Information security

Information security

Moore accessed those systems using stolen credentials of users who were authorized to access them. Once he gained access to those victims' accounts, Moore accessed and stole their personal data and posted some online to his Instagram account: @ihackthegovernment. In the case of the Supreme Court victim, identified as GS, Moore posted their name and "current and past electronic filing records."

The vulnerability, tracked as CVE-2025-20393 (CVSS score: 10.0), is a remote command execution flaw arising as a result of insufficient validation of HTTP requests by the Spam Quarantine feature. Successful exploitation of the defect could permit an attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. However, for the attack to work, three conditions must be met - The appliance is running a vulnerable release of Cisco AsyncOS Software The appliance is configured with the Spam Quarantine feature The Spam Quarantine feature is exposed to and reachable from the internet

The US National Security Agency (NSA) has published its latest guidance on zero trust to secure US federal government IT networks and systems. This is the first of two guidance documents coming out of the NSA, providing "practical and actionable" recommendations that can be applied as best practice to secure corporate IT environments both in the public and private sectors.

Cloudflare recently published a detailed resilience initiative called Code Orange: Fail Small, outlining a comprehensive plan to prevent large-scale service disruptions after two major network outages in the past six weeks. The plan prioritizes controlled rollouts, improved failure-mode handling, and streamlined emergency procedures to make the company's global network more robust and less vulnerable to configuration errors. Cloudflare's network suffered significant outages on November 18 and December 5, 2025, with the first incident disrupting traffic delivery for about two hours and ten minutes

Researchers from KU Leuven University's Computer Security and Industrial Cryptography group in Belgium discovered several vulnerabilities in Google's Fast Pair protocol that can allow a hacker within Bluetooth range to secretly pair with some headphones, earbuds, and speakers. The attacks, which the researchers have collectively dubbed WhisperPair, can even be used on iPhone users with affected Bluetooth devices despite Fast Pair being a Google-specific feature.

A closer look at the Android app and Bluetooth traffic showed that locking, unlocking, and basic status checks all occur locally over Bluetooth, with the cloud mostly along for the ride. Before accepting commands, the scooter runs a simple authentication check: it sends a short challenge, the app replies with a cryptographic response, and access is granted. It's designed to stop random passers-by from hopping on and riding off. In theory, at least.

Top Trump administration cyber officials are in discussions to cancel their attendance at the RSAC Conference taking place in San Francisco in March after a top Biden-era cyber leader was named CEO of the event, according to multiple former officials and other people with knowledge of the matter.

If you use virtual machines, there's reason to feel less-than-Zen about AMD's CPUs. Computer scientists affiliated with the CISPA Helmholtz Center for Information Security in Germany have found a vulnerability in AMD CPUs that exposes secrets in its secure virtualization environment. The flaw, dubbed StackWarp, potentially allows a malicious insider who controls a host server to access sensitive data within AMD SEV-SNP guests through attacks designed to recover cryptographic private keys, bypass OpenSSH password authentication, and escalate privileges.

So much of the industry is based on experience and not education. You can learn all the lessons yourself, but it will take a lot longer. Learning from people who have seen enough things to have a strong intuition can help you be better and faster. In part, this is because the field is always changing. As bad actors constantly improve their techniques, the defenders must respond.

The organization puts on the prominent annual gathering of cybersecurity experts, vendors, and researchers that started in 1991 as a small cryptography event hosted by the corporate security giant RSA. RSAC is now a separate company with events and initiatives throughout the year, but its conference in San Francisco is still its flagship offering with tens of thousands of attendees each spring.

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%).

For the past year, security researchers have been urging the global shipping industry to shore up their cyber defenses after a spate of cargo thefts were linked to hackers. The researchers say they have seen elaborate hacks targeting logistics companies to hijack and redirect large amounts of their customers' products into the hands of criminals, in what has become an alarming collusion between hackers and real-life organized crime gangs.

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate in distributed denial-of-service (DDoS) attacks and relay malicious traffic for residential proxy services.

The new version combines lower costs with improved cybersecurity and offers up to 2 petabytes of storage in a 2U rack space. Companies are struggling with explosive data growth, increasing cyber threats, and limited budgets. Dell Technologies is responding to this with PowerStore 4.3, a platform that addresses storage challenges without compromising performance or security. The latest version brings innovations that double storage density and reduce energy costs.

January 13 marked another milestone for legacy systems, as support for the software - codenamed Longhorn Server - expired for customers that bought Microsoft Premium Assurance (PA). Extended support ended for Windows Server 2008 on January 14, 2020. It was possible to keep the lights on until January 10, 2023, via Extended Security Updates. A fourth year came courtesy of Azure, which took the code to January 9, 2024, but that was it for anyone without PA.

Silent Push said it discovered the campaign after analyzing a suspicious domain linked to a now-sanctioned bulletproof hosting provider Stark Industries (and its parent company PQ.Hosting), which has since rebranded to THE[.]Hosting, under the control of the Dutch entity WorkTitans B.V., is a sanctions evasion measure. The domain in question, cdn-cookie[.]com, has been found to host highly obfuscated JavaScript payloads (e.g., "recorder.js" or "tab-gtm.js") that are loaded by web shops to facilitate credit card skimming.

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0 "This issue [...] could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform," the company said in an advisory released Monday.

On Jan. 12., BleepingComputer reported that multiple repositories appeared on Gitea, apparently containing parts of internal code and developer documentation belonging to the major retailer Target . As of today, Jan. 13, multiple employees of the retailer have confirmed the leaked materials are authentic. As of current reports, the threat actor behind this incident is unknown. Likewise, it is unclear whether this exposure is due to a leakage, a breach or an insider's action.

Attackers place malicious QR codes in high-traffic areas, often disguised as legitimate promotional materials or utility services. Physical mail containing QR codes purporting to be from legitimate services, particularly effective for package delivery and financial service scams. While QR codes represent a small percentage, their unique evasion capabilities and growing adoption rates make them vectors with huge latent potential.

Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform. The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still available on the Chrome Web Store as of writing. It was first published on September 1, 2025, by a developer named "jorjortan142."

So-called 'dual-channel' attacks using multiple methods of communication either simultaneously or in sequence are becoming more prevalent as digital fraudsters seek out new ways to defeat cyber protections against business email compromise (BEC) scams, according to new data from security services supplier LevelBlue. BEC attacks - which spoof trusted entities, often c-suite executives, then use their identities to convince victims to transfer money into the attackers' pockets - have long been a bugbear for enterprise defenders.

Any industry that revolves around AI in some way has seen a boost in the stock market, and cybersecurity may be one of the most promising opportunities. As AI efforts expand, companies will have more data that they must safeguard from hackers. Cybersecurity stocks have been long-term winners thanks to their annual recurring revenue models and how valuable they are for companies. The value of cybersecurity firms should continue to rise as AI makes their services more essential.

But here's the truth: I don't recommend using it. Having a USB port on the router sounds convenient, but there are a few problems. The fact is that USB ports on routers aren't secure. Many of them operate on outdated protocols, creating vulnerabilities that can be exploited by bad actors. This doesn't mean the entire router is compromised, but the USB port can be a weak link. Using it is not a risk worth taking, especially when safer alternatives are available.

The National Institute of Standards and Technology (NIST) recently released NIST IR 8596, the Initial Preliminary Draft of the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile). The document establishes a structured approach for managing cybersecurity risk related to AI systems and the use of AI in cyber defense, organised around three focus areas: Securing AI System Components (Secure), Conducting AI-Enabled Cyber Defense (Defend), and Thwarting AI-Enabled Cyber Attacks (Thwart).