CVE-2017-11882 in discontinued Equation Editor still attracting keylogger campaigns despite software being killed off in 2018 Very few people are immune to the siren song of nostalgia, a yearning for a "better time" when this was all fields and kids respected their elders - and it looks like cyber criminals …
Microsoft will remove PowerShell 2.0 from Windows starting in August, eight years after announcing its deprecation and keeping it around as an optional feature. [...]
Seven additional regions across England will now have access to the controversial tech A fresh expansion of UK crimefighters' access to live facial recognition (LFR) technology is being described by officials as "an excellent opportunity for policing." Privacy campaigners disagree.... [...]
The NSA and GCHQ have jointly published a history of World War II SIGINT: “ Secret Messengers: Disseminating SIGINT in the Second World War.” This is the story of the British SLUs (Special Liaison Units) and the American SSOs (Special Security Officers). [...]
Shock news: billionaire techpreneur is not a fan Geek-turned-venture-capitalist Marc Andreessen has weighed in on the arguments surrounding the UK's Online Safety Act, accusing the UK government of leaking his input.... [...]
For now at least, even though government buying can improve, open source is not all it's cracked up to be Register debate series Not for the first time, Microsoft is in the spotlight for the UK government's money it voraciously consumes – apparently £1.9 billion a year in software …
Foundation warns federated servers face biggest risk, but single-instance users can take their time Updated The maintainers of the federated secure chat protocol Matrix are warning users of a pair of "high severity protocol vulnerabilities," addressed in the latest version, saying patching them requires a breaking change in servers …
Minnesota’s capital is the latest to feature on Interlock’s leak blog after late-July cyberattack The Interlock ransomware gang has flaunted a 43GB haul of files allegedly stolen from the city of Saint Paul, following a late-July cyberattack that forced the Minnesota capital to declare a state of …
Tells court 'What I did was wrong and I want to apologize for my conduct' Terraform Labs founder Do Kwon has pled guilty to committing fraud when promoting the so-called "stablecoin" Terra USD and now faces time in jail.... [...]
None under active exploit...yet Microsoft’s August Patch Tuesday flaw-fixing festival addresses 111 problems in its products, a dozen of which are deemed critical, and one moderate-severity flaw that is listed as being publicly known.... [...]
Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with …
Hackers have released stolen data belonging to US insurance giant Allianz Life, exposing 2.8 million records with sensitive information on business partners and customers in ongoing Salesforce data theft attacks. [...]
And yes, there’s the usual credit monitoring Global staffing firm Manpower confirmed ransomware criminals broke into its Lansing, Michigan franchise's network and stole personal information belonging to 144,189 people, months after the extortionists claimed that they pilfered "all of [the company's] confidential data."... [...]
The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. [...]
Today is Microsoft's August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos. [...]
Website, emails, and phones are down for a second day The Pennsylvania's Office of Attorney General (OAG) is blaming a digital blackout of its services on a "cyber incident."... [...]
The U.S. Department of Justice (DoJ) seized cryptocurrency and digital assets worth $1,091,453 at the time of confiscation, on January 9, 2024, from the BlackSuit ransomware gang. [...]
Google announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security assurance level for IoT and mobile platforms. [...]
As part of Google Cloud’s fundamental belief that robust security can enable business resilience and innovation, we're committed to empowering security operations teams with solutions that deliver measurable value and demonstrable return on investment (ROI). That's why we're thrilled to announce a new, in-depth Forrester Consulting Total Economic …
US cops yank servers, domains, and crypto from the Russia-linked gang - but the crooks remain at large In a display of bureaucratic bravado, US law enforcement agencies say they've “disrupted” the BlackSuit ransomware gang (also known as Royal), freeing millions of dollars in virtual currency from its clutches.... [...]
A new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task. [...]
Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released. [...]
Healthcare led all industries in 2024 breaches—over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep healthcare running. Try it free for 1 month. [...]
Scattered Spider, ShinyHunters, and Lapsus$ spent the weekend bragging to each other on a Telegram channel Prolific cybercrime collectives Scattered Spider, ShinyHunters, and Lapsus$ appear to be working together to break into businesses' networks, steal their data, and force an extortion payment.... [...]
