Attacks spilled contacts and emails from targeted accounts. Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world
Published: 2025-05-15T12:18:49
The presence of credentials in leaked "stealer logs" indicates his device was infected. Login credentials belonging to an employee at both the Cybersecurity and Infrastructure
Published: 2025-05-08T18:27:52
The verdict is a major victory for opponents of exploit sellers. A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-base
Published: 2025-05-07T00:26:14
Fake image-generating app allowed man to download 1.1TB of Disney-owned data. A California man has pleaded guilty to hacking an employee of The Walt Disney Company by tricking
Published: 2025-05-06T00:05:55
Mike Waltz needs to find a new app. A messaging service used by former National Security Advisor Mike Waltz has temporarily shut down while the company investigates an apparen
Published: 2025-05-05T21:37:21
Attack that started in April and remains ongoing runs malicious code on visitors' devices. Hundreds of e-commerce sites, at least one owned by a large multinational company, w
Published: 2025-05-05T19:05:13
Sometimes, less information is more In its latest gambit to reduce the noise of unnecessary security alerts, Socket has acquired Coana, a startup founded in 2022 by researchers from Aarhus University in Denmark that tells users which vulnerabilities
Published: 2025-05-15T15:31:11
Linux types mobilize website to help people avoid creating more e-waste The "End of 10" website is a cooperative effort to let people know that they have other options besides buying a new computer.
Published: 2025-05-15T09:26:10
Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patch Tuesday It's that time of the month again, and Microsoft has made it extra spicy by revealing five flaws it says are under active exploitation but rates as important rather than c
Published: 2025-05-14T00:44:11
Support for the underlying OS is another story Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That's well past a cut-off point of October 14 this year, when Redmond's support for Windows 10 offic
Published: 2025-05-12T22:03:45
Coinbase says cyber criminals bribed and recruited support workers to help steal customer data and trick victims into sending money to attackers. As a result of the attack, bad actors obtained the names, addresses, phone numbers, government IDs images, account data, and partial social security numbers of a small subset of users, according to a […] 
Coinbase says cyber criminals “bribed and recruited” support workers to help steal customer data and trick victims into sending money to attackers. As a result of the attack, bad actors obtained the names, addresses, phone numbers, government IDs i...
Published: 2025-05-15T16:25:13
Google is rolling out several new features to protect Android users from falling victim to phone call scams. Now, Android will automatically block users from sideloading an app for the first time from a web browser, messaging app, or other service while on a call with an unknown contact. Google will also stop users from […] 
Google is rolling out several new features to protect Android users from falling victim to phone call scams. Now, Android will automatically block users from sideloading an app for the first time from a web browser, messaging app, or other service ...
Published: 2025-05-13T13:00:00
Apple is known for prioritizing privacy and security, but there are additional measures you can turn to if you feel you need them. iPhones, iPads, and Macs have what's known as a Lockdown Mode that takes protecting your data to a whole new level. It's clear that this isn't for everyone: Apple describes it as […] 
Apple is known for prioritizing privacy and security, but there are additional measures you can turn to if you feel you need them. iPhones, iPads, and Macs have what's known as a Lockdown Mode that takes protecting your data to a whole new level. I...
Published: 2025-05-10T10:00:00
A brochure shared on Reddit provides new details on Eufy's first smart display. The Eufy Smart Display E10 hasn t been officially announced by Anker yet, but it's already received FCC certification and was recently demonstrated at a private event in New York. The smart display's manual has also leaked. According to the brochure, the Smart […] 
A brochure shared on Reddit provides new details on Eufy’s first smart display. The Eufy Smart Display E10 hasn’t been officially announced by Anker yet, but it’s already received FCC certification and was recently demonstrated at a private e...
