Some default security settings for newly created provisioned clusters, Amazon Redshift Serverless workgroups, and clusters …

‘No one was kicked off the NTSB in the middle of investigating a crash’ interview Gutting the Cyber Safety Review Board as it was investigating how China's Salt Typhoon breached American government and telecommunications networks was "foolish" and "bad for national security," according to retired US Navy Rear Admiral …

Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and.NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not …

Posted by James Forshaw, Google Project Zero Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e …