Automaker's answer to spate of car thefts is to charge customers for extra Hyundai is charging UK customers £49 ($66) for a security upgrade to prevent thieves from bypassing its car locks.... [...]
A few years ago, scammers invented a new phishing email. They would claim to have hacked your computer, turned your webcam on, and videoed you watching porn or having sex. BuzzFeed has an article talking about a “shockingly realistic” variant, which includes photos of you and your house—more …
Home Office officials reportedly concede Brit government on back foot as Trump moves to protect US Big Tech players Analysis The Home Office's war on encryption – its most technically complex and controversial aspect of modern policymaking yet – is starting to look like battlefield failure after more than ten years …
Sysadmins, your job is safe Automating IT operations using AI may not be the best idea at the moment.... [...]
A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached to phishing messages, some of which are personalized. Security firm ESET said Monday that it first detected the attacks on July …
The North Korean state-sponsored hackers known as Kimsuky has reportedly suffered a data breach after two hackers, who describe themselves as the opposite of Kimsuky's values, stole the group's data and leaked it publicly online. [...]
The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country. [...]
Security teams often need to analyze potentially malicious files, binaries, or behaviors in a tightly controlled environment. While this has traditionally been done in on-premises sandboxes, the flexibility and scalability of AWS make it an attractive alternative for running such workloads. However, conducting malware analysis in the cloud brings …
A few weeks earlier 'zeroplayer' advertised an $80K WinRAR 0-day exploit Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.... [...]
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. [...]
The alleged perpetrators remain at large The US Department of Justice is trying to recoup around $1 million that three IT specialists secretly working for the North Korean government allegedly stole from a New York company.... [...]
The guest data of AWS customers running on the AWS Nitro System and Nitro Hypervisor is not at risk from a new attack dubbed “L1TF Reloaded.” No additional action is required by AWS customers; however, AWS continues to recommend that customers isolate their workloads using instance, enclave, or function …
The bad news? The machines, and their operators, are coming on fast Black Hat/DEF CON At the opening of Black Hat, the largest security shindig in the Hacker Summer Camp week ahead of DEF CON and BSides, the opening keynote speaker suggested the current state of AI slightly …
While AI can help empower defenders, it can also create new security challenges. Those two critical, interconnected themes are driving our announcements and presentations for this year's Google Cloud Security Summit. Join us live for Security Summit 2025 on August 19 to learn about the latest advancements in AI-powered …
But it can contest if it lands up in 'Category 1,' and the move hurts operations, says judge Wikipedia today lost a legal battle against the UK's tech secretary to tighten the criteria around the Online Safety Act 2023 (OSA), as it seeks to exclude itself from the strictest …
Native phishing turns trusted tools into attack delivery systems. Varonis shows how attackers weaponize Microsoft 365 apps, like OneNote & OneDrive, to send convincing internal lures and how to spot them before they spread. [...]
Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang's encryptors, allowing them to recover a victim's files for free without paying a ransom. [...]
Amid hints by president he may announce 100% tariffs on imported chips, semiconductors Intel boss Lip-Bu Tan reportedly has an appointment at the White House today, just days after President Donald Trump called for his resignation. The move comes as Intel's former CEO Craig Barrett weighs in on the …
By video, picture, and voice – the fakers are coming for your money DEF CON While AI was on everyone's lips in Las Vegas this week at the trio of security conferences in Sin City – BSides, Black Hat, AND DEF CON – there were a lot of people using the F-word …
The U.S. Department of Justice charged four Ghanaian nationals for their roles in a massive fraud ring linked to the theft of over $100 million in romance scams and business email compromise attacks. [...]
Many core offerings now back in action, says retailer British retailer Marks and Spencer updated its website today, confirming its Click & Collect service is once again available to customers.... [...]
Fears around children is opening up a new market for automatic license place readers. [...]
Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise. [...]
And yes, that means (retch) catering to AI searchers The job market is queasy and since you're reading this, you need to upgrade your CV. It's going to require some work to game the poorly trained AIs now doing so much of the heavy lifting. I know you don't …
Connex, one of Connecticut's largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June. [...]
PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more! Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro's Apex One endpoint security platform is under active exploitation, the company admitted last week, and there's no patch available.... [...]