Published: 2025-05-09T10:57:32
NSO Group, the Israeli spyware-maker behind Pegasus, must pay Meta $167.25 million for hacking 1,400 users across WhatsApp. A federal jury in California made the decision on Tuesday after the court found the NSO Group liable for the attacks last year. Meta sued NSO Group in 2019 after Citizen Lab found a vulnerability that allowed […] 
NSO Group, the Israeli spyware-maker behind Pegasus, must pay Meta $167.25 million for hacking 1,400 users across WhatsApp. A federal jury in California made the decision on Tuesday after the court found the NSO Group liable for the attacks last ye...
Published: 2025-05-06T18:33:39
A hacker has obtained direct messages and contact information from TeleMessage, the Israeli software company that offers modified versions of Signal, WhatsApp, Telegram, and other apps to the US government, according to a report from 404Media. Last week, a photo of former National Security Advisor Mike Waltz appeared to show him using a Signal clone […] 
A hacker has obtained direct messages and contact information from TeleMessage, the Israeli software company that offers modified versions of Signal, WhatsApp, Telegram, and other apps to the US government, according to a report from 404Media. Last...
Published: 2025-05-05T12:35:13
An American-Israeli national namedAlexander Gurevich has been arrested in Israel for his alleged involvement in exploiting the Nomad bridge smart-contract in August 2022 that allowed hackers to siphon $190 million. [...]
Published: 2025-05-16T12:25:50
During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. [...]
Published: 2025-05-16T11:23:22
For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer. [...]
Published: 2025-05-16T10:56:51
Ransomware gang members increasingly use a new malware called Skitnet ("Bossnet") to perform stealthy post-exploitation activities on breached networks. [...]
Published: 2025-05-16T10:00:00
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. [...]
Published: 2025-05-16T04:13:19
Hackers are running a worldwide cyberespionage campaign dubbed 'RoundPress,' leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. [...]
Published: 2025-05-15T15:14:39
Written by: Wesley Shields Google Threat Intelligence Group (GTIG) has identified a new piece of malware called LOSTKEYS, attributed to the Russian government-backed threat group COLDRIVER (also known as UNC4057, Star Blizzard, and Callisto). LOSTKE...
Published: 2025-05-07T14:00:00
Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 larg
Published: 2025-05-06T14:00:00
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for... 
Published: 2025-05-15T19:56:51
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch... 
Published: 2025-05-14T11:57:48
PLUS: South Korea signs for massive supercomputer; HCL gets into chipmaking; US tariffs slow APAC tech buying; and more Asia In Brief Chinese company Guoxing Aerospace last launched a dozen satellites, each packing a 744 TOPS of computing power, in the first step towards creating an orbiting constellation of 2,800 such satellites.
Published: 2025-05-19T00:32:14
Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks INTERVIEW The call came into the help desk at a large US retailer. An employee had been locked out of their corporate accounts.
Published: 2025-05-18T18:30:08
ZKLP system allows apps to confirm user presence in a region without exposing exactly where Computer scientists from universities in Germany, Hong Kong, and the United Kingdom have proposed a way to provide verifiable claims about location data without surrendering privacy.
Published: 2025-05-17T15:31:08
Phony LinkedIn recruitment ads? Groundbreaking Chinese government snoops - hiding behind the guise of fake consulting companies - are actively trying to recruit the thousands upon thousands of US federal employees who have been fired since President Trump took office.
Published: 2025-05-16T23:32:10
Crooks must be licking their lips at the possibilities Uncle Sam's consumer watchdog has scrapped plans to implement Biden-era rules that would've treated certain data brokers as credit bureaus, forcing them to follow stricter laws when flogging Americans' sensitive data.
Published: 2025-05-16T22:47:42
'We hope it makes attendees feel safe reporting violations' A Seattle court this week dismissed with prejudice the defamation case brought against DEF CON and its organizer Jeff Moss by former conference stalwart Christopher Hadnagy.
Published: 2025-05-16T15:27:11
Tech giant was in process of dropping payroll biz as it learned of breach Exclusive A ransomware attack at a Middle Eastern business partner of payroll company ADP has led to customer data theft at Broadcom, The Register has learned.
