Login
EXCLUSIVE ShinyHunters has claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers.β¦
Four people have been charged in the US with plotting to funnel restricted Nvidia AI chips into China, allegedly relying on shell firms, fake invoices, and covert routing to slip cutting-edge GPUs past American export controls.β¦
On Christmas Day 2024, a Russian-linked laundering network bought itself a very special present: a controlling stake in a Kyrgyzstan bank, later used to wash cybercrime profits and funnel money into Moscow's war machine, according to the UK's National Crime Agency (NCA).β¦
Partner Content At MWC Shanghai 2025, ZTE has officially launched its ZXCSec MAF product, a dedicated application-layer security protection device specifically designed for large model services.β¦
Google has linked Androidβs wireless peer-to-peer file sharing tool Quick Share to Appleβs equivalent AirDrop.β¦
The US Securities and Exchange Commission (SEC) has abandoned the lawsuit it pursued against SolarWinds and its chief infosec officer for misleading investors about security practices that led to the 2020 SUNBURST attack.β¦
Salesforce has disclosed another third-party breach in which criminals - likely ShinyHunters (again) - may have accessed hundreds of its customers' data.β¦
LLMs are getting better at writing malware - but they're still not ready for prime time.β¦
An Ohio IT contractor has pleaded guilty to breaking into his former employer's systems and causing nearly $1 million worth of damage after being fired.β¦
TP-Link is suing rival networking vendor Netgear, alleging that the rival and its CEO carried out a smear campaign by falsely suggesting, it says, that the biz had been infiltrated by the Chinese government.β¦
Canadian privacy watchdogs say that school boards must shoulder part of the blame for the PowerSchool mega-breach, not just the ed-tech giant that lost control of millions of student and staff records.β¦
Malicious traffic targeting Palo Alto Networks' GlobalProtect portals surged almost 40-fold in the space of 24 hours, hitting a 90-day high and putting defenders on alert for whatever comes next.β¦
Palo Alto Networks CEO Nikesh Arora has suggested hostile nation-states will possess quantum computers in 2029, or even a little earlier, at which point most security appliances will need to be replaced.β¦
Cybercrime fighters in the US, UK, and Australia have imposed sanctions on several Russia-linked entities they claim provide hosting services to ransomware gangs Lockbit, BlackSuit, and Play.β¦
Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier.β¦
interview Warfare has become a joint cyber-kinetic endeavor, with nations using cyber operations to scope out targets before launching missiles. And private companies, including shipping, transportation, and electronics manufacturers, are getting caught in the crossfire, according to Amazon.β¦
Researchers in Austria used a flaw in WhatsApp to gather the personal data of more than 3.5 billion users in what they believe amounts to the "largest data leak in history."β¦
Around 50,000 ASUS routers have been compromised in a sophisticated attack that researchers believe may be linked to China, according to findings released today by SecurityScorecard's STRIKE team.β¦
Partner Content In today's enterprise environment, technology investments are no longer judged solely by their technical sophistication. Approval depends on their ability to support business goals, mitigate risk, and create value for shareholders. CIOs and CISOs are expected to present their strategies not as technical upgrades but as business enablers. The challenge is not just making the right investments, but framing them in ways that resonate at the boardroom level.β¦
Chinese spies are using social media and fake recruitment agents to recruit sources with access to sensitive information in the UK.β¦
updated Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches distributed denial of service (DDoS) attacks.β¦
The Federal Communications Commission (FCC) will vote this week on whether to scrap Biden-era cybersecurity rules, enacted after the Salt Typhoon attacks came to light in 2024, that required telecom carriers to adopt basic security controls.β¦
America is fed up with being the prime target for foreign hackers. So US National Cyber Director Sean Cairncross says Uncle Sam is going on the offensive β he just isn't saying when.β¦
Google pushed an emergency patch on Monday for a high-severity Chrome bug that attackers have already found and exploited in the wild.β¦
Gen Z can get off their digital high horses because their passwords are no more secure than their grandparents'.β¦
Azure was hit by the "largest-ever" cloud-based distributed denial of service (DDoS) attack, originating from the Aisuru botnet and measuring 15.72 terabits per second (Tbps), according to Microsoft.β¦
Loose lips sink ships, the classic line goes. Information proliferation in the internet age has government auditors reiterating that loose tweets can sink fleets, and they're concerned that the Defense Department isn't doing enough to stop sensitive info from getting out there.Β β¦
A security researcher says Coinbase knew about a December 2024 security breach during which miscreants bribed its support staff into handing over almost 70,000 customers' details at least four months before it disclosed the data theft.β¦
It sounds like easy money. North Koreans pay you to use your identity so they can get jobs working for American companies in IT. However, if you go this route, the US Department of Justice promises to catch up with you eventually.β¦
Europol's Internet Referral Unit (EU IRU) says a November 13 operation across gaming and "gaming-adjacent" services led its partners to report thousands of URLs hosting terrorist and hate-fueled material, including 5,408 links to jihadist content, 1,070 pushing violent right-wing extremist or terrorist propaganda, and 105 tied to racist or xenophobic groups.β¦
