Information security

Information security

Traditional password-based protection is no longer sufficient, prompting organizations to adopt behavioral access control systems that continuously analyze user actions for anomalies. These platforms monitor keystrokes, mouse activity, application usage, and network patterns to detect suspicious behavior in real time. By combining machine learning, biometric verification, and zero-trust principles, companies enhance workforce protection while minimizing the risk of account compromise.

Hewlett Packard Enterprise has fixed a critical vulnerability in OneView Software that allows remote code execution. The bug received the maximum CVSS score of 10.0 and has now been fixed in version 11.00. HPE announced in a security advisory that the vulnerability, numbered CVE-2025-37164, is extremely dangerous. An unauthenticated attacker could remotely execute code by exploiting this flaw. OneView is an IT infrastructure management solution that controls all systems within organizations from a single central dashboard.

UEFI and IOMMU are designed to enforce a security foundation and prevent peripherals from performing unauthorized memory accesses, effectively ensuring that DMA-capable devices can manipulate or inspect system memory before the operating system is loaded. The vulnerability, discovered by Nick Peterson and Mohamed Al-Sharifi of Riot Games in certain UEFI implementations, has to do with a discrepancy in the DMA protection status. While the firmware indicates that DMA protection is active, it fails to configure and enable the IOMMU during the critical boot phase.

Even incidents like the Colonial Pipeline ransomware attack, which showed us how the cyber world and our physical lives intersect, stopped far short of societal disruption. However, the threat of cyberwar has been building, influenced by advancements in AI and increased presence of actors in U.S. systems and telecommunication networks. A military conflict could escalate these attacks to scale, crippling critical infrastructure and public safety systems like power grids, transportation networks and emergency response, even disrupting military communications and undermining response.

The campaign "uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families," Cyderes Howler Cell Threat Intelligence team said in an analysis. CountLoader was previously documented by both Fortinet and Silent Push, detailing the loader's ability to push payloads like Cobalt Strike, AdaptixC2, PureHVNC RAT, Amatera Stealer, and PureMiner. The loader has been detected in the wild since at least June 2025.

Security vulnerabilities don't fix themselves. Someone needs to track them, prioritize them, and actually ship the fix. If you've ever tried to manage security alerts alongside your regular sprint work, though, you know the friction: you're looking at an alert in one tab, switching to your backlog in another, trying to remember which vulnerability you were supposed to file a bug for.

Ransomware hacks, data theft, crypto scams and sextortion cover a broad range of cybercrimes carried out by an equally varied list of assailants. But there is also an English-speaking criminal ecosystem carrying out these activities that defies conventional categorisation. Nonetheless, it does have a name: the Com. Short for community, the Com is a loose affiliation of cyber-criminals, largely native English language speakers typically aged from 16 to 25.

Technicians working on a firewall upgrade made at least ten mistakes, contributing to two deaths, according to a report on a September incident that saw Australian telco Optus unable to route calls to emergency services. As The Register reported at the time, Australia's equivalent of the USA's 911 and the UK's 999 and 112 emergency contact number is 000 - Triple Zero - and local law requires all telcos to route emergency calls to that number.

As reported in Chinese state media, tests of the network saw it shift 72 terabytes of data in 1.6 hours, across a distance of around 1,000 km between a radio telescope in Guizhou province and a university in Hubei. We think that's almost 100 Gbit/s, an impressive feat for a sustained long-distance data transfer even if it took place in a controlled environment.

I've been an Amazon customer for 20 years, but after changing my phone number, I'm locked out of my account because two-factor authentication (2FA) still uses my old number. I've called Amazon six times, sent photos of my driver's license three times, and even emailed executives using your contacts but no one has fixed it. Amazon updated the phone number on my account, but 2FA remains broken.

SonicWall's official notice, published this week, says users should update to the latest hotfix versions immediately and restrict access to the Appliance Management Console to trusted networks. The vendor's PSIRT team says the issue affects only SMA 1000 appliances and does not impact other SonicWall firewall products or SSL VPN functions, but the fact that attackers have already begun exploiting the flaw underscores how exposed remote-access infrastructure remains.

The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromise that could allow attackers to perform unintended actions. "Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise," according to a description of the flaw published in CVE.org. "The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected."

