Cisco finally delivered a fix for a maximum-severity bug in AsyncOS that has been under attack for at least a month.β¦
What policy wonk wouldn't want to click on an attachment promising to unveil US plans for Venezuela? Chinese cyberspies used just such a lure to target US government agencies and policy-related organizations in a phishing campaign that began just days after an American military operation captured Venezuelan President NicolΓ‘s Maduro.β¦
A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub repositories and put every AWS environment in the world at risk, according to Wiz security researchers.β¦
A brand-new Linux malware named VoidLink targets victims' cloud infrastructure with more than 30 plugins that allow attackers to perform a range of illicit activities, from silent reconnaissance and credential theft to lateral movement and container abuse.Β β¦
Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack.β¦
Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes automatically when a file containing the poisoned metadata is loaded.β¦
A 21-year-old Swedish man accused of being a key organizer of violence-as-a-service linked to the Foxtrot criminal network, which police say has recruited and exploited minors, has been arrested in Iraq.β¦
exclusiveΒ When it comes to security, AI agents are like self-driving cars, according to Block Chief Information Security Officer James Nettesheim.β¦
While watching us now seems like the least of its sins, the US Immigration and Customs Enforcement (ICE) was once best known (and despised) for its multi-billion-dollar surveillance tech budget.β¦
CrowdStrike has signed a $740 million deal to buy identity security startup SGNL. The move underscores the growing threat of identity-based attacks as companies struggle to secure skyrocketing numbers of non-human identities, including AI agents.β¦
Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information - and warned that a public, proof-of-concept exploit for the flaw exists online.β¦
InterviewΒ With everyone from would-be developers to six-year-old kids jumping on the vibe coding bandwagon, it shouldn't be surprising that criminals like automated coding tools too.β¦
exclusiveΒ The European Space Agency on Wednesday confirmed yet another massive security breach, and told The Register that the data thieves responsible will be subject to a criminal investigation. And this could be a biggie.β¦
Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.β¦
Internet service provider Brightspeed confirmed that it's investigating criminals' claims that they stole more than a million customers' records and have listed them for sale for three bitcoin, or about $276,370.Β β¦
If you don't say "yes way" to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale β and, in some cases, has already been sold β on the dark web following a major infostealer campaign, with apparent victims including American utility engineering firm Pickett and Associates; Japan's homebuilding giant Sekisui House; and Spain's largest airline Iberia.β¦
Resecurity offered its "congratulations" to the Scattered Lapsus$ Hunters cybercrime crew for falling into its threat intel team's honeypot β resulting in a subpoena being issued for one of the data thieves. Meanwhile, the notorious extortionists have since removed their claims of gaining "full access" to the security shop's systems.β¦
interviewΒ AI agents represent the new insider threat to companies in 2026, according to Palo Alto Networks Chief Security Intel Officer Wendi Whitmore, and this poses several challenges to executives tasked with securing the expected surge in autonomous agents.β¦
Ilya Lichtenstein, who pleaded guilty to money-laundering charges tied to the 2016 theft of about 120,000 bitcoins from the Bitfinex exchange and was sentenced to five years in prison, has been released after roughly 14 months in the slammer.β¦
A cybercrook claims to have breached Pickett and Associates, a Florida-based engineering firm whose clients include major US utilities, and is selling what they claim to be about 139 GB of engineering data about Tampa Electric Company, Duke Energy Florida, and American Electric Power.Β The price is 6.5 bitcoin, which amounts to about $585,000.β¦
Login