Anthropic study suggests "poison" training attacks don't scale with model size. Scraping the open web for AI training data can have its drawbacks. On Thursday, researchers fro
Published: 2025-10-09T22:03:21
As more sites require IDs for user age verification, expect more such breaches to come. Discord says that hackers made off with images of 70,000 users’ government IDs that the
Published: 2025-10-09T18:24:13
Scattered LAPSUS$ Hunters gave Salesforce until Friday to pay or else. Salesforce says it’s refusing to pay an extortion demand made by a crime syndicate that claims to have s
Published: 2025-10-08T20:02:46
Smishers looking for new infrastructure are getting creative. Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing mes
Published: 2025-10-01T22:16:07
The chipmakers say physical attacks aren't in the threat model. Many users didn't get the memo. In the age of cloud computing, protections baked into chips from Intel, AMD, an
Published: 2025-09-30T20:25:08
Search shows 2 million vulnerable Cisco SNMP interfaces exposed to the Internet. As many as 2 million Cisco devices are susceptible to an actively exploited zero-day that can
Published: 2025-09-25T12:43:42
From homework helper to psychological hazard in 300 hours of sycophantic validation Feature When a close family member contacted Etienne Brisson to tell him that he'd created the world's first sentient AI, the Quebecois business coach was intrigued.
Published: 2025-10-08T11:58:12
CodeMender has been generating fixes for vulnerabilities in open source projects Google says its AI-powered security repair tool CodeMender has been helping secure open source projects through automated patch creation, subject to human approval.
Published: 2025-10-07T07:03:13
Speed or security? Why not have both? Sponsored Post Here's the contradiction grinding on enterprise IT leaders like you: AI's value lives in your unstructured content (the sprawling information corpus that actually runs the business). You want to u
Published: 2025-10-06T08:01:03
Open source giant admits intruders broke into dedicated consulting instance, but insists core products untouched What started as cyber crew bragging has now been confirmed by Red Hat: someone gained access to its consulting GitLab system and walked a
Published: 2025-10-03T14:42:04
Discord has identified approximately 70,000 users that may have had their government ID photos exposed as part of a customer service data breach announced last week, spokesperson Nu Wexler tells The Verge. A tweet by vx-underground said that the company was being extorted over a breach of its Zendesk instance by a group claiming to […] 
Discord has identified approximately 70,000 users that may have had their government ID photos exposed as part of a customer service data breach announced last week, spokesperson Nu Wexler tells The Verge. A tweet by vx-underground said that the co...
Published: 2025-10-08T17:34:02
1Password’s browser extension fills in your passwords automatically when you browse, and now the company has built a similar tool for AI bots browsing the web on your behalf, but for a very different reason. AI tools and browsers built on Claude, Gemini, and ChatGPT are increasingly using AI agents to browse the web, book […] 
1Password’s browser extension fills in your passwords automatically when you browse, and now the company has built a similar tool for AI bots browsing the web on your behalf, but for a very different reason. AI tools and browsers built on Cla...
Published: 2025-10-08T15:44:30
SwitchBot is expanding its already diverse line of smart home offerings with a new tracking fob that doubles as both a personal safety device and a quick way to gain entry to your home. SwitchBot's Safety Alarm looks like a keychain flashlight and even has LEDs when you need some extra illumination and don t want […] 
SwitchBot is expanding its already diverse line of smart home offerings with a new tracking fob that doubles as both a personal safety device and a quick way to gain entry to your home. SwitchBot’s Safety Alarm looks like a keychain flashlight and ...
Published: 2025-10-06T11:00:00
One of Discord's third-party customer service providers was compromised by an unauthorized party, the company says. The unauthorized party gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams and aimed to extort a financial ransom from Discord. The unauthorized party did […] 
One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says. The unauthorized party gained access to “information from a limited number of users who had contacted Discord through our Customer...
Published: 2025-10-03T19:52:50
Japan is facing a potential shortage of Asahi beer after a cyberattack against the beverage maker forced its systems offline. Asahi Group issued a statement on Monday announcing that order, shipment, and call center operations at the company had been suspended due to the systems outage, and that the disruption was limited to Japan. The […] 
Japan is facing a potential shortage of Asahi beer after a cyberattack against the beverage maker forced its systems offline. Asahi Group issued a statement on Monday announcing that order, shipment, and call center operations at the company had be...
