Login
Developers of VS Code extensions are leaking sensitive secrets left, right and center, according to researchers who worked with Microsoft to combat an issue that could have led to some nasty supply chain attacks.β¦
The UK's Information Commissioner's Office (ICO) has issued a Β£14 million ($18.6 million) penalty to outsourcing giant Capita following a catastrophic 2023 cyberattack that exposed the personal data of 6.6 million people.β¦
Asahi's cyber hangover just got worse, with the brewer now admitting that personal information may have been tapped in last month's attack.β¦
Mozilla is working on a built-in VPN for Firefox, with beta tests opening to select users shortly.β¦
Oracle is rushing out another emergency patch for its embattled E-Business Suite as the fallout from the Clop-linked attacks continues to spread.β¦
Cyberattacks that meet upper severity thresholds set by the UK government's cyber agents have risen 50 percent in the last year, despite almost zero change in the volume of cases handled.β¦
The European Union's new biometric Exit/Entry System (EES) got off to a chaotic start at Prague's international airport, with travelers facing lengthy queues and malfunctioning equipment forcing border staff to process arrivals manually.β¦
The Scattered Lapsus$ Hunters (SLSH) cybercrime collective - compriseed primarily of teenagers and twenty-somethings - announced it will go dark until 2026 following the FBI's seizure of its clearweb site.β¦
An Austrian digital privacy group has claimed victory over Microsoft after the country's data protection regulator ruled the software giant "illegally" tracked students via its 365 Education platform and used their data.β¦
China's competition regulator has launched an investigation into Qualcomm's purchase of Israeli firm Autotalks, the latest salvo in the escalating tech trade war between Washington and Beijing.β¦
Ofcom, the UK's Online Safety Act regulator, has fined online message board 4chan Β£20,000 ($26,680) for failing to protect children from harmful content.β¦
The Dutch government has placed Nexperia - a Chinese-owned semiconductor company that previously operated Britain's Newport Wafer Fab β under special administrative measures, citing serious governance failures that threaten European tech security.β¦
Security researchers say they duped pro-Russia cybercriminals into targeting a fake critical infrastructure organization, which the crew later claimed - via their Telegram group - to be a real-world attack.β¦
Microsoft's Threat Intelligence team has sounded the alarm over a new financially-motivated cybercrime spree that is raiding US university payroll systems.β¦
US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office.β¦
UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities.β¦
Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on.Β β¦
SonicWall has admitted that all customers who used its cloud backup service to store firewall configuration files were affected by a cybersecurity incident first disclosed in mid-September, walking back earlier assurances that only a small fraction of users were impacted.β¦
Salesforce won't pay a ransom demand to criminals who claim to have stolen nearly 1 billion customer records and are threatening to leak the data if the CRM giant doesn't pony up some cash.β¦
Germany has committed to oppose the EU's controversial "Chat Control" regulations following huge pressure from multiple activists and major organizations.β¦
Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission.β¦
Florida-based Doctors Imaging Group has admitted that the sensitive medical and financial data of 171,862 patients was stolen during the course of a November 2024 cyberattack.β¦
BK Technologies, the Florida-based maker of mission-critical radios for US police, fire, and defense customers, has confessed to a cyber intrusion that briefly rattled its IT systems last month.β¦
OpenAI has banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts.β¦
The UK is pressing ahead with cutting-edge defense projects, the latest including research to protect satellites from laser attack and a technology demonstrator for a jet-powered drone to operate from Royal Navy carriers.β¦
The UK's Home Office is inviting tech suppliers to take part in a Β£60 million "market engagement" for an application that uses data from automated number plate recognition (ANPR) systems.β¦
Partner Content If you're still using "password123" for more than one account, there's a good chance you've already exposed yourself to credential stuffing attacks β one of the most prevalent and damaging forms of automated cybercrime today. Just ask the 6.9 million users of 23andMe who discovered their personal details were compromised when cybercriminals used recycled credentials from other breaches to infiltrate their accounts.β¦
Scattered Lapsus$ Hunters has launched an unusual crowdsourced extortion scheme, offering $10 in Bitcoin to anyone willing to help pressure their alleged victims into paying ransoms.β¦
First they targeted a preschool network, now new kids on the ransomware block Radiant Group say they've hit a hospital in the US, continuing their deplorable early cybercrime careers.β¦
