Expert calls security advice "unfairly outsourcing the problem to Anthropic's users." On Tuesday, Anthropic launched a new file-creation feature for its Claude AI assistant th
Published: 2025-09-09T20:55:34
Users of SAP's S/4HANA and NetWeaver products are at risk and should patch soon. As hackers exploit a high-severity vulnerability in SAP’s flagship Enterprise Resource Plannin
Published: 2025-09-09T19:55:22
Meta allegedly prioritized user growth over security, lawsuit said. Over the past year, Meta has blanketed TV screens around the world with commercials touting the privacy of
Published: 2025-09-08T20:26:02
Assume all Drift credentials are compromised after Workspace breach, Google says. Google is advising users of the Salesloft Drift AI chat agent to consider all security tokens
Published: 2025-08-29T12:15:00
Vulnerability can be exploited to gain access to customers' crown jewels. The maker of Passwordstate, an enterprise-grade password manager for storing companies’ most privileg
Published: 2025-08-28T18:46:43
Malicious websites can embed invisible commands that AI agents will follow blindly. As AI assistants become capable of controlling web browsers, a new security challenge has e
Published: 2025-08-27T16:17:29
Popular npm packages debug, chalk, and others hijacked in massive supply chain attack Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his n
Published: 2025-09-08T19:06:11
Package queues jammed until Monday despite brief downtime When is an outage not an outage? According to Canonical's forum, it's when a 36-minute server disruption creates a multi-day backlog that leaves users unable to install or update Ubuntu system
Published: 2025-09-08T14:59:08
If an employer asks you do to this, demand a trial run so you can learn the rules of this strange new world A startup called Job Bolt has created AI avatars that conduct job interviews. The Register couldn't help but give it a try and can report that
Published: 2025-09-06T08:33:07
tldr; boffins did it interview It all started as an idea for a research paper.
Published: 2025-09-05T20:11:13
It's less noticeable than a thinner profile or trick camera lenses, but Apple is pointing out another upgrade in the iPhone 17 family of phones that it says is part of the most significant upgrade to memory safety in the history of consumer operatin
Published: 2025-09-09T20:05:58
The Plex media streaming platform has been breached in what looks to be a repeat of a 2022 incident that saw authentication data and encrypted passwords compromised. The company is urging users to change their password, enable two-factor authentication, and sign out of any connected devices that might already be logged in. In an email sent to […] 
The Plex media streaming platform has been breached in what looks to be a repeat of a 2022 incident that saw authentication data and encrypted passwords compromised. The company is urging users to change their password, enable two-factor ...
Published: 2025-09-09T03:44:04
At IFA 2025, Reolink announced the TrackFlex Floodlight WiFi, a hardwired and dual-lens floodlight camera for monitoring outside your home. Video is recorded in 4K resolution with a choice of wide or telephoto views. The pan-tilt controls provide 360-degree coverage and 270-degree out-of-field motion detection, with the latter enabling it to automatically rotate to capture […] 
At IFA 2025, Reolink announced the TrackFlex Floodlight WiFi, a hardwired and dual-lens floodlight camera for monitoring outside your home. Video is recorded in 4K resolution with a choice of wide or telephoto views. The pan-tilt controls provide 3...
Published: 2025-09-05T08:30:00
Eufy, Anker's smart home brand, has announced a new outdoor security solution with a stationary 4K wide-angle camera that can spot intruders and then trigger a pair of 2K cameras to pan, tilt, and zoom in to get a closer look at their faces, even when they re up to 164 feet away. Priced at $299, […] 
Eufy, Anker’s smart home brand, has announced a new outdoor security solution with a stationary 4K wide-angle camera that can spot intruders and then trigger a pair of 2K cameras to pan, tilt, and zoom in to get a closer look at their faces, even w...
Published: 2025-09-04T04:30:00
"Agentic AI systems are being weaponized." That's one of the first lines of Anthropic's new Threat Intelligence report, out today, which details the wide range of cases in which Claude - and likely many other leading AI agents and chatbots - are being abused. First up: "Vibe-hacking." One sophisticated cybercrime ring that Anthropic says it […] 
"Agentic AI systems are being weaponized." That's one of the first lines of Anthropic's new Threat Intelligence report, out today, which details the wide range of cases in which Claude - and likely many other leading AI agents and chatbots - are b...
Published: 2025-08-27T06:00:00
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it. [...]