Published: 2025-10-03T07:28:32
Microsoft is launching a Security Store that will be full of security software-as-a-service (SaaS) solutions and AI agents. It's part of a broader effort to sell Microsoft's Sentinel security platform to businesses, complete with Microsoft Security Copilot AI agents that can be built by security teams to help tackle the latest threats. The Microsoft Security […] 
Microsoft is launching a Security Store that will be full of security software-as-a-service (SaaS) solutions and AI agents. It’s part of a broader effort to sell Microsoft’s Sentinel security platform to businesses, complete with Microsoft Security...
Published: 2025-09-30T09:00:00
Security researchers are shining the spotlight on a serious security vulnerability that could enable stalkers to track victims using their own Tile tags, as well as other unwanted violations of security and privacy. Research outlined by Wired shows that Tile's anti-theft mode, which makes its trackers invisible on the Tile network, counteracts measures to prevent […] 
Security researchers are shining the spotlight on a serious security vulnerability that could enable stalkers to track victims using their own Tile tags, as well as other unwanted violations of security and privacy. Research outlined by Wired shows...
Published: 2025-09-29T18:03:30
President Donald Trump has signed an executive order recognizing the framework of a deal between ByteDance and the US that would satisfy the TikTok divest-or-ban law. The deal values TikTok's US operations at $14 billion and puts it under the control of companies based in the US. I spoke with President Xi [Jinping], we had […] 
President Donald Trump has signed an executive order recognizing the framework of a deal between ByteDance and the US that would satisfy the TikTok divest-or-ban law. The deal values TikTok’s US operations at $14 billion and puts it under the contr...
Published: 2025-09-25T17:13:28
A new report from Senate Democrats claims that members of Elon Musk's DOGE team have access to the Social Security numbers of all Americans in a cloud server that's lacking verified security measures, despite an internal assessment of potential catastrophic risk. The report, released by Sen. Gary Peters (D-MI), cites numerous disclosures from whistleblowers, including […] 
A new report from Senate Democrats claims that members of Elon Musk’s DOGE team have access to the Social Security numbers of all Americans in a cloud server that’s lacking verified security measures, despite an internal assessment of potential “ca...
Published: 2025-09-25T11:04:18
In today's hyper-connected world, cyber threats are more sophisticated and frequent than ever - ransomware, data breaches, and social engineering scams, targeting everyone from individuals to Fortune 500 companies. Right now, you can grab "Cybersecu
Published: 2025-10-10T14:11:25
Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure. [...]
Published: 2025-10-10T12:50:35
The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs. [...]
Published: 2025-10-10T04:24:16
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. [...]
Published: 2025-10-09T17:06:31
A cybercrime gang tracked as Storm-2657 has been targeting university employees in the United States to hijack salary payments in "pirate payroll" attacks since March 2025. [...]
Published: 2025-10-09T15:38:00
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. [...]
Published: 2025-10-09T15:31:55
Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. [...]
Published: 2025-10-09T14:09:26
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. [...]
Published: 2025-10-09T13:17:28
Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Introduction Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by
Published: 2025-10-09T14:00:00
Written by: Omar ElAhdan, Matthew McWhirt, Michael Rudden, Aswad Robinson, Bhavesh Dhake, Laith Al Background Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing from analysis of UN
Published: 2025-09-30T14:00:00
The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second. 
The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say...
Published: 2025-10-10T16:10:43
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to p... 
Published: 2025-10-07T22:45:35
No friends might be better than this.... 
Published: 2025-10-10T18:05:15
Forescout's phony water plant fooled TwoNet into claiming a fake cyber victory then it quietly shut up shop Security researchers say they duped pro-Russia cybercriminals into targeting a fake critical infrastructure organization, which the crew later claimed - via their Telegram group - to be a real-world attack.
Published: 2025-10-10T14:16:02
Crooks phish campus staff, slip into HR systems, and quietly reroute paychecks Microsoft's Threat Intelligence team has sounded the alarm over a new financially-motivated cybercrime spree that is raiding US university payroll systems.