Published: 2025-05-16T13:32:05
We suspect Philippe Salle will need it, not to mention staff and customers If at first you don't succeed, transform, transform, and transform again is the corporate motto at Atos these days. The lumbering French-based megacorp has created another blueprint to return to its glory days, and it includes job cuts, offshoring and... AI.
Published: 2025-05-16T11:17:09
AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason Sponsored feature From the written word through to gunpowder and email, whenever an enabling technology comes along, you can be sure someone will be ready to use it for evil. Most tech is dual-use, and AI is no exception.
Published: 2025-05-16T09:00:13
They're smishing, they're vishing The FBI has warned that fraudsters are impersonating "senior US officials" using deepfakes as part of a major fraud campaign.
Published: 2025-05-16T00:16:10
Entire process took less than five minutes, prosecutors say A former DoorDash driver has pleaded guilty to participating in a $2.59 million scheme that used fake accounts, insider access to reassign orders, and bogus delivery reports to trigger payouts for food that was never delivered.
Published: 2025-05-15T23:14:35
DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon Interview The same miscreants behind recent cyberattacks on British retailers are now trying to dig their claws into major American retailers' IT environments and in some cases even deploying ransomware, according to Google.
Published: 2025-05-15T17:27:36
Expert tells us: 'It is the most unique breach disclosure I've ever seen' Coinbase says some of its overseas support staff were paid off to steal information on behalf of cybercriminals, and the company is now being extorted for $20 million.
Published: 2025-05-15T16:31:15
Sometimes, less information is more In its latest gambit to reduce the noise of unnecessary security alerts, Socket has acquired Coana, a startup founded in 2022 by researchers from Aarhus University in Denmark that tells users which vulnerabilities they can safely ignore.
Published: 2025-05-15T15:31:11
Lessons learned from last year's security snafu interview Being the chief information security officer at Snowflake is never an easy job, but last spring it was especially challenging.
Published: 2025-05-15T13:32:06
Would you believe it, this RaaS cartel says Russia is off limits DragonForce, a new-ish ransomware-as-a-service operation, has given organizations another cyber threat to worry about unless they re in Russia, which is off limits to the would-be extortionists.
Published: 2025-05-15T06:32:12
Ransomware or critical infra hit? Top US manufacturer maintains steely silence Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.
Published: 2025-05-14T20:40:54
How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content Two decades ago, CVSS revolutionized vulnerability management, enabling security teams to speak a common language when measuring and prioritizing risks posed by the vulnerability to the affected asset. However, today, the same tool that once guided us in the right direction is holding us back.
Published: 2025-05-14T18:15:40
Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet insists the pushback had nothing to do with it.
Published: 2025-05-14T17:40:14
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns are linked to two mystery open source libraries which it declined to name.
Published: 2025-05-14T16:29:08
'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation' There's a Max Schrems-shaped object standing in the way of Meta's plans to train its AI on the data of its European users, and he's come armed with several justifications for why Zuckercorp might be violating EU regulations with its stated plans.
Published: 2025-05-14T15:34:11
Admits due diligence fell short - furious users cry gaslighting Customers are blasting VPN Secure's new parent company after it abruptly axed thousands of "lifetime" accounts. The reason? The CEO admits in an interview with The Register that his team didn't dig deep enough before acquiring the virtual private network outfit, and simply can't afford to honor those legacy deals.
Published: 2025-05-14T14:17:12
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale' Patch Tuesday has rolled around again, but if you don't rush to implement the feast of fixes it delivered, your security won't be any worse off in the short term and may improve in the future.
Published: 2025-05-14T12:19:06
Crickets as senior security folk asked about risks at NCSC conference CYBERUK Peter Garraghan CEO of Mindgard and professor of distributed systems at Lancaster University asked the CYBERUK audience for a show of hands: how many had banned generative AI in their organizations? Three hands went up.
Published: 2025-05-14T09:26:13
Defenses are weaker, and victims are more likely to pay, SANS warns Criminals who attempt to damage critical infrastructure are increasingly targeting the systems that sit between IT and operational tech.