Published: 2025-09-10T13:56:15
A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it's opened. [...]
Published: 2025-09-10T11:46:24
Jaguar Land Rover (JLR) confirmed today that attackers also stole "some data" during a recent cyberattack that forced it to shut down systems and instruct staff not to report to work. [...]
Published: 2025-09-10T11:29:16
The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10 billion from Americans last year. [...]
Published: 2025-09-09T16:25:49
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. [...]
Published: 2025-09-09T15:16:30
Today is Microsoft's September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities. [...]
Published: 2025-09-09T13:43:33
Written by: Rommel Joven, Josh Fleischer, Joseph Sciuto, Andi Slok, Choon Kiat Ng Update (September 3): This post was updated to include information about GoTokenTheft usage. In a recent investigation, Mandiant Threat Defense discovered an active V
Published: 2025-09-03T14:00:00
Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Update (August 28) Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other int
Published: 2025-08-26T14:00:00
by Eli Hager ProPublica is a nonprofit newsroom that in
Published: 2025-09-08T05:00:00
by Renee Dudley ProPublica is a nonprofit newsroom that
Published: 2025-08-29T16:10:00
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond... 
Published: 2025-09-09T21:21:14
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack... 
Published: 2025-09-08T22:53:41
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials b... 
Published: 2025-09-01T21:55:04
The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was payi... 
Published: 2025-08-26T14:05:12
'We do believe that this was likely the creation of a cybercrime group,' threat hunter tells The Reg ChillyHell, a modular macOS backdoor believed to be long dormant, has likely been infecting computers for years while flying under the radar, according to security researchers who spotted a malware sample uploaded to VirusTotal in May.
Published: 2025-09-10T19:06:34
Systems offline as specialists continue to comb through wreckage Jaguar Land Rover (JLR) says "some data" was affected after the luxury car maker suffered a digital break-in early last week.
Published: 2025-09-10T16:05:20
Prosecutors claim Ukrainian ran LockerGoga, MegaCortex, and Nefilim ops $11M bounty on his head A Ukrainian national faces serious federal charges and an $11 million bounty after allegedly orchestrating ransomware operations that caused an estimated $18 billion in damages across hundreds of organizations worldwide.
Published: 2025-09-10T11:30:15
One parent expressed concern for their child's safety A clumsy data breach has affected hundreds of children at a Birmingham secondary school.
Published: 2025-09-10T10:13:06
Are you sure you know who has access to your systems? Feature Jaguar Land Rover (JLR) is the latest UK household name to fall victim to a major cyberattack. IT systems across multiple sites have been offline for over a week after what the company described as a "severe disruption."
Published: 2025-09-10T08:00:14
ERP giant patches flaw that allows total takeover of NetWeaver, Microsoft has nothing under attack for once September's Patch Tuesday won't require Microsoft users to rapidly repair rancid software, but SAP users need to move fast to address extremely dangerous bugs.
Published: 2025-09-10T03:31:11
Miscreants cost victims time rather than money During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages reached one in 10 cloud environments, according to Wiz researchers. But crypto-craving crims did little more than annoy defenders.
Published: 2025-09-09T21:41:12
Now if only someone would remember to apply those rules inside the DoD It's about to get a lot harder for private companies that are lax on cybersecurity to get a contract with the Pentagon, as the Defense Department has finalized a rule requiring contractor compliance with its Cybersecurity Maturity Model Certification (CMMC) program.
Published: 2025-09-09T20:06:20
'The practice has since been fixed,' Pentagon official tells The Reg The US Department of Defense, up until this week, routinely left its social media accounts wide open to hijackers via stream keys - unique, confidential identifiers generated by streaming platforms for broadcasting content. If exposed, these keys can allow attackers to output anything they want from someone else's channel.
Published: 2025-09-09T17:53:55
HelloGym's data security clearly skipped leg day Exclusive Sensitive info from hundreds of thousands of gym customers and staff including names, financial details, and potentially biometric data in the form of audio recordings was left sitting in an unencrypted, non-password protected database, according to a security researcher who shut it down.
Published: 2025-09-09T17:00:11
For the third time in a decade Streaming platform Plex is warning some users to reset their passwords after suffering yet another breach.
Published: 2025-09-09T13:45:13
Ivalo XE handset targets governments and security critical sectors, though Qualcomm silicon keeps it tied to the US Finnish phone maker HMD Global is launching a business unit called HMD Secure to target governments and other security-critical customers, and has its first device ready to go.