Published: 2025-10-10T13:21:46
US and French fuzz pull the plug on Scattered Lapsus$ Hunters' latest leak shop targeting Salesforce US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office.
Published: 2025-10-10T10:19:29
Prospect apologizes for cyber gaffe affecting up to 160K members UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities.
Published: 2025-10-10T09:41:20
Just 250 malicious training documents can poison a 13B parameter model - that's 0.00016% of a whole dataset Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on.
Published: 2025-10-09T20:45:14
Affects users regardless of when their backups were created SonicWall has admitted that all customers who used its cloud backup service to store firewall configuration files were affected by a cybersecurity incident first disclosed in mid-September, walking back earlier assurances that only a small fraction of users were impacted.
Published: 2025-10-09T13:30:07
CRM giant 'will not engage, negotiate with, or pay' the scumbags Salesforce won't pay a ransom demand to criminals who claim to have stolen nearly 1 billion customer records and are threatening to leak the data if the CRM giant doesn't pony up some cash.
Published: 2025-10-08T17:20:30
Berlin's opposition likely kills off Brussels' bid to scan everyone's messages Germany has committed to oppose the EU's controversial "Chat Control" regulations following huge pressure from multiple activists and major organizations.
Published: 2025-10-08T12:53:10
Microsoft Copilot, not so much Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission.
Published: 2025-10-07T20:18:05
No fraud monitoring and no apology after miscreants make off with medical, financial data Florida-based Doctors Imaging Group has admitted that the sensitive medical and financial data of 171,862 patients was stolen during the course of a November 2024 cyberattack.
Published: 2025-10-07T16:15:06
Florida comms outfit serving cops, firefighters, and the military says hackers pinched some employee data but insists its systems stayed online BK Technologies, the Florida-based maker of mission-critical radios for US police, fire, and defense customers, has confessed to a cyber intrusion that briefly rattled its IT systems last month.
Published: 2025-10-07T15:55:54
It also banned some suspected Russian accounts trying to create influence campaigns and malware OpenAI has banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts.
Published: 2025-10-07T15:36:06
Space sensors and UAVs at sea top MoD's list in new wave of cutting-edge projects The UK is pressing ahead with cutting-edge defense projects, the latest including research to protect satellites from laser attack and a technology demonstrator for a jet-powered drone to operate from Royal Navy carriers.
Published: 2025-10-07T09:13:07
Department eyes new app to tap national ANPR data for live alerts, searches, and integrations The UK's Home Office is inviting tech suppliers to take part in a 60 million "market engagement" for an application that uses data from automated number plate recognition (ANPR) systems.
Published: 2025-10-07T08:30:11
How recycled passwords and poor security habits are fueling a cybercrime gold rush Partner Content If you're still using "password123" for more than one account, there's a good chance you've already exposed yourself to credential stuffing attacks one of the most prevalent and damaging forms of automated cybercrime today. Just ask the 6.9 million users of 23andMe who discovered their personal details were compromised when cybercriminals used recycled credentials from other breaches to infiltrate their accounts.
Published: 2025-10-07T08:00:14
Crime group claims to have already doled out $1K to those in it 'for money and for the love of the game' Scattered Lapsus$ Hunters has launched an unusual crowdsourced extortion scheme, offering $10 in Bitcoin to anyone willing to help pressure their alleged victims into paying ransoms.
Published: 2025-10-06T15:41:58
Ransomware crooks utterly fail to find moral compass First they targeted a preschool network, now new kids on the ransomware block Radiant Group say they've hit a hospital in the US, continuing their deplorable early cybercrime careers.
Published: 2025-10-06T13:20:49
Outsourcing your helpdesk always seems like a good idea until someone else's breach becomes your problem Discord has confirmed customers' data was stolen but says the culprit wasn't its own servers, just a compromised support vendor.
Published: 2025-10-06T12:18:03
No confirmed date but workers expected to return in the coming days Jaguar Land Rover is readying staff to resume manufacturing in the coming days, a company spokesperson confirmed to The Reg.
