Security Worm rubs out competitor's malware, then takes control All your compromised credentials are belong to us now instead of the other gang
Security 'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE
Security Meta U-turns on encryption push for Instagram as DMs go plaintext After years of insisting end-to-end encryption was the future of online comms, Zuckcorp has handed itself full visibility into user chats once again
Security Hackers ate my homework: Educational SaaS Canvas down after cyberattack ShinyHunters takes the credit and gives developer an F for security
Security Meta fights Ofcom over how many billions count as billions Social media biz says watchdog's fine formula is 'disproportionate' and should stop counting global revenue
security Mozilla boasts Mythos boosted Firefox bug cull Yet it remains unclear if Anthropic's uber model was effective, or if better model middleware is what makes the difference
security Anthropic response to 1-click pwn: Shouldn't have clicked 'ok' Security biz Adversa AI argues users of AI tools need clearer warnings
security 60% of MD5 password hashes are crackable in under an hour Happy World Password Day! Maybe it's finally time to kill this holiday in favor of World No-More-Passwords Day?
Security The network password was a key plot point in one of the most famous movies of all time Fortunately, it was a legit contractor who guessed it
AI + mL Arctic Wolf kicks 250 employees out of the pack to save money for AI Cuts appear to hit sales, product, and marketing, accounting for under 10% of staff
Security 1 in 8 employees totally cool with selling work credentials 13% say they’ve sold logins or know someone who has, survey suggests
Security Iran cybersnoops still LARPing as ransomware crooks in espionage ops MOIS-linked cyber outfit puts on a ransomware show to disguise the wide-open backdoor behind the scenes
security UK age-gating plans risk breaking the internet, privacy groups warn Activists say ministers are targeting access rather than Big Tech's data-hungry business models
Security India orders infosec red alert in case Mythos sparks crime spree Securities regulator urges market players to develop new strategies and nail cyber-basics before AI models fuel mass attacks
AI + ML ServiceNow clears agents for landing with new AI control tower ServiceNow acquisitions Veza and Traceloop join to monitor agents and AI workflows
Cyber-crime Attackers are cashing in on fresh 'CopyFail' Linux flaw Researchers dropped a reliable root exploit and it didn’t sit idle for long
Cyber-crime Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats
Security Romance scammers turn sweet talk into £102M payday Victims losing £280K a day to fake profiles and sob stories
Security Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation Vendors all use different formats. This tech translates them all so you can smooth your SOC
Research Kids say they can beat age checks by drawing on a fake mustache 46% say age checks are easy to bypass, and nearly a third admit getting around them
Security Shadow IT has given way to shadow AI. Enter AI-BOMs 'If you don't have visibility, you can't understand what to protect'
Security If the vote you rocked, your personal info can be grokked Even limited voter rolls can be linked to identify people, research shows
Security Five Eyes spook shops warn rapid rollouts of agentic AI are too risky Prioritize resilience over productivity, say CISA, NCSC and their friends from Oz, NZ, Canada
Security Brace for the patch tsunami: AI is unearthing decades of buried code debt Britain's cyber agency says the bill for years of technical shortcuts is coming due, and it's arriving all at once
Cyber-crime First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed Exploitation was underway before patches landed, at least one victim reports ransomware demand
Security OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that Altman's crew now doing the same gatekeeping it recently mocked
Cyber-crime Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down 313 Team tells Canonical: pay up or the packets keep coming
Security Passport to £££: Home Office adds £216M to travel doc contract before a single bid's been placed Start date pushed back a year, annual cost up a third, and UK's now handing out eight million passports a year
Security The never-ending supply chain attacks worm into SAP npm packages, other dev tools Mini Shai-Hulud caught spreading credential-stealing malware
Security Bot her emails: most modern phishing campaigns are AI-enabled KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start
Security FBI cyber boss: China's hacker-for-hire ecosystem 'out of control' One alleged cyber contractor was extradited to the US over the weekend
Cyber-crime French prosecutors link 15-year-old to mega-breach at state’s secure document agency Two computer crime allegations follow up to 18M lines of data surfacing online
Cyber-crime Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005 Turns out the real problem is not AI but staff still clicking on dodgy emails from 'IT support'
Cyber-crime What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Just in time for the Trump-Xi summit
Patches Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day Emergency patches out now for those managing the millions of domains assumed to be affected
Security Finance company stores DB credentials in helpfully labeled spreadsheet Great idea, guys. Let's keep all of the data in an Excel file with weak password protection
OSes Linux cryptographic code flaw offers fast route to root Patches land for authencesn flaw enabling local privilege escalation
Research Researchers move in the right direction, develop powerful GPS interference alarm ORNL says portable detector kit can separate real GPS signals from fake ones even at equal strength
Patches Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack Second try's a charm?