Published: 2025-05-14T06:33:11
Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patch Tuesday It's that time of the month again, and Microsoft has made it extra spicy by revealing five flaws it says are under active exploitation but rates as important rather than critical fixes.
Published: 2025-05-14T00:44:11
ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit Researchers at ETH Zurich in Switzerland have found a way around Intel's defenses against Spectre, a family of data-leaking flaws in the x86 giant's processor designs that simply won't die.
Published: 2025-05-13T21:15:48
Air Force Dumb The Trump administration is set to accept a $400 million luxury 747-8 from the royal family of Qatar a lavish "palace in the sky" meant as a temporary Air Force One. But getting it up to presidential security standards could take years and cost hundreds of millions more.
Published: 2025-05-13T20:37:40
Pay-to-play security on CVSS 10 issue is now fixed An update that fixed a critical flaw in data protection biz Commvault's Command Center was initially not available to a significant user subset those testing out a free trial version of the product. That is, until a security researcher pointed out the problem.
Published: 2025-05-13T17:31:13
Both agencies seem unbothered despite tech world's clear concerns for US infoseccers CYBERUK The top brass from the UK's cyber agency say everything is business as usual when it comes to the GCHQ arm's relationship with CISA, amid growing unease about the current administration's treatment of its US equivalent.
Published: 2025-05-13T14:00:12
Market cap down by more than 1B since April 22 Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.
Published: 2025-05-13T10:45:17
EUVD comes into play not a moment too soon The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems.
Published: 2025-05-13T10:00:09
'MarbledDust' gang has honed the skills it uses to assist Ankara Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began more than a year ago.
Published: 2025-05-13T07:29:05
Support for the underlying OS is another story Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That's well past a cut-off point of October 14 this year, when Redmond's support for Windows 10 officially ends unless you buy an extended support package.
Published: 2025-05-12T22:03:45
Cripes, we were only joking when we called Elon's social network the new state media Updated The US government's Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X.
Published: 2025-05-12T19:04:26
Today's complex IT environments demand a new approach Partner content For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have critical gaps in their ecosystems that leave them vulnerable to breaches.
Published: 2025-05-12T18:42:11
Intruders claim they stole GlobalX's flight records and manifests GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure.
Published: 2025-05-12T17:03:14
Providers argue that if end users prioritized security, they'd get it CYBERUK Intervention is required to ensure the security market holds vendors to account for shipping insecure wares imposing costs on those whose failures lead to cyberattacks and having to draft in cleanup crews. The security market must properly incentivize security vendors to do security better.
Published: 2025-05-12T09:33:07
We need to make taking IT systems 'off the books' a problem for corporate types Opinion It's been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due to ransomware attacks taking systems down for prolonged periods.
Published: 2025-05-12T08:30:12
PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you're never safe; and more Infosec in brief Good cybersecurity habits don't appear to qualify anyone to work at DOGE, as one Musk minion seemingly fell victim to infostealer malware.
Published: 2025-05-12T04:30:11
Rapid7 threat hunter wrote a PoC. No, he's not releasing it RSAC If Rapid7's Christiaan Beek decided to change careers and become a ransomware criminal, he knows exactly how he'd innovate: CPU ransomware.
Published: 2025-05-11T20:22:08
The FBI also issued a list of end-of-life routers you need to replace Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US Department of Justice unsealed indictments against four foreign nationals accused of running a long-running proxy-for-hire network that exploited outdated routers to funnel criminal traffic.
Published: 2025-05-10T14:02:08
France's share of MOD cash is growing while the US's shrinks The UK's Ministry of Defence (MOD) is gradually shifting its spending from the US to Europe, according to research from Tussell.
Published: 2025-05-10T10:46:12
Weapons-grade fuel for fraud Insight Partners, a mega venture capital firm with more than $90 billion in funds under management, fears network intruders got their hands on internal sensitive data about employees, portfolio companies, investors, and more.
Published: 2025-05-09T17:30:14
Linux giant finds Chinese environment to be perilous beneath pretty exterior SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.