Your AWS account could be quietly running someone else's cryptominer. Cryptocurrency thieves are using stolen Amazon account credentials to mine for coins at the expense of AWS customers, abusing their Elastic Container Service (ECS) and their Elastic Compute Cloud (EC2) resources, in an ongoing operation that started on November 2. The illicit cryptocurrency-mining campaign abuses compromised valid AWS Identity and Access Management (IAM) credentials with "admin-like privileges" - it doesn't exploit a vulnerability -

DXS International, a U.K.-based company that provides healthcare tech for England's National Health Service (NHS), disclosed a cyberattack in a statement on Thursday. In a filing with the London Stock Exchange, the company said it experienced a "a security incident affecting its office servers," discovered on December 14. The company said it "immediately" contained the breach working together with the NHS, and hired a cybersecurity firm to investigate "the nature and extent of the incident."

"had this issue gone unnoticed, it would have completely nullified all existing DMA detection and prevention tech currently on the market - including that of other gaming companies - due to the nature of this class of cheats running in a privileged area that anti-cheats typically do not run."

A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user's conversations in real time by manipulating the app's device pairing or linking routine.

According to Cloudflare, the internet's second-largest content delivery network (CDN), global internet traffic grew nearly 20% in 2025. You and I watching more YouTube videos is not what's driving that growth. Much of this rise comes from bots, AI crawlers, and automated attacks rather than human users. At the same time, satellite connectivity, post-quantum encryption, and mobile-heavy use have reshaped how and where people access the internet.

The result is an explosion of AI capabilities across the SaaS stack, a phenomenon of AI sprawl where AI tools proliferate without centralized oversight. For security teams, this represents a shift. As these AI copilots scale up in use, they are changing how data moves through SaaS. An AI agent can connect multiple apps and automate tasks across them, effectively creating new integration pathways on the fly.

Cyber security experts are warning we should be on alert for AI scams -- and there's one circulating using the cloned voices of victims' loved ones. Here's how it works. Scammers gather voice samples from videos posted on social media, and in some cases even your own voicemail. They then use AI to replicate how that person sounds. Three seconds of audio is all it takes! Some victims report the voices are identical.

The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by the broader cybersecurity community under the names CL-STA-0049, Earth Alux, and REF7707. The China-aligned hacking group is assessed to be active since at least March 2023.

Most of us have some internet of things (IoT) devices at home, whether it's a phone, a tablet, or a collection of security cameras and sensors. When you learn that 120,000 home security cameras were hacked in South Korea for sexploitation footage, it makes you think twice about adding such devices to your home, which is your most sacred space for privacy.

Technology plays an important role in how businesses operate, communicate, and deliver services. As systems become more advanced, many companies find themselves facing IT challenges that disrupt daily work, affect productivity, and impact customer experience. Believe it or not, these issues aren't limited to large organisations, as small and medium-sized businesses often feel the pressure even more, especially when IT responsibilities fall on already busy teams.

The Cybersecurity and Infrastructure Security Agency said it will make 100 internship opportunities available to students participating in a government scholarship program that's been hampered by federal hiring freezes enacted by the Trump administration. The move announced Wednesday would allow undergraduate and graduate students to enter the cyber defense agency under the CyberCorps: Scholarship for Service Program, a longstanding workforce pipeline used to place top student talent into U.S. cybersecurity positions.

the entire backend used to manage its phone farm - so it provides an extraordinary glimpse at how the service is actually being used to manipulate social media at scale. Speaking to 404 on condition of anonymity, the hacker said they can "see the phones in use, which manager [computers controlling the phones] they had, which TikTok accounts they were assigned, proxies in use (and their passwords), and pending tasks. As well as the link to control devices for each manager."

Illusory Systems, which trades as Nomad, allegedly misled users about the security of its cryptocurrency bridge, which was compromised in 2022 in an attack that led to $186 million worth of funds being stolen. The FTC alleged that Nomad pushed an update in June 2022 containing "inadequately tested code" that, in turn, introduced a "significant vulnerability" that was exploited around a month later.

But for the better part of 2025, cofounder and CEO Matthew Prince has been trying to change that. The company's core business is to improve the performance and enhance the security of websites and online applications, protecting against malicious actors and routing web traffic through its data centers to optimize performance. "Six billion people pass through our network every single month," Prince says. If Cloudflare is doing its job well, no one notices.

Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). Patches for the flaws were released by Fortinet last week for FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. "These vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages, if the FortiCloud SSO feature is enabled on affected devices," Arctic Wolf Labs said in a new bulletin.

"SoundCloud recently detected unauthorized activity in an ancillary service dashboard," opens a Monday post from the company. "Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity. We also engaged leading third-party cybersecurity experts to assist in a thorough investigation and response." Not long after SoundCloud and its hired help contained the incident, the site became the subject of multiple denial of service attacks.