Published: 2025-10-06T10:28:05
Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that criminal crew Clop has already abused for data theft and extortion.
Published: 2025-10-06T09:40:46
Plus, PAN under attack, IT whistleblowers get a payout, and China kills online scammers Infosec in brief On August 29, the US Federal Emergency Management Agency fired its CISO, CIO, and 22 other staff for incompetence but insisted it wasn't in response to an online attack. New material suggests FEMA's claim may be false.
Published: 2025-10-06T08:55:50
Cupertino yanks ICEBlock citing safety risks for law enforcement Apple has deep-sixed an app that tracks the movements of US Immigration and Customs Enforcement (ICE) agents apparently bowing to government pressure.
Published: 2025-10-03T13:49:48
Overnight shutdown leaves thousands stuck as Oktoberfest crowds stretch city security Munich Airport was temporarily closed last night following reports of drones buzzing around the area.
Published: 2025-10-03T12:58:02
Even spy-tech biz Palantir says 'steady on' as 2.76M Brits demand it be ditched The British government has finally given more details about the proposed digital ID project, directly responding to the 2.76 million naysayers that signed an online petition calling for it to be ditched.
Published: 2025-10-03T12:05:16
Researchers suggest internet-facing portals are exposing 'thousands' of orgs Oracle has finally broken its silence on those Clop-linked extortion emails, but only to tell customers what they already should have known: patch your damn systems.
Published: 2025-10-03T11:38:37
Names, numbers, and reg plates exposed in latest auto industry cyber-shunt Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.
Published: 2025-10-03T08:55:21
Software maker Kodex said its domain registrar fell for a fraudulent legal order A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after attackers socially engineered AWS into freezing its domain.
Published: 2025-10-02T17:04:22
Extortion emails name-drop Big Red's E-Business Suite, though Google and Mandiant yet to find proof of any breach Criminals with potential links to the notorious Clop ransomware mob are bombarding Oracle execs with extortion emails, claiming to have stolen sensitive data from Big Red's E-Business Suite, according to researchers.
Published: 2025-10-02T12:45:06
Experts say Commission is fanning the flames of the continent's own Watergate An arsenal of angry European Parliament members (MEPs) is demanding answers from senior commissioners about why EU subsidies are ending up in the pockets of spyware companies.
Published: 2025-10-02T12:02:44
570GB of data claimed to be stolen by the Crimson Collective A hacking crew claims to have broken into Red Hat's private GitLab repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers.
Published: 2025-10-02T09:25:46
The longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register The US government shut down at 1201 ET on October 1, halting non-essential IT modernization and leaving cybersecurity operations to run on skeleton crews.
Published: 2025-10-01T19:48:23
Who wouldn't want root access on cluster master nodes? A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt services, and fully hijack the platform.
Published: 2025-10-01T19:35:44
Uncle Sam can't quit Redmond Exclusive The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.
Published: 2025-10-01T17:51:15
Allianz Life and WestJet lead the way, along with a niche software shop A trio of companies disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America.
Published: 2025-10-01T12:24:03
Only 15% considering deployments and just 7% say it'll replace humans in next four years Enterprises aren't keen on letting autonomous agents take the wheel amid fears over trust and security as research once again shows that AI hype is crashing against the rocks of reality.
Published: 2025-10-01T11:25:49
ICO investigation into platform's lack of age assurance continues The UK's data watchdog has described Imgur's move to block UK users as "a commercial decision" after signaling plans to fine parent company MediaLab.
Published: 2025-10-01T10:07:36
Politico avoids the topic at Labour conference speech, homes in on AI instead UK prime minister Keir Starmer avoided mentioning the mandatory digital ID scheme in his keynote speech to the Labour Party conference amid calls for him to put meat on the bones of the plans or risk it failing fast.
Published: 2025-10-01T09:13:51
Coursework 'gone forever' as 10% report critical damage Schools and colleges hit by cyberattacks are taking longer to restore their networks and the consequences are severe, with students' coursework being permanently lost in some cases.