Published: 2025-09-09T10:15:57
AI security reviews add new risks, say researchers App security outfit Checkmarx says automated reviews in Anthropic's Claude Code can catch some bugs but miss others and sometimes create new risks by executing code while testing it.
Published: 2025-09-09T09:30:06
Charities welcome change, but critics warn the law is already too broad Tech companies will be legally required to prevent content involving self-harm from appearing on their platforms rather than responding and removing it in a planned amendment to the UK's controversial Online Safety Act.
Published: 2025-09-09T06:29:09
Including messages sent to users, a potential problem for the privacy-conscious Updated Encrypted messaging app Signal is rolling out a free storage system for its users, with extra space if folks are willing to pay for it.
Published: 2025-09-09T03:33:10
Meta shrugs off allegations of improper dismissal, ignoring privacy and security WhatsApp's former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him for reporting security failings that violated legal commitments.
Published: 2025-09-08T23:36:03
Auditors find federal cybersecurity workforce data messy, incomplete, and unreliable The US federal government employs tens of thousands of cybersecurity professionals at a cost of billions per year or at least it thinks it does, as auditors have found the figures are incomplete and unreliable.
Published: 2025-09-08T21:02:16
Meanwhile the victim count grows The Salesloft Drift breach that compromised "hundreds" of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft GitHub account in March.
Published: 2025-09-08T19:52:03
Popular npm packages debug, chalk, and others hijacked in massive supply chain attack Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his npm account.
Published: 2025-09-08T19:06:11
Plus ties to the Chinese spies who hacked Barracuda email gateways Security researchers have uncovered dozens of domains used by Chinese espionage crew Salt Typhoon to gain stealthy, long-term access to victim organizations going back as far as 2020.
Published: 2025-09-08T17:47:06
Busy lawyers on hold for five hours as staff handhold users into deploying the security measure US courts have warned of delays as PACER, the system for accessing court documents, struggles to support users enrolling in its mandatory MFA program.
Published: 2025-09-08T13:15:11
Plus: Google clears up Gmail concerns, NSA drops SBOM bomb, Texas sues PowerSchool, and more Infosec in brief The US Cybersecurity and Infrastructure Security Agency (CISA) has said two flaws in routers made by Chinese networking biz TP-Link are under active attack and need to be fixed but there's another flaw being exploited as well.
Published: 2025-09-08T11:46:14
Fallout from latest political drama sparks a changing of the guard UK prime minister Sir Keir Starmer cleared out the officials in charge of tech and digital law in a dramatic cabinet reshuffle at the weekend.
Published: 2025-09-08T11:20:15
tldr; boffins did it interview It all started as an idea for a research paper.
Published: 2025-09-05T20:11:13
Pro tip, don't install PowerShell commands without approval A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique called ClickFix, which uses fake fixes and login prompts.
Published: 2025-09-05T19:45:35
9.9-rated flaw on the loose, so patch now A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.
Published: 2025-09-05T18:04:14
Affinity Learning Partnership warns staff after Intradev breach A major UK education trust has warned staff that their personal information may have been compromised following a cyberattack on software developer Intradev in August.
Published: 2025-09-05T08:30:13
You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping malware on infected machines.
Published: 2025-09-04T23:14:00
AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.
Published: 2025-09-04T22:18:14
Defrauding search with custom malware, Potato-family exploits A new China-aligned cybercrime crew named GhostRedirector has compromised at least 65 Windows servers worldwide - spotted in a June internet scan - using previously undocumented malware to juice gambling sites' rankings in Google search, according to ESET researchers.
Published: 2025-09-04T20:57:25
Nexthink estimates ESU bills could top $7.3B as millions of devices set to miss upgrade deadline Free support is ending for many editions of Windows 10 on October 14, and enterprises unable to make the jump are on the hook for billions to keep the fixes flowing.
Published: 2025-09-04T12:01:07
Privacy campaigners cry foul as grocer joins Asda, Iceland, and others in retail surveillance boom Sainsbury's, Britain's second-largest supermarket chain, has caught the attention of privacy campaigners by launching an eight-week trial of live facial recognition (LFR) tech in two of its stores to curb shoplifting.