Security Legacy TLS tour continues with Exchange Online blocking old versions from July 2026 Microsoft readies the axe once again for yesterday's security
AI + ML Yet another experiment proves it's too damn simple to poison large language models There is no 6 Nimmt! champion, but a $12 domain registration and one Wikipedia edit convinced several bots there was
Security CISA flags data-theft bug in NSA-built OT networking tool GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough
Security GitHub: Zounds, a genuinely helpful AI-assisted bug report that isn't total slop! Here, Wiz, take this wad of cash Claude ploughs through months of work in rapid time, helps Wiz researchers nab lucrative award
Security 30 ClawHub skills secretly turn AI agents into a crypto swarm Yet another reason not to feast on OpenClaw
Cyber-crime Don't pay Vect a ransom - your data's likely already wiped out 'Full recovery is impossible for anyone, including the attacker'
Cyber-crime Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump
Cyber-crime Ongoing supply-chain attack 'explicitly targeting' security, dev tools Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump
AI + ML Cursor-Opus agent snuffs out startup’s production database Relax, the data's been recovered. Continue with your vibe coding
Cyber-crime Medical and utility tech companies admit digital breakins Itron, Medtronic disclose breaches in Friday filings
Security Cybersec is a thankless job: expanding workload and shrinking pay packet Global recruitment giant says 71% of human firewalls saw wages stagnate last year as threats and responsibilities grew
Cyber-crime Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt Security giant says attackers grabbed 'limited set' of data. Crooks claim 10 million records
Security Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now AI vuln-hunter finds what humans taught it to find. Funny that
Security AI's not going to kill open source code security Cal.com considers AGPL a license to drill, but not everyone feels that way
Cyber-crime Crime crew impersonates help desk, abuses Microsoft Teams to steal your data Coming in cold with custom Snow malware
Cyber-crime ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records
Cyber-crime Governments on high alert after CISA snuffs out Firestarter backdoor on fed network Latest in long-running pwning of Cisco kit found in mystery Fed agency
Security Intel bets the farm on AI inference to drag CPU back to the top table Chipzilla hopes agents, robots, and edge devices make CPUs cool again... now it has to build the chips
Security It's a myth that you need Mythos to find bugs: Open source models can do it just as well OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs
Security Greece relaxes Euro biometric border entry rules amid airport chaos Missed flights and more means something has got to give at the border
Research Researchers find cyber-sabotage malware that may predate Stuxnet by five years FAST16 could be the first cyberweapon, and its effects could be with us today
Security Weak security means attackers could disable all of a city's public EV chargers Demonstrated in China, probably applicable elsewhere
Security Dev targeted by sophisticated job scam: 'I let my guard down, and ran the freaking code' Legit-looking website, camera-on interviews, jokes about backdoors ... it worked
AI + ML Claude Opus 4.7 has turned into an overzealous query cop, devs complain Rising refusal rate from Acceptable Use Classifier leaves customers paying for nothing
Security Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn All the Typhoons, everywhere, all at once
Security Age checks could turn internet into an ID checkpoint, complains Proton CEO Push to protect minors risks hitting everyone online
Cyber-crime Medical data of 500k Biobank volunteers listed for sale on Alibaba, UK minister reveals World's largest biomedical dataset lifted and shifted on Chinese mega marketplace
Security If malware via monitor cables is a matter of national security, this might be the gadget for you Orgs can now buy UK cyber agency engineered commercial gadget, but details are slim
Security Using the password 'admin123' wasn't as bad as sharing it on Slack Keeping it simple for the developers can lead to very complex headaches later
Security Pass the key, passwords have passed their sell-by date NCSC passes judgment: passkeys pass muster, passwords fail
Cyber-crime Another npm supply chain worm is tearing through dev environments Plus, the payload references 'TeamPCP/LiteLLM method'
Security Anthropic's super-scary bug hunting model Mythos is shaping up to be a nothingburger Hackpocalypse deferred
AI + ML OpenAI now lets you screenshot your privacy in the foot Make your model smarter through self-surveillance
Security Google unleashes even more AI security agents to fight the baddies Along with a bunch of new services to make sure those same agents don't cause chaos
Cyber-crime France's 'Secure' ID agency probes breach as crooks claim 19M records Gov admits 'incident' as forum sellers boast of fresh haul covering up to a third of the population
Security Scotland Yard can keep using live facial recognition on people in London, say judges Judges say cops face-slurping not a problem under current human rights laws
Security Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor NCSC boss says China's whole-of-state cyber machine has become Britain's peer competitor in cyberspace
Security Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide Lawmakers decry CISA cuts: 'We are shooting ourselves in the foot'
Cyber-crime macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up
Cyber-crime Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords Plus: Court papers reveal nonprofit paid a ransom worth nearly $26.8 million
Cyber-crime AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account CEO suspects silicon sidekick behind 'surprising velocity' breach - cyber crims shop stolen data for $2M
Cyber-crime Crook claims to leak 'video surveillance footage' of companies Mexican IT services firm admits it was hacked, but says client operations weren't affected
Security Met police trials snoop tech platform in push to cuff more London shoplifters No facial recognition privacy intrusions either! Well, maybe a little
Cyber-crime Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Fake emails already doing the rounds as ransomware crew boasts about what it allegedly stole
Security Panasonic creates device-locked QR codes to speed facial biometric capture Admins are tired of taking photos, so this enables secure on-site unattended enrolment
Security Iran claims US used backdoors to knock out networking equipment during war And China is loving it
Security Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus A lesson in how not to respond to vulnerability reports
Security Claude Desktop changes app access settings for browsers you don't even have installed yet Installation and pre-approval without consent looks dubious under EU law
Cyber-crime Scot becomes second Scattered Spider-linked crook to plead guilty in US Tyler Buchanan admits role in scheme that stole at least $8 million in virtual currency
Security Next.js developer Vercel warns of customer credential compromise Blames outfit called Context.ai, which reckons an agentic OAuth tangle caused the incident
Security Just like phishing for gullible humans, prompt injecting AIs is here to stay Aren't we all just prompting tokens of linguistic meaning and hoping the other person isn't bullshitting us?
Security I meant to do that! AI vendors shrug off responsibility for vulns Passing the buck, and the blame, down the road shows lack of AI companies' maturity
Security Google Chrome lacks protection against one of the most basic and common ways to track users online
Patches Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
Security Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
Security Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
Cyber-crime 'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree
Security Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse
Security They thought they were downloading Claude Code source. They got a nasty dose of malware instead
Cyber-crime AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
Security Google gives Android users a way to install unverified apps if they prove they really, really want to
Security Gartner suggests Friday afternoon Copilot ban because tired users may be too lazy to check its mistakes