Published: 2025-10-01T08:50:17
Phantom Taurus created custom malware to hunt secrets across Asia, Africa, and the Middle East Threat-hunters at Palo Alto Networks Unit 42 have decided a gang they spotted two years ago is backed by China, after seeing it sling a new variety of malware.
Published: 2025-10-01T02:59:07
It's not just big tech anymore The North Korean IT worker threat extends well beyond tech companies, with fraudsters interviewing at a "surprising" number of healthcare orgs, according to Okta Threat Intelligence.
Published: 2025-09-30T22:20:52
Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy Tile Bluetooth trackers leak identifying data in plain text, giving stalkers an easy way to track victims despite Life360's security promises, a group of Georgia Tech researchers warns.
Published: 2025-09-30T21:32:25
Stopping the spread isn't the same as stopping attacks, period Google on Tuesday rolled out a new AI tool in Drive for desktop that it says will pause syncing to limit ransomware damage, but it won't stop attacks outright.
Published: 2025-09-30T20:10:29
50,000 firewall devices still exposed Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by "advanced" attackers remain exposed to the internet, according to Shadowserver data.
Published: 2025-09-30T16:09:35
Sharing links take seconds to create, but can last for years Partner Content Seamless collaboration through cloud platforms like Microsoft 365 has radically reshaped the modern workplace. In the span of an hour, you could go from uploading budget proposals to a project channel to live editing a joint presentation with a business partner, all while making lunch plans over Teams. From remote work to video calls, it's never been easier to connect people, ideas, and information.
Published: 2025-09-30T15:00:10
Met's Croydon cameras hailed as a triumph, guidance to be published later this year The government is to encourage police forces across England and Wales to adopt live facial recognition (LFR) technology, with a minister praising its use by the London's Metropolitan Police in a suburb in the south of the city.
Published: 2025-09-30T10:01:07
Zhimin Qian recruited takeaway worker to launder funds through property overseas London's Metropolitan Police has secured a "landmark conviction" following a record-busting Bitcoin seizure and seven-year investigation.
Published: 2025-09-30T09:31:14
Impact? Nope, don't worry, be happy, says Linux veteran Opinion There has been considerable worry about the impact of the European Union's Cyber Resilience Act on open source programmers. Linux stable kernel maintainer Greg Kroah-Hartman says, however, that there won't be much of an impact at all.
Published: 2025-09-30T07:45:13
The federal government's not the only thing shutting down on Oct. 1 The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday will cut its ties to - and funding for - the Center for Internet Security, a nonprofit that provides free and low-cost cybersecurity services to state and local governments.
Published: 2025-09-30T00:16:07
MCP plus open source plus typosquatting equals trouble A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address.
Published: 2025-09-29T20:44:35
No personal info gulped as yet, but don't call for help Japan's largest brewery biz, Asahi, has shut down distribution systems following an online attack, and local drinkers will just have to make do with stocks as they stand.
Published: 2025-09-29T20:42:50
With the mercenary spyware industry booming, Apple VP Ivan Krsti tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million.
Published: 2025-10-10T09:15:00
New research shows that North Koreans appear to be trying to trick US companies into hiring them to develop architectural designs using fake profiles, r sum s, and Social Security numbers.
Published: 2025-10-10T09:00:00
“We are going to do everything in our power to fight this,” says ICEBlock developer Joshua Aaron after Apple removed his app from the App Store.
Published: 2025-10-09T17:22:32
As developers increasingly lean on AI-generated code to build out their software as they have with open source in the past they risk introducing critical security failures along the way.
Published: 2025-10-06T10:00:00
Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more.
Published: 2025-10-04T10:30:00
Documents show that ICE plans to hire dozens of contractors to scan X, Facebook, TikTok, and other platforms to target people for deportation.
Published: 2025-10-03T13:21:05
Google has launched a new AI-based protection in Drive for desktop that can shut down an attack before it spreads but its benefits have their limits.
Published: 2025-09-30T13:44:52
Google can create and manage passkeys from your browser, but the process is more involved than it suggests.
Published: 2025-09-30T11:30:00
Your logins will live on after you pass on. Make sure they end up in the right hands.
Published: 2025-09-29T11:00:00
A team of researchers found that, by not encrypting the data broadcast by Tile tags, users could be vulnerable to having their location information exposed to malicious actors.