Published: 2025-09-04T08:30:08
Web giant and Chinese e-tailer whacked for dropping trackers without permission France's data protection authority levied massive fines against Google and SHEIN for dropping cookies on customers without securing their permission, and also whacked Google for showing ads in email service.
Published: 2025-09-04T06:00:11
Seven-year-old Cisco vuln that remains inexplicably unpatched is their way in The US State Department has put a $10 million bounty on the heads of three Russians accused of being intelligence agents hacking America's critical infrastructure - primarily via old Cisco kit, it seems.
Published: 2025-09-04T01:31:10
Clock is ticking US security leaders have urged lawmakers to reauthorize two key pieces of cyber legislation, including one that facilitates threat-intel sharing between the private sector and federal government, before they expire at the end of the month.
Published: 2025-09-04T00:01:16
September bundle the largest this year, and possibly the most serious Patch Tuesday is next week, but Android is ahead of the game, dropping its biggest patch bundle this year while attackers actively exploit two of the now-fixed flaws.
Published: 2025-09-03T21:51:51
LLMs and 0-days - what could possibly go wrong? Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check Point cybersecurity evangelist Amit Weigman.
Published: 2025-09-03T21:06:29
AI-powered ransomware, extortion chatbots, vibe hacking just wait until agents replace affiliates It's no secret that AI tools make it easier for cybercriminals to steal sensitive data and then extort victim organizations. But two recent developments illustrate exactly how much LLMs lower the bar for ransomware and other financially motivated cybercrime - and provide a glimpse to defenders about what's on the horizon.
Published: 2025-09-03T17:22:41
Engineers wrangle 55 TB restore and traffic replay as millions of messages queue up A RAID failure has taken the Matrix.org homeserver offline, leaving users of the decentralized messaging service unable to send or receive messages while engineers attempt a 55 TB database restore.
Published: 2025-09-03T14:03:10
Universities are being used to proxy offensive government operations, turning research access decisions political Censys Inc, vendor of the popular Censys internet-mapping tool, has revealed that state-based actors are trying to abuse its services by hiding behind academic researchers.
Published: 2025-09-03T05:45:07
Show of hands: who WASN'T targeted? The list of victims keeps growing, as yet another company Cloudflare today disclosed that some of its customers' data was also compromised in the Salesloft Drift breach.
Published: 2025-09-02T20:47:33
Enough governments love it and it's highly lucrative Governments can't get enough of hacking services to use against their citizens, despite their protestations that elements of the trade need sanctioning.
Published: 2025-09-02T20:25:19
Joins Google, Palo Alto Networks in the ever-growing supply chain compromise Zscaler is the latest company to disclose some of its customers' data was exposed in the recent spate of Salesloft Drift attacks affecting Salesforce databases.
Published: 2025-09-02T17:54:03
Security firm's Salesforce instance accessed using credentials stolen from Salesloft's Drift platform breach Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft Drift break-in to gain entry to its Salesforce instance.
Published: 2025-09-02T14:55:59
Brit limb books just 188M in revenue down 85% since 2019 Huawei's business in Britain has dwindled in the half-decade since the UK acquiesced to demands from the US to ban the Chinese networking giant from local telco networks.
Published: 2025-09-02T10:01:15
Major flaws uncovered in Copeland controllers: Patch now Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions.
Published: 2025-09-02T09:00:15
As government says 9B could end up in Redmond, poll says it's time for new thinking Register debate series Register readers are backing a shift away from Microsoft software as a default across the UK public sector after the government confirmed it expects to spend 9 billion with the software giant over five years.
Published: 2025-09-02T08:31:12
Bloc working on anti-jamming measures and plans extra sat to help A plane carrying European Commission (EC) president Ursula von der Leyen to Bulgaria was forced to resort to manual navigation techniques after GPS jamming that authorities have pinned on Russia.
Published: 2025-09-02T06:45:07
Cisco finds hundreds of Ollama servers open to unauthorized access, creating various nasty risks Cisco's Talos security research team has found over 1,100 Ollama servers exposed to the public internet, where miscreants can use them to do nasty things.
Published: 2025-09-02T05:15:07
BAE's sub hunter production line warms up shame it's not for Britain Norway has ordered British-made Type 26 frigates in a contract valued at roughly 10 billion to the UK economy, but this may delay the introduction of the Royal Navy's own desperately needed ships.
Published: 2025-09-01T11:22:48
On Wednesday morning, Poland shot down several Russian drones that entered its airspace a first since Moscow’s invasion of Ukraine. The incident disrupted air travel and set the region on edge.
