Login
Thousands more Oregonians will soon receive data breach letters in the continued fallout from the TriZetto data breach, in which someone hacked the insurance verification provider and gained access to its healthcare provider customers across multiple US states.β¦
Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions.β¦
opinion Maybe everything is all about timing, like the time (this week) America's lead cyber-defense agency sounded the alarm on insider threats after it came to light that its senior official uploaded sensitive documents to ChatGPT.β¦
Crims love to make it look like their traffic is actually coming from legit homes and businesses, and they do so by using residential proxy networks. Now, Google says it has "significantly degraded" what it believes is one of the world's largest residential proxy networks.β¦
A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update server incident that disrupted some eScan customers earlier this month.β¦
Sponsored Post Security teams are under pressure from every direction: supply chain threats are rising, regulatory expectations are tightening, and development cycles arenβt getting any slower. Yet for many organizations, the practical work of improving software security still comes down to the same challenge β how do you reduce exposure without constantly battling developers, delaying releases, or piling on process?
Thatβs where a more consistent set of habits can make a measurable difference.
Rather than treating software supply chain security as a one-off initiative, many teams are shifting toward repeatable practices they can build into everyday workflows. The goal isnβt perfection; itβs improving baseline security in ways that actually stick, across teams and tool chains.
Chainguard is hosting an upcoming webinar-style event designed to help security and engineering leaders identify the habits that matter most. The session exploresΒ seven practical approachesΒ for building more secure software pipelines, with a focus on reducing risk while keeping delivery moving.β¦
ShinyHunters has added a fresh notch to its breach belt, claiming it has pinched more than 10 million records from Match Group, a US firm that owns some of the world's most widely used swipe-based dating platforms.β¦
What good is a fix if you don't use it? Experts are urging security teams to patch promptly as vulnerability exploits now account for the majority of intrusions, according to the latest figures.β¦
Cybersecurity experts involved in the cleanup of the cyberattacks on Poland's power network say the consequences could have been lethal.β¦
Ransomware crims have just lost one of their best business platforms. US law enforcement has seized the notorious RAMP cybercrime forum's dark web and clearnet domains.β¦
Come one, come all. Everyone from Russian and Chinese government goons to financially motivated miscreants is exploiting a long-since-patched WinRAR vuln to bring you infostealers and Remote Access Trojans (RATs).β¦
Things aren't over yet for Fortinet customers β the security shop has disclosed yet another critical FortiCloud SSO vulnerability.β¦
Microsoft patched a bevy of bugs that allowed bypasses of Windows Administrator Protection before the feature was made available earlier this month.β¦
Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option.Β β¦
ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang also claims to have stolen data from CarMax and Edmunds, in addition to three other organizations it posted to its blog last week.β¦
Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing private communications at the heart of the UK government.β¦
France has officially told Zoom, Teams, and the rest of the US videoconferencing herd to take a hike in favor of its own homegrown app.β¦
Updated Microsoft illegally installed cookies on a school pupil's devices without consent, according to a ruling by the Austrian data protection authority (DSB).β¦
The High Court will hear from privacy campaigners this week who want to reshape the way the Metropolitan Police is allowed to use live facial recognition (LFR) tech.β¦
Updated Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real world attacks.β¦
ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to researchers and the criminal group itself.β¦
The European Commission has launched an investigation into X amid concerns that its GenAI model Grok offered users the ability to generate sexually explicit imagery, including sexualized images of children.β¦
Nike says it is probing a possible breach after extortion crew WorldLeaks claimed to have lifted 1.4TB of internal data from the sportswear giant and posted samples on its leak site.β¦
Russia was probably behind the failed attempts to compromise the systems of Poland's power companies in December, cybersecurity researchers claim.β¦
Britain's Royal Navy is using Oracle Cloud edge infrastructure to operate AI-driven defenses on the aircraft carrier HMS Prince of Wales.β¦
The UK government has revealed some thinking about digital identity in response to written questions from MPs, while continuing to say next to nothing about the scheme's cost.β¦
infosec in brief T'was a dark few days for automotive software systems last week, as the third annual Pwn2Own Automotive competition uncovered 76 unique zero-day vulnerabilities in targets ranging from Tesla infotainment to EV chargers.β¦
The UK Home Office is spending up to Β£100 million on intelligence tech in part to tackle the so-called "small boats" issue of refugees and irregular immigrants coming across the English Channel.β¦
updated The US Cybersecurity and Infrastructure Security Agency won't attend the annual RSA Conference in March, an agency spokesperson confirmed to The Register. Sessions involving speakers from the FBI and National Security Agency (NSA) have also disappeared from the agenda.β¦
