Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems. [...]

Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems. [...]

Nvidia is recommending a mitigation for customers of one of its GPU product lines that will degrade performance by up to 10 percent in a bid to protect users from exploits that could let hackers sabotage work projects and possibly cause other compromises. The move comes in response to …

Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there When independent security researcher Neil Smith reported a vulnerability in a comms standard used by trains to the US government in 2012, he most likely didn't …

Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls. [...]

A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer. [...]

Cross-Channel pact aims to bolster navigation and timing tech as satellite signals face growing jamming threats Britain and France are to work more closely on technology to back up the familiar Global Positioning System (GPS), which is increasingly subject to interference in many regions around the world.... [...]

Report on serious organized crime fails to account for differences, agency says The UK's National Crime Agency (NCA) has hit back at a think tank after it assessed its US counterpart, the FBI, to be nearly three times more effective.... [...]

Despite loathing the USA, Iran wants providers who match NIST’s definition of cloud computing The Information Technology Organization of Iran (ITOI), the government body that develops and implements IT services for the country, is looking for suppliers of cloud computing.... [...]

PLUS: Bluetooth mess leaves cars exposed; Bitcoin ATMs attacked; Deepfakers imitate US secretary of state Marco Rubio; and more Infosec In Brief Nvidia last week advised customers to ensure they employ mitigations against Rowhammer attacks, after researchers found one of its workstation-grade GPUs is susceptible to the exploit.... [...]

Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. [...]

Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another By now, the North Korean fake IT worker problem is so ubiquitous that if you think you don't have any phony resumes or imposters in your interview queue, you're asleep at the wheel.... [...]

Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. [...]

New research : One reason the early years of squids has been such a mystery is because squids’ lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks—hard mouthparts with high fossilization potential that could help the team …

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States. [...]

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States. [...]

Amazon Web Services (AWS) is pleased to announce that the Spring 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 184 services over the 12-month period from April 1, 2024, to March 31, 2025, giving customers a full year of assurance …

Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. [...]

The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor. [...]

Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal Huntress security researchers observed exploitation of the CVSS 10.0 remote code execution (RCE) flaw in Wing FTP Server on July 1, just one day after its public disclosure.... [...]

Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance. [...]

NVIDIA is warning users to activate System Level Error-Correcting Code mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. [...]

Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. [...]

As governments consider mandatory CCTV in early education, one big provider with cameras already installed is yet to formalise guidelines for how the footage will be stored and used Get our breaking news email, free app or daily news podcast In the wake of horrifying reports last week alleging …

The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. [...]

Lead brand of French luxury group LVMH reassures customers financial data such as bank details were not taken Louis Vuitton has said the data of some UK customers has been stolen, as it became the latest retailer targeted by cyber hackers. The retailer, the leading brand of the French …

Last summer's riots show how some content can be harmful but not illegal The Online Safety Act fails to tackle online misinformation, leaving the UK in need of further regulation to curb the viral spread of false content, a report from MPs has found.... [...]

First came the dodgy lawyer, then the explosively angry HR person, leaving a whistleblower techie to save his career On Call Welcome once again to On Call, The Register 's Friday column that shares your stories of tech support terror and triumph.... [...]

'He's useless with computers and can't even install an application' says lawyer A Russian professional basketball player is cooling his heels in a French detention center after being arrested and accused of acting as a negotiator for a ransomware gang.... [...]

Alleges Singaporean infosec outfit sent feeble legal demands to hosting company, which caved Anti-censorship organization GreatFire.org has accused Singapore infosec outfit Group-IB of helping Chinese web giant Tencent to quell its activities.... [...]

Oh my sweet secret informant lover, what happened in that NATO meeting today? A lovestruck US Air Force employee has pleaded guilty to conspiring to transmit confidential national defense information after sharing military secrets information about the Russia-Ukraine war with a woman he met on a dating app.... [...]

Add CISA to the list The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitation and abused to hijack user sessions.... [...]

Authorities in Europe have detained five people, including a former Russian professional basketball player, in connection with crime syndicates responsible for ransomware attacks. Until recently, one of the suspects, Daniil Kasatkin, played for MBA Moscow, a basketball team that’s part of the VTB United League, which includes teams …

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. [...]

'Whether those files were allowed to go to Russia? I didn't ask' A former ASML and NXP semiconductor engineer will spend three years in a Dutch prison after stealing secret chip technology from his employers and sharing it with Russia.... [...]

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. The breaches have been linked to a prolific but loosely-affiliated cybercrime group …

Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang. [...]

Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda. [...]

Politicians uneasy over potential impact on national security, local reports say Russia, home to some of the world's most lucrative and damaging cybercrime operations, has rejected a bill to legalize ethical hacking.... [...]

Last month, we announced new sovereign controls and governance structure for the AWS European Sovereign Cloud. The AWS European Sovereign Cloud is a new, independent cloud for Europe, designed to help customers meet their evolving sovereignty needs, including stringent data residency, operational autonomy, and resiliency requirements. Launching by the …

FBI's Criminal Justice Information Services (CJIS) compliance isn't optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. [...]

The UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods. [...]

The UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods. [...]

Crimefighting agency cagey on details, probes into intrusions at M&S, Harrods, and Co-op continue The UK's National Crime Agency (NCA) arrested four individuals suspected of being involved in the big three cyberattacks on UK retail businesses in recent weeks.... [...]

Good tutorial by Micah Lee. It includes some nonobvious use cases. [...]

Processing and storage for Gemini 2.5 Flash to stay in Blighty Google Cloud is attempting to ease concerns about where AI data is stored by offering organizations the option to keep Gemini 2.5 Flash machine learning processing entirely within the UK.... [...]

A simple interface and new roles-based capabilities make this venerable password manager an attractive proposition Sponsored feature Passwords are necessary for businesses, but look away for a minute and they quickly get out of control. If your users do things right and use a different password for each application …

Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.... [...]

Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names. [...]

No, really, those are the magic words A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the AI model to play a guessing game.... [...]