Published: 2025-09-10T13:58:37
A new report warns that the number of US investors in powerful commercial spyware rose sharply in 2024 and names new countries linked to the dangerous technology.
Published: 2025-09-10T11:00:00
After 25 years at the Electronic Frontier Foundation, Cindy Cohn is stepping down as executive director. In a WIRED interview, she reflects on encryption, AI, and why she’s not ready to quit the battle.
Published: 2025-09-09T21:00:00
From data-removal services to threat monitoring, the Public Service Alliance says its new marketplace will help public servants defend themselves in an era of data brokers and political violence.
Published: 2025-09-09T10:00:00
Geedge Networks, a company with ties to the founder of China’s mass censorship infrastructure, is selling its censorship and surveillance systems to at least four other countries in Asia and Africa.
Published: 2025-09-09T03:00:00
Plus: An AI chatbot system is linked to a widespread hack, details emerge of a US plan to plant a spy device in North Korea, your job’s security training isn’t working, and more.
Published: 2025-09-06T10:30:00
President Donald Trump said the so-called Department of War branding is to counter the “woke” Department of Defense name.
Published: 2025-09-05T22:22:27
DHS says retired Marine sniper Dan LaLota’s firm is uniquely qualified to meet the government’s needs. LaLota tells WIRED his brother, GOP congressman Nick LaLota, played no role in the contract.
Published: 2025-09-04T19:50:17
A new specimen of “infostealer” malware offers a disturbing feature: It monitors a target's browser for NSFW content, then takes simultaneous screenshots and webcam photos of the victim.
Published: 2025-09-03T21:04:55
Passkeys were built to enable a password-free future. Here's what they are and how you can start using them.
Published: 2025-09-03T11:30:00
The United States Constitution is clear: President Donald Trump can’t take control of the country’s elections. But he can sow confusion and fear.
Published: 2025-09-02T10:20:00
On September 3, China will hold a “Victory Day” military parade in Tiananmen Square to celebrate the 80th anniversary of its victory over Japan and to send the West a message.
Published: 2025-09-01T10:30:00
Plus: China’s Salt Typhoon hackers target 600 companies in 80 countries, Tulsi Gabbard purges CIA agents, hackers knock out Iranian ship communications, and more.
Published: 2025-08-30T10:30:00
Less than 30 minutes after the Social Security Administration’s chief data officer resigned following a whistleblower complaint, recipients could no longer access the resignation email.
Published: 2025-08-29T22:49:36
WIRED spoke to a self-proclaimed leader of an online group called Purgatory, which charged as little as $20 to call in fake threats against schools.
Published: 2025-08-27T17:09:30
Cybercriminals are increasingly using generative AI tools to fuel their attacks, with new research finding instances of AI being used to develop ransomware.
Published: 2025-08-27T12:36:43
An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme. "This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads," Bitdefender
Published: 2025-09-10T21:16:00
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems. According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures. CHILLYHELL is the name assigned to a malware
Published: 2025-09-10T18:34:00
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to
Published: 2025-09-10T16:44:00
Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and
Published: 2025-09-10T15:51:00
Introduction Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the
Published: 2025-09-10T14:55:00
Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses. Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at
Published: 2025-09-10T13:30:00
The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S. China trade talks. "These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business
Published: 2025-09-10T13:23:00
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of
Published: 2025-09-10T06:38:00
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious
Published: 2025-09-10T06:33:00
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest. "Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined," the cybersecurity company said in a
Published: 2025-09-09T19:44:00
A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication (NFC) relay attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud. "RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionality making it a uniquely powerful threat,"
Published: 2025-09-09T17:23:00
One click is all it takes. An engineer spins up an “experimental” AI Agent to test a workflow. A business unit connects to automate reporting. A cloud platform quietly enables a new agent behind the scenes. Individually, they look harmless. But together, they form an invisible swarm of Shadow AI Agents operating outside security’s line of sight, tied to identities you don’t even know exist.
Published: 2025-09-09T16:07:00
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT. The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said. "
Published: 2025-09-09T15:57:00
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they're framed in a way the board can understand and appreciate.