Teams that think they're ready for a major cyber incident are scoring barely 22 percent accuracy and taking more than a day to contain simulated attacks, according to new data out Monday.β¦
French telco Eurofiber says cybercriminals swiped company data during an attack last week that also affected some internal systems.β¦
British prosecutors have secured a civil recovery order to seize crypto assets worth Β£4.11 million ($5.39 million) from Twitter hacker Joseph James O'Connor, clawing back the proceeds of a scam that used hijacked celebrity accounts to solicit digital currency and threaten high-profile individuals.β¦
Asia In Brief Indiaβs Tata Motors, owner of Jaguar Land Rover, has revealed the cyberattack that shut down production in the UK has so far cost it around Β£1.8 billion ($2.35 billion).β¦
INFOSEC IN BRIEF The US Senate passed a resolution in July to force the US Cybersecurity and Infrastructure Security Agency (CISA) to publish a 2022 report into poor security in the telecommunications industry but the agency has not delivered the document.β¦
Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation β but it appears digital intruders got a month's head start.β¦
Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.β¦
Chinese speakers in the US are being targeted as part of an aggressive health insurance scam campaign, the FBI warns.β¦
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware operation, which poses an imminent threat to critical sectors.β¦
The UK's National Health Service (NHS) is investigating claims of a cyberattack by extortion crew Clop.β¦
Kubernetes maintainers have decided itβs not worth trying to save Ingress NGINX and will instead stop work on the project and retire it in March 2026.β¦
Chinese cyber spies used Anthropic's Claude Code AI tool to attempt digital break-ins at about 30 high-profile companies and government organizations β and the government-backed snoops "succeeded in a small number of cases," according to a Thursday report from the AI company.β¦
Digitial extortion is a huge business, because affected orgs keep forking over money to get their data back. However, instead of paying a ransom demand after getting hit by extortionists last week, payment services provider Checkout.com donated the demanded amount to fund cybercrime research.β¦
Two vulnerabilities in Ubuntu 25.10's new "sudo-rs" command have been found, disclosed, and fixed in short order.β¦
The Washington Post has confirmed that nearly 10,000 employees and contractors had sensitive personal data stolen in the Clop-linked Oracle E-Business Suite (EBS) attacks.β¦
International cops have pulled apart the Rhadamanthys infostealer operation, seizing 1,025 servers tied to the malware in coordinated raids between November 10-13.β¦
Synnovis has finally wrapped up its investigation into the 2024 ransomware attack that crippled pathology services across London, ending an 18-month effort to untangle what the NHS supplier describes as one of the most complex data reconstruction jobs it has ever faced.β¦
Google has filed a lawsuit against 25 unnamed China-based scammers, which it claims have stolen more than 115 million credit card numbers in the US as part of the Lighthouse phishing operation.β¦
An "advanced" attacker exploited CitrixBleed 2 and a max-severity Cisco Identity Services Engine (ISE) bug as zero-days to deploy custom malware, according to Amazon Chief Information Security Officer CJ Moses.β¦
The Metropolitan Police's seven-year investigation into a record-setting fraudster has ended after she was sentenced to 11 years and eight months in prison on Tuesday.β¦
UK government introduced the Cyber Security and Resilience (CSR) Bill to Parliament today, marking a significant overhaul of local cybersecurity legislation to sharpen the security posture of the most critical sectors.β¦
Britain's aviation watchdog has warned it's only a matter of time before organized drone attacks bring UK airports to a standstill.β¦
Chinaβs National Computer Virus Emergency Response Center (CVERC) has alleged a nation-state entity, probably the USA, was behind a 2020 attack on a bitcoin mining operation and by doing so has gone into bat for entities that Beijing usually blasts.β¦
The head of Australiaβs Security Intelligence Organisation (ASIO) has warned that authoritarian regimes βare growing more willing to disrupt or destroy critical infrastructureβ, using cyber-sabotage.β¦
North Korean state-backed spies have found a new way to torch evidence of their own cyber-spying β by hijacking Google's Find Hub service to remotely wipe Android phones belonging to their South Korean targets.β¦
Privacy advocates are condemning the European Commission's leaked plans to overhaul digital privacy legislation, accusing officials of bypassing proper legislative processes to favor Big Tech interests.β¦
The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains the top issue, security misconfiguration is a strong second, and software supply chain issues are still prominent.β¦
Digital engineering outfit GlobalLogic says personal data from more than 10,000 current and former employees was exposed in the wave of Oracle E-Business Suite (EBS) attacks attributed to the Clop ransomware gang. The Hitachi-owned biz joins a growing roster of high-profile victims that also now includes The Washington Post and Allianz UK.β¦
UK governmental is working with the National Cyber Security Centre to understand and "mitigate" any risk that China-made imported electric buses could be remotely accessed and potentially disabled.β¦
The number of successful cyber insurance claims made by UK organizations shot up last year, according to the latest figures from the industry's trade association.β¦
FreshRSS