Published: 2025-05-09T12:33:15
Ubuntu 25.10 fitted with Rust-written admin tool by default for memory safety's sake Canonical's Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default part of a push to cut memory-related security bugs and lock down core system components.
Published: 2025-05-08T06:38:08
Now individual school districts extorted by fiends An education tech provider that paid a ransom to prevent the leak of stolen student and teacher data is now watching its school district customers get individually extorted by either the same ransomware crew that hit it or someone connected to the crooks.
Published: 2025-05-08T00:43:29
CEO: Neural net tech 'flattens our hiring curve, helps us innovate' CrowdStrike the Texas antivirus slinger famous for crashing millions of Windows machines last year plans to cut five percent of its staff, or about 500 workers, in pursuit of "greater efficiencies," according to CEO and co-founder George Kurtz.
Published: 2025-05-07T23:28:26
Judge allows aspects of passenger lawsuit to proceed A federal judge has cleared the runway for a class action from disgruntled passengers against Delta Air Lines as turbulence from last year's CrowdStrike debacle continues to buffet the carrier.
Published: 2025-05-07T18:27:06
We were shocked SHOCKED by the answer Mirror, mirror on the wall, who is the slurpiest mobile browser of them all? The answer, according to VPN vendor Surfshark, is Chrome.
Published: 2025-05-07T17:38:05
The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.
Published: 2025-05-18T11:00:00
Plus: 12 more people are indicted over a $263 million crypto heist, and a former FBI director is accused of threatening Donald Trump thanks to an Instagram post of seashells.
Published: 2025-05-17T10:30:00
Following a WIRED inquiry, Telegram banned thousands of accounts used for crypto-scam money laundering, including those of Haowang Guarantee, a black market that enabled over $27 billion in transactions.
Published: 2025-05-14T20:00:00
Russell Vought, acting director of the Consumer Financial Protection Bureau, has canceled plans to more tightly regulate the sale of Americans’ sensitive personal data.
Published: 2025-05-14T16:53:00
Security researchers are publishing 1,000 email addresses they claim are linked to North Korean IT worker scams that infiltrated Western companies along with photos of men allegedly involved in the schemes.
Published: 2025-05-14T10:00:00
A new extra-secure mode for Android 16 will let at-risk users lock their devices down.
Published: 2025-05-13T18:33:06
Android’s “Scam Detection” protection in Google Messages will now be able to flag even more types of digital fraud.
Published: 2025-05-13T17:00:00
Before a crackdown by Telegram, Xinbi Guarantee grew into one of the internet’s biggest markets for Chinese-speaking crypto scammers and money laundering. And all registered to a US address.
Published: 2025-05-13T14:00:00
As AI-driven fraud becomes increasingly common, more people feel the need to verify every interaction they have online.
Published: 2025-05-12T10:00:00
Plus: A DOGE operative’s laptop reportedly gets infected with malware, Grok AI is used to “undress” women on X, a school software company’s ransomware nightmare returns, and more.
Published: 2025-05-10T10:30:00
A CBP spokesperson tells WIRED that the agency plans to expand its program for real-time face recognition at the border, potentially aiding Trump administration efforts to track people who self-deport.
Published: 2025-05-09T17:12:18
CBP’s acting commissioner has rescinded four Biden-era policies that aimed to protect vulnerable people in the agency’s custody, including mothers, infants, and the elderly.
Published: 2025-05-08T22:00:54
CBP says it has “disabled” its use of TeleMessage following reports that the app, which has not cleared the US government’s risk assessment program, was hacked.
Published: 2025-05-07T21:03:10
In the wake of SignalGate, a knockoff version of Signal used by a high-ranking member of the Trump administration was hacked. Today on Uncanny Valley, we discuss the platforms used for government communications.
Published: 2025-05-07T18:08:53
A new analysis of TM Signal’s source code appears to show that the app sends users’ message logs in plaintext. At least one top Trump administration official used the app.
Published: 2025-05-06T20:24:44
Now the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal.
Published: 2025-05-06T19:27:19
Customs and Border Protection has called for tech companies to pitch real-time face recognition technology that can capture everyone in a vehicle not just those in the front seats.