Published: 2025-09-29T09:30:00
Harry Jackson went into Kathmandu as a tourist. He ended up being one of the main international sources of news on Nepal’s Gen Z protests.
Published: 2025-09-28T14:40:00
Plus: A ransomeware gang steals data on 8,000 preschoolers, Microsoft blocks Israel’s military from using its cloud for surveillance, call-recording app Neon hits pause over security holes, and more.
Published: 2025-09-27T14:25:49
Companies are going to great lengths to protect the infrastructure that provides the backbone of the world’s digital services by burying their data deep underground.
Published: 2025-09-27T12:00:00
By inflating numbers and narrowing definitions, Heritage promotes a false link between transgender identity and violence in its push for the FBI to create a new terrorism category.
Published: 2025-09-26T19:43:55
Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It's assessed that the malware is being propagated through
Published: 2025-10-10T19:55:00
A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday," the
Published: 2025-10-10T19:01:00
Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a "potential vulnerability" reported by a customer, uncovering "potentially suspicious
Published: 2025-10-10T17:12:00
The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt. But not all AI SOC platforms are created equal. From prompt-dependent copilots to autonomous, multi-agent systems, the current market offers
Published: 2025-10-10T16:30:00
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and energy
Published: 2025-10-10T16:15:00
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and
Published: 2025-10-10T15:04:00
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday. "We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst of
Published: 2025-10-10T12:11:00
A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL. "The initially observed campaigns were tailored to the targets, and the messages purported to be sent by senior researchers and analysts from legitimate-sounding, completely
Published: 2025-10-09T22:49:00
A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front
Published: 2025-10-09T21:00:00
SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks," the company said. It also noted that it's working to notify all
Published: 2025-10-09T19:18:00
Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface. This edition of ThreatsDay Bulletin explores these converging risks and the safeguards that help
Published: 2025-10-09T17:46:00
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small pieces of data called tokens. Tokens, like
Published: 2025-10-09T17:00:00
Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special Communications and Information Protection (SSSCIP) said. "Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed show clear signs of being generated
Published: 2025-10-09T14:40:00
Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the
Published: 2025-10-09T12:27:00
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company
Published: 2025-10-08T22:13:00
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web
Published: 2025-10-08T19:26:00
Every year, weak passwords lead to millions in losses and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops Software invite you to a live webinar: “
Published: 2025-10-08T17:38:00
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker News. "Announced shortly
Published: 2025-10-08T17:34:00
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can
Published: 2025-10-08T16:28:00
Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and alerts, all while operating with finite human resources. The irony is that while AI has become a
Published: 2025-10-08T14:27:00
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to
Published: 2025-10-08T12:46:00
A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs
Published: 2025-10-07T22:34:00
Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company's ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive and
Published: 2025-10-07T20:48:00
For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data
Published: 2025-10-07T16:30:00
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published last week. "These plugins are
Published: 2025-10-07T16:06:00
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. "An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,
Published: 2025-10-07T14:03:00
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain
Published: 2025-10-07T13:45:00
CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The malicious activity involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability that
Published: 2025-10-07T10:42:00
A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which is known to share links with the
Published: 2025-10-06T19:30:00
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these highlights help you spot what’s coming
Published: 2025-10-06T17:08:00
In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure AI pipelines, sensitive data assets, and the overall AI ecosystem. These solutions help
Published: 2025-10-06T17:08:00
Oracle has released an emergency update to address a critical security flaw in its E-Business Suite software that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle
Published: 2025-10-06T17:07:00
Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand
Published: 2025-10-06T17:06:00
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,
Published: 2025-10-06T11:31:00
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers the
Published: 2025-10-04T20:07:00
Threat intelligence firm GreyNoise disclosed on Friday that it has observed a massive spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described the traffic as targeted and structured, and