You've got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw.β¦
updated If you think using Microsoft's BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond reportedly provided the FBI with encryption keys to unlock the laptops of Windows users charged in a fraud indictment.β¦
ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.β¦
CISOs must prepare for "a really different world" where cybercriminals can reliably automate cyberattacks at scale, according to a senior Googler.β¦
Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices supposedly fully up to date.β¦
Hammersmith & Fulham Council says payments are now being processed as usual, two months after a cyberattack that affected multiple boroughs in the UK's capital city.β¦
More than 15,000 former members of the UK's armed forces have successfully applied for a digital version of their veterans ID card since its launch in October, according to the Government Digital Service (GDS).Β β¦
Criminals can more easily pull off social engineering scams and other forms of identity fraud thanks to custom voice-phishing kits being sold on dark web forums and messaging platforms.β¦
Unknown attackers are abusing Microsoft SharePoint file-sharing services to target multiple energy-sector organizations, harvest user credentials, take over corporate inboxes, and then send hundreds of phishing emails from compromised accounts to contacts inside and outside those organizations.β¦
FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who've figured out how to sidestep SSO protections and grab sensitive settings right out of the box.β¦
GDPR fines pushed past the Β£1 billion (β¬1.2 billion) mark in 2025 as Europe's regulators were deluged with more than 400Β data breach notifications a day, according to a new survey that suggests the post-plateau era of enforcement has well and truly arrived.β¦
Concerned about the orgs that safeguard your money? The UK's annual cybersecurity review for 2025 suggests you should be. Despite years of regulation, financial organizations continue to miss basic cybersecurity safeguards.β¦
A recently disclosed critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is "trivial" to exploit, experts say.β¦
Cisco has finally shipped a fix for a critical-rated zero-day in its Unified Communications gear, a flaw that's already being weaponized in the wild, and which CISA previously flagged as an emergency priority.β¦
AI agents arrived in Davos this week with the question of how to secure them - and prevent agents from becoming the ultimate insider threat - taking center stage during a panel discussion on cyber threats.β¦
updated Password managers make great targets for attackers because they can hold many of the keys to your kingdom. Now, LastPass has warned customers about phishing emails claiming that action is required ahead of scheduled maintenance and told them not to fall for the scam.Β β¦
Have I Been Pwned (HIBP) says 72.7 million accounts registered with Under Armour were affected by an alleged ransomware attack in November.β¦
The European Commission (EC) wants a revised Cybersecurity Act to address any threats posed by IT and telecoms kit from third-country sources, potentially forcing member states to confront the thorny issue of suppliers such Huawei in their national networks.β¦
The Irish government is planning to bolster its police's ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use.β¦
Britain's digital economy minister has sent forth a raft of companies as "ambassadors" to help organizations across the land embrace the UK's Software Security Code of Practice.β¦
The maintainer of popular open-source data transfer tool cURL has ended the projectβs bug bounty program after maintainers struggled to assess a flood of AI-generated contributions.β¦
Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover.β¦
VoidLink, the newly spotted Linux malware that targets victims' clouds with 37 evil plugins, was generated "almost entirely by artificial intelligence" and likely developed by just one person, according to the research team that discovered the do-it-all implant.β¦
Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to cyber-threat exposure startup Zafran.β¦
Anthropic has fixed three bugs in its official Git MCP server that researchers say can be chained with other MCP tools to remotely execute malicious code or overwrite files via prompt injection.β¦
Cybercrime has entered its AI era, with criminals now using weaponized language models and deepfakes as cheap, off-the-shelf infrastructure rather than experimental tools, according to researchers at Group-IB.β¦
Interview When Cloudflare CEO Matthew Prince recently threatened to disrupt the Winter Olympics to protect free speech after Italian authorities fined his company for not disrupting pirate video streams, rival CDN provider Akamaiβs CEO Dr. Tom Leighton fired back with what reads a lot like thinly veiled criticism.β¦
A group of CrowdStrike shareholders who sued the company over losses sustained following its 2024 global outage will have to head back to the drawing board if they hope to recoup losses, as a Texas judge has deemed they failed to adequately state a claim.β¦
A Jordanian national faces sentencing in the US after pleading guilty to acting as an initial access broker (IAB) for various cyberattacks.β¦
The UK's National Cyber Security Centre (NCSC) is once again warning that pro-Russia hacktivists are a threat to critical services operators.β¦
Microsoft has rushed out an out-of-band Windows 11 update after January's Patch Tuesday broke something as fundamental as turning PCs off.β¦
FreshRSS