Published: 2025-09-09T15:56:00
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. Akamai, which discovered the latest activity last month, said it's designed to block other actors from accessing the Docker API from the internet. The findings build on a prior report from Trend Micro in late June 2025, which
Published: 2025-09-09T15:32:00
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm ("support@npmjs[.]help"), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, by clicking on
Published: 2025-09-09T11:43:00
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841. "The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming that the 2024 Salt Typhoon attacks were not the first activity carried out by this group," Silent Push
Published: 2025-09-09T05:57:00
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. It's currently not known how the digital intruders gained access to the GitHub account.
Published: 2025-09-08T20:56:00
Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver malware to unsuspecting users looking for popular tools like GitHub Desktop. While malvertising campaigns have become commonplace in recent years, the latest activity gives it a little twist of its own: Embedding a GitHub commit into a page URL containing
Published: 2025-09-08T20:32:00
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the
Published: 2025-09-08T15:32:00
When Attackers Get Hired: Today’s New Identity Crisis What if the star engineer you just hired isn’t actually an employee, but an attacker in disguise? This isn’t phishing; it’s infiltration by onboarding. Meet “Jordan from Colorado,” who has a strong resume, convincing references, a clean background check, even a digital footprint that checks out. On day one, Jordan logs into email and attends
Published: 2025-09-08T14:50:00
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025. "The campaign is targeted towards employees of KazMunaiGas or KMG where the threat entity
Published: 2025-09-06T20:43:00
A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers. "The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating private keys and mnemonic seeds to a Telegram bot controlled by the threat actor," Socket researcher
Published: 2025-09-06T12:12:00
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-53690, carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity. "Sitecore Experience Manager (XM), Experience
Published: 2025-09-05T21:38:00
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. "Available in both Python and C variants, CastleRAT's core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell," Recorded Future Insikt Group
Published: 2025-09-05T19:37:00
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. "SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module
Published: 2025-09-05T16:29:00
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays,
Published: 2025-09-05T13:30:00
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a
Published: 2025-09-05T11:43:00
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word," S2 Grupo's LAB52 threat intelligence team said. "When such an email is
Published: 2025-09-04T23:40:00
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS) module
Published: 2025-09-04T23:28:00
Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok. The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking. The approach is designed to
Published: 2025-09-04T15:51:00
Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing can eliminate entire categories of risk. From disabling Office macros to blocking outbound server
Published: 2025-09-04T15:40:00
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million ( 325 million) and $175 million ( 150 million), respectively, for violating cookie rules. Both companies set advertising cookies on users' browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply with
Published: 2025-09-04T15:39:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-50224 (CVSS score: 6.5) - An authentication bypass by spoofing vulnerability
Published: 2025-09-04T15:33:00
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar. "The two npm packages abused smart contracts to conceal malicious
Published: 2025-09-04T01:29:00
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws. HexStrike AI, according to its website, is pitched as an AI driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,
Published: 2025-09-03T17:50:00
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access
Published: 2025-09-03T17:15:00
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks. The vulnerabilities are listed below - CVE-2025-38352 (CVSS score: 7.4) - A privilege escalation flaw in the Linux Kernel component CVE-2025-48543 (CVSS score: N/A) - A
Published: 2025-09-03T16:35:00
An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world. The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice. "Emails were sent to
Published: 2025-09-03T16:00:00
Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform capable of not just keeping pace, but staying ahead of an ever-evolving threat landscape.