Published: 2025-10-04T16:09:00
A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has been tracking Detour Dog since August 2023, when
Published: 2025-10-03T23:41:00
The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. "Rhadamanthys was initially promoted through posts on cybercrime forums, but soon it became clear that the author had a
Published: 2025-10-03T21:28:00
Brazilian users have emerged as the target of a new self-propagating malware dubbed SORVEPOTEL that spreads via the popular messaging app WhatsApp. The campaign, codenamed Water Saci by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is "engineered for speed and propagation" rather than data theft or ransomware. "SORVEPOTEL has
Published: 2025-10-03T17:32:00
Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting
Published: 2025-10-03T17:00:00
A threat actor that's known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It's also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade Saiga,
Published: 2025-10-03T16:00:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution. "
Published: 2025-10-03T13:53:00
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries -- especially in Pakistan using spear-phishing and malicious documents as initial
Published: 2025-10-02T20:14:00
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first
Published: 2025-10-02T18:37:00
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to
Published: 2025-10-02T17:25:00
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real
Published: 2025-10-02T17:00:00
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. "This activity began on or
Published: 2025-10-02T16:55:00
Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, aren’t the alerts that can be dismissed quickly, but the ones that hide
Published: 2025-10-02T16:30:00
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware
Published: 2025-10-02T14:54:00
In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel's Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is designed as a hardware feature in Intel server processors that allows applications to be run in a Trusted Execution
Published: 2025-10-01T22:50:00
Juniper fixed nearly 220 flaws in Junos OS, Junos Space, and Security Director, including nine critical bugs in Junos Space. Juniper Networks released patches to address nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director, including nine critical flaws in Junos Space. One of these flaws, tracked as CVE-2025-59978 (CVSS score of 9.0), […]
Published: 2025-10-10T14:02:13
Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP. Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber incidents, […]
Published: 2025-10-10T13:31:36
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Grafana flaw, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. Grafana is an open-source platform for monitoring and observability. This flaw is a directory traversal vulnerability affecting versions […]
Published: 2025-10-10T08:27:02
RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, CCTV systems, and servers, active globally since June. Trend Micro researchers reported that the RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, NVRs, CCTV systems, and web servers, active globally since June. Experts noted that the latest […]
Published: 2025-10-10T07:33:56
ClayRat Android spyware targets Russian users via fake Telegram channels and phishing sites posing as popular apps like WhatsApp and YouTube. The ClayRat Android spyware campaign targets Russian users via fake Telegram channels and phishing sites posing as popular apps like Google Photos, WhatsApp, TikTok, YouTube. Zimperium named the spyware ClayRat after its C2 server, […]
Published: 2025-10-09T19:56:30
Threat actors are exploiting a critical flaw, tracked as CVE-2025-5947, in the Service Finder WordPress theme’s Bookings plugin. Threat actors are exploiting a critical vulnerability, tracked as CVE-2025-5947 (CVSS score 9.8), in the Service Finder WordPress theme’s Bookings plugin. The plugin (versions 6.0) has an authentication bypass issue allowing attackers to log in as any […]
Published: 2025-10-09T14:27:38
All SonicWall Cloud Backup users were impacted after hackers stole firewall configuration files from the MySonicWall service in early September. Threat actors stole firewall configuration backups from SonicWall’s cloud service, impacting all users of its MySonicWall cloud backup platform. In September, SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts […]
Published: 2025-10-09T09:35:00
Discord won’t pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed. Discord announced it won’t pay the threat actors claiming to have stolen data on 5.5M users, clarifying that only about 70K ID photos were actually exposed. The attackers claimed they have breached Discord’s Zendesk support instance, but […]
Published: 2025-10-09T08:49:40
Qilin ransomware claimed responsibility for the recent attack on the beer giant Asahi that disrupted operations in Japan. Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing company, known for producing top-selling beers like Asahi Super Dry, as well as soft drinks and other beverages. It operates both domestically and internationally, with a […]
Published: 2025-10-08T21:05:18
DragonForce, LockBit, and Qilin formed a ransomware alliance to boost attack effectiveness, marking a major shift in the cyber threat landscape. Ransomware groups DragonForce, LockBit, and Qilin formed a strategic alliance to enhance their attack capabilities, signaling an evolving cyber threat landscape. The alliance aims at sharing tools and infrastructure to enhance attack effectiveness. The […]
Published: 2025-10-08T18:20:02