Published: 2025-05-06T09:00:00
The communications app TeleMessage, which was spotted on former US national security adviser Mike Waltz's phone, has suspended “all services” as it investigates reports of at least one breach.
Published: 2025-05-05T21:24:04
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.
Published: 2025-05-05T10:00:00
Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death.
Published: 2025-05-03T10:30:00
Modern apps move fast faster than most security teams can keep up. As businesses rush to build in the cloud, security often lags behind. Teams scan code in isolation, react late to cloud threats, and monitor SOC alerts only after damage is done. Attackers don’t wait. They exploit vulnerabilities within hours. Yet most organizations take days to respond to critical cloud alerts. That delay isn’t
Published: 2025-05-17T09:37:00
Cybersecurity researchers are calling attention to a new botnet malware called HTTPBot that has been used to primarily single out the gaming industry, as well as technology companies and educational institutions in China. "Over the past few months, it has expanded aggressively, continuously leveraging infected devices to launch external attacks," NSFOCUS said in a report published this week. "By
Published: 2025-05-16T17:07:00
Researchers at ETH Z rich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years. The vulnerability, referred to as Branch Privilege Injection (BPI), "can be exploited to misuse the prediction
Published: 2025-05-16T14:38:00
Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT. "Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents," Qualys security researcher Akshay Thorve said in a technical report. "The attack chain leverages mshta.exe for
Published: 2025-05-16T13:26:00
Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in. The move comes weeks after the social media behemoth announced its plans to train its AI models
Published: 2025-05-15T22:15:00
Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly
Published: 2025-05-15T19:58:00
Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn't theoretical: it
Published: 2025-05-15T16:55:00
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google
Published: 2025-05-15T16:13:00
Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive
Published: 2025-05-15T16:00:00
A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has
Published: 2025-05-15T15:35:00
Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. "This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final
Published: 2025-05-15T15:30:00
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to
Published: 2025-05-14T23:27:00
At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as CVE-2025-31324, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and
Published: 2025-05-14T23:20:00
A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee. According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering
Published: 2025-05-14T20:57:00
A new global phishing threat called "Meta Mirage" has been uncovered, targeting businesses using Meta's Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing
Published: 2025-05-14T19:35:00
A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while
Published: 2025-05-14T16:41:00
Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%. As attacks rise
Published: 2025-05-14T16:24:00
Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina. The campaign is "using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email
Published: 2025-05-14T16:10:00
Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them
Published: 2025-05-14T13:44:00
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to
Published: 2025-05-14T09:51:00
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials
Published: 2025-05-14T09:30:00
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda B y kkaya said in an analysis published today. Targets of the campaign
Published: 2025-05-13T20:43:00
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first
Published: 2025-05-13T20:17:00
The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them. The Most Powerful Person on the
Published: 2025-05-13T16:30:00
The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the "trajectory of the Russian invasion." "The group's interest in Ukraine follows historical targeting
Published: 2025-05-13T16:27:00
Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. "He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands," officials said in a statement Monday. In conjunction with the
Published: 2025-05-13T12:03:00
A T rkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the Microsoft Threat Intelligence team said. "The targets of the attack are associated with the Kurdish
Published: 2025-05-13T10:38:00
ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that's designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a
Published: 2025-05-12T19:33:00
What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It's not just clever it’s
Published: 2025-05-12T17:40:00
Detecting leaked credentials is only half the battle. The real challenge and often the neglected half of the equation is what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack
Published: 2025-05-12T16:30:00
Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms often advertised via legitimate-looking Facebook groups and viral social media campaigns,"
Published: 2025-05-12T12:56:00
Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users' personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs the fines the tech giant has paid to settle similar lawsuits brought by other U.S. states. In November 2022, it paid $391 million to a group of 40
Published: 2025-05-10T12:24:00