Discord has confirmed customers' data was stolen β but says the culprit wasn't its own servers, just a compromised support vendor.β¦
Jaguar Land Rover is readying staff to resume manufacturing in the coming days, a company spokesperson confirmed to The Reg.β¦
Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that criminal crew Clop has already abused for data theft and extortion.β¦
Infosec in brief On August 29, the US Federal Emergency Management Agency fired its CISO, CIO, and 22 other staff for incompetence but insisted it wasn't in response to an online attack. New material suggests FEMA's claim may be false.β¦
What started as cyber crew bragging has now been confirmed by Red Hat: someone gained access to its consulting GitLab system and walked away with data.β¦
Apple has deep-sixed an app that tracks the movements of US Immigration and Customs Enforcement (ICE) agents β apparently bowing to government pressure.β¦
Munich Airport was temporarily closed last night following reports of drones buzzing around the area.β¦
The British government has finally given more details about the proposed digital ID project, directly responding to the 2.76 million naysayers that signed an online petition calling for it to be ditched.β¦
Oracle has finally broken its silence on those Clop-linked extortion emails, but only to tell customers what they already should have known: patch your damn systems.β¦
Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.β¦
A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after attackers socially engineered AWS into freezing its domain.β¦
Criminals with potential links to the notorious Clop ransomware mob are bombarding Oracle execs with extortion emails, claiming to have stolen sensitive data from Big Red's E-Business Suite, according to researchers.β¦
An arsenal of angry European Parliament members (MEPs) is demanding answers from senior commissioners about why EU subsidies are ending up in the pockets of spyware companies.β¦
The US government shut down at 1201 ET on October 1, halting non-essential IT modernization and leaving cybersecurity operations to run on skeleton crews.β¦
A hacking crew claims to have broken into Red Hat's private GitLab repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers.Β β¦
A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt services, and fully hijack the platform.β¦
Exclusive The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.β¦
A trio of companies disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America.β¦
Enterprises aren't keen on letting autonomous agents take the wheel amid fears over trust and security as research once again shows that AI hype is crashing against the rocks of reality.β¦
The UK's data watchdog has described Imgur's move to block UK users as "a commercial decision" after signaling plans to fine parent company MediaLab.β¦
UK prime minister Keir Starmer avoided mentioning the mandatory digital ID scheme in his keynote speech to the Labour Party conference amid calls for him to put meat on the bones of the plans or risk it failing fast.β¦
Schools and colleges hit by cyberattacks are taking longer to restore their networks β and the consequences are severe, with students' coursework being permanently lost in some cases.β¦
Threat-hunters at Palo Alto Networksβ Unit 42 have decided a gang they spotted two years ago is backed by China, after seeing it sling a new variety of malware.β¦
The North Korean IT worker threat extends well beyond tech companies, with fraudsters interviewing at a "surprising" number of healthcare orgs, according to Okta Threat Intelligence.β¦
Tile Bluetooth trackers leak identifying data in plain text, giving stalkers an easy way to track victims despite Life360's security promises, a group of Georgia Tech researchers warns.β¦
Google on Tuesday rolled out a new AI tool in Drive for desktop that it says will pause syncing to limit ransomware damage, but it won't stop attacks outright.β¦
Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by "advanced" attackers remain exposed to the internet, according to Shadowserver data.β¦
Partner Content Seamless collaboration through cloud platforms like Microsoft 365 has radically reshaped the modern workplace. In the span of an hour, you could go from uploading budget proposals to a project channel to live editing a joint presentation with a business partner, all while making lunch plans over Teams. From remote work to video calls, itβs never been easier to connect people, ideas, and information.β¦
The government is to encourage police forces across England and Wales to adopt live facial recognition (LFR) technology, with a minister praising its use by the London's Metropolitan Police in a suburb in the south of the city.β¦
London's Metropolitan Police has secured a "landmark conviction" following a record-busting Bitcoin seizure and seven-year investigation.β¦
Opinion There has been considerable worry about the impact of the European Union's Cyber Resilience Act on open source programmers. Linux stable kernel maintainer Greg Kroah-Hartman says, however, that there won't be much of an impact at all.β¦
FreshRSS