Published: 2025-09-03T15:46:00
Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). "Over the past few weeks, we've autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps," the web infrastructure and security company said in a post on X. "
Published: 2025-09-03T13:19:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain
Published: 2025-09-03T10:39:00
Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication tokens. "This will provide the fastest path forward to comprehensively review the application and build
Published: 2025-09-03T09:23:00
The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT, ThemeForestRAT, and RemotePE. The attack, observed by NCC Group's Fox-IT in 2024, targeted an organization in the decentralized finance (DeFi) sector, ultimately leading to the compromise of an
Published: 2025-09-02T22:09:00
Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised systems. "MystRodX is a typical backdoor implemented in C++, supporting features like file management, port forwarding, reverse shell, and socket management," QiAnXin XLab said in a report published last week. "Compared to typical
Published: 2025-09-02T20:26:00
The Harsh Truths of AI Adoption MITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90% of employees are actively using AI tools in their daily work. Similarly, research from Harmonic Security found that 45.4% of sensitive AI interactions are coming from personal email accounts, where employees are bypassing corporate
Published: 2025-09-02T17:00:00
Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices between June and July 2025. The activity originated from a Ukraine-based autonomous system FDN3 (AS211736), per French cybersecurity company Intrinsec. "We believe with a high level of confidence that FDN3 is part of a wider abusive
Published: 2025-09-02T16:08:00
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts. The vulnerable driver in question is "amsdk.sys" (version 1.0.600), a 64-bit, validly signed Windows kernel device driver
Published: 2025-09-02T14:09:00
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems. The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347
Published: 2025-09-02T10:10:00
Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking trojans, to also distribute simpler malware such as SMS stealers and basic spyware. These campaigns are propagated via dropper apps masquerading as government or banking apps in India and other parts of Asia, ThreatFabric said in a report
Published: 2025-09-01T22:58:00
Pixel 10 adds C2PA to camera and Photos, helping users verify authenticity and spot AI-generated or altered images. Pixel 10 integrates C2PA Content Credentials into the camera and Photos, allowing users to verify whether images are real or AI-generated, or edited. The company announced the integration of the new feature during the Made by Google […]
Published: 2025-09-10T18:17:27
KillSec Ransomware claimed responsibility for a cyberattack on MedicSolution, a software solutions provider for the healthcare industry in Brazil. The KillSec Ransomware group has threatened to leak sensitive data unless negotiations are initiated promptly. According to threat intelligence reporting by Resecurity, the root cause of the incident data exfiltration from insecure AWS S3 bucket. […]
Published: 2025-09-10T08:38:18
Microsoft Patch Tuesday security updates for September 2025 fixed 80 vulnerabilities, including two publicly disclosed zero-day flaws. Microsoft Patch Tuesday security updates for September 2025 addressed 80 vulnerabilities in Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, Hyper-V, SQL Server, Defender Firewall Service, and Xbox (yup Xbox!). Eight of the […]
Published: 2025-09-10T07:48:55
SAP issues 21 new and 4 updated security notes, fixing critical NetWeaver flaws enabling RCE and privilege escalation. SAP this week issued 21 new and four updated security notes as part of the company’s September Patch Day, including four notes that address critical vulnerabilities in NetWeaver. Onapsis Research Labs supported SAP in patching two critical […]
Published: 2025-09-09T20:38:04
Multiple popular npm packages were compromised in a supply chain attack after a maintainer fell for a phishing email targeting 2FA credentials. A supply chain attack compromised multiple popular npm packages with 2B weekly downloads after a maintainer fell for a phishing email mimicking npm, targeting 2FA credentials. Threat actors targeted Josh Junon’s (Qix) to […]
Published: 2025-09-09T18:26:47
LunaLock, a new ransomware gang, introduced a unique cyber extortion technique, threatening to turn stolen art into AI training data. A new ransomware group, named LunaLock, appeared in the threat landscape with a unique cyber extortion technique, threatening to turn stolen art into AI training data. Recently, the LunaLock group targeted the website Artists&Clients and […]
Published: 2025-09-09T05:48:39
Hackers breached Salesloft’s GitHub in March, stole tokens, and used them in a mass attack on several major tech customers. Salesloft revealed that the threat actor UNC6395 breached its GitHub account in March, stealing authentication tokens that were later used in a large-scale attack against several major tech customers. Salesforce data theft attacks impacted major […]
Published: 2025-09-08T19:20:56
Wealthsimple reported a data breach affecting some customers due to a supply chain attack via a third-party software package. Canadian investment platform Wealthsimple disclosed a data breach that impacted some customers. The company discovered the security breach on August 30, which stemmed from a supply chain attack via a trusted third-party software package. “On August 30th, […]
Published: 2025-09-08T14:10:58
Venezuela’s President Maduro shows Huawei Mate X6 gift from China’s President Xi Jinping, hailing it as “unhackable” by U.S. spies. Last week, Venezuelan President Nicol's Maduro showcased a Huawei Mate X6 smartphone, reportedly gifted by China’s President Xi Jinping, claiming that US cyber spies cannot hack it. Venezuelan President Maduro said that his device is […]
Published: 2025-09-08T09:09:55
Czech cybersecurity agency NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices. The Czech Republic’s National Cyber and Information Security Agency (NUKIB) warns of growing risks from Chinese-linked technologies in critical sectors like energy, healthcare, transport, and government. The agency warns of risks from Chinese-made devices (phones, […]
Published: 2025-09-08T00:05:55