Germany's Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform. The operation was carried out on April 30, 2025, authorities said, adding they also confiscated 8 terabytes worth of data and cryptocurrency assets
Published: 2025-05-10T12:17:00
A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that's powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors. In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich
Published: 2025-05-09T21:58:00
The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have "actively and continuously" updated the malware, introducing versions v3 and v4 in
Published: 2025-05-09T21:55:00
Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025. "The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox," Cisco Talos
Published: 2025-05-09T17:10:00
AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask: Are they secure? AI agents work with sensitive data and make real-time decisions. If they’re not
Published: 2025-05-09T16:41:00
Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor. "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's
Published: 2025-05-09T16:27:00
The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct
Published: 2025-05-09T16:27:00
Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops. "The on-device approach provides instant insight on risky websites and allows us to offer
Published: 2025-05-09T12:43:00
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw
Published: 2025-05-09T09:59:00
Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin. "FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io
Published: 2025-05-08T20:53:00
61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration problem. Organizations are beginning to understand that a security control installed or deployed is not
Published: 2025-05-08T19:30:00
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below - CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an
Published: 2025-05-08T19:26:00
Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks," Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl
Published: 2025-05-08T19:17:00
The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan. The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called ANEL. "The ANEL file from
Published: 2025-05-08T16:02:00
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. "LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker," the Google Threat
Published: 2025-05-08T12:27:00
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an
Published: 2025-05-08T10:27:00
Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals aged between 19 and 22 and the United States has seized nine domains that are associated with the now-defunct platforms. "The suspects are believed to
Published: 2025-05-07T19:24:00
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape PupkinStealer : A .NET-Based Info-Stealer Interlock ransomware evolving under the radar Technical Analysis of TransferLoader Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2 Horabot Unleashed: A Stealthy Phishing Threat High Risk Warning for Windows […]
Published: 2025-05-18T11:54:10
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials Shields up US […]
Published: 2025-05-18T11:36:45
Chinese “kill switches” found in Chinese-made power inverters in US solar farm equipment that could let Beijing remotely disable power grids in a conflict. Investigators found “kill switches” in Chinese-made power inverters in US solar farm equipment. These hidden cellular radios could let Beijing remotely cripple power grids during a conflict. The Times reported that […]
Published: 2025-05-18T08:52:26
FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S. officials. The FBI warns that ex-government officials are being targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials. The FBI warns of a campaign using smishing and vishing with deepfake texts and AI voice messages impersonating senior […]
Published: 2025-05-17T16:39:03
Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting U.S. companies, shifting their focus across the Atlantic. The financially motivated group UNC3944 (also known as Scattered Spider, 0ktapus) is known for social engineering and extortion. The cybercrime group is suspected of hacking into hundreds of organizations over the past two years, […]
Published: 2025-05-17T13:36:18
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational […]
Published: 2025-05-17T08:02:24
On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox. On day two of Pwn2Own Berlin 2025, bug hunters earned a total of $435,000, which brings the contest total to $695,000, after $260,000 was awarded during the first day of the competition. The participants demonstrated […]
Published: 2025-05-16T20:11:35
New botnet HTTPBot is targeting China’s gaming, tech, and education sectors, cybersecurity researchers warn. NSFOCUS cybersecurity discovered a new botnet called HTTPBot that has been used to target the gaming industry, technology firms, and educational institutions in China. HTTPBot is a Go-based botnet first detected in August 2024, however, its activity surged by April 2025. The botnet […]
Published: 2025-05-16T18:54:26
Meta plans to train AI on EU user data from May 27 without consent; privacy group noyb threatens lawsuit over lack of explicit opt-in. Meta plans to use EU user data for AI training starting May 27 without explicit consent. Austrian privacy group noyb threatens a class action lawsuit if the social network giant does […]
Published: 2025-05-16T10:06:54
Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise growing concerns over data security and privacy risks. As enterprises embrace artificial intelligence (AI) to streamline operations and accelerate decision-making, a growing number are turning to cloud-based platforms like Azure OpenAI, AWS Bedrock, and Google Bard. In 2024 alone, over […]
Published: 2025-05-16T08:18:49