Information security

Information security

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front camera; and even send SMS messages or place calls directly from the victim's device," Zimperium researcher Vishnu Pratapagiri said in a report shared with The Hacker News.

Investigations into alleged violations of cybersecurity requirements under the federal civil False Claims Act (FCA) and its state analogues are increasingly an area of focus for the U.S. Department of Justice (DOJ), state attorneys general and whistleblowers (known as qui tam plaintiffs or relators under the FCA). We expect a continued uptick in enforcement activity, leading to elevated risk and additional potential financial exposure for companies subject to government cybersecurity requirements.

Researcher Omer Mayraz of Legit Security disclosed a critical vulnerability, dubbed CamoLeak, that could be used to trick Copilot Chat into exfiltrating secrets, private source code, and even descriptions of unpublished vulnerabilities from repositories. The flaw was scored 9.6 on the CVSS scale in the disclosure. The root cause is simple. Copilot Chat runs with the permissions of the signed-in user and ingests contextual text that humans might not see.

Cloud migration and flexible working policies have contributed to the sprawl, but part of the reason it's so unmanageable is that companies still rely on the same old discovery tools built for a static network. Whenever we scan a new environment, we always uncover a large number of devices that were completely off the radar and out of scope of the protection of their IT and security policies.

Cybercriminals aren't just breaking into systems anymore; increasingly, they're breaking into identities. By impersonating trusted companies through look-alike domains, fake apps or cloned websites, attackers turn logos, tone and messaging into tools of deception. For communications and marketing leaders, this is a reputational flash fire that spreads faster than your crisis comms team can respond. And with generative AI making fake campaigns nearly indistinguishable from the real thing, brand impersonation has become one of the most under-recognized business risks today.

The truth is, these teams are working on the same event. They're just seeing it from different angles. If they aren't connected, response becomes fragmented and valuable time gets lost. Connecting the Dots in Real Time This is where a unified approach to critical event management makes a real difference. It's not about layering on more tools. It's about connecting the ones already in place and giving people a shared view and a clear process when something goes wrong.

As the U.S. federal government ground to a halt at 12:01 a.m. EDT on October 1, 2025, a cybercriminal group calling itself the Crimson Collective chose that precise moment to publicly disclose one of the most significant supply chain compromises in recent memory. The breach of Red Hat's consulting division, affecting approximately 800 organizations, including critical defense contractors and government agencies, represents more than just another data breach; it demonstrates a sophisticated understanding of how to weaponize American politics for maximum strategic impact.

As part of its backup portfolio expansion, Kaseya announced the arrival of its next-generation Datto SIRIS 6, which it said represents the most powerful backup appliance in the industry, offering speedier recovery times at the "lowest cost on the market." The firm also announced Datto Backup for Microsoft Entra ID, a new purpose-built backup and recovery solution designed to protect identity data.

Docker is launching a new subscription service for its Hardened Images catalog. The secure container images are designed to help organizations achieve near-zero CVEs without the high costs that were previously associated with this. With this launch, Docker is committed to democratizing container security. Every developer often starts their journey at Docker Hub. According to the company, this first step should be secure by default, without a premium price tag.

Following last week's announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord.

I use Secure Shell (SSH) every day because it's one of the most secure ways of connecting to remote machines. It doesn't matter if I'm accessing a machine within my LAN or a system beyond my home network; SSH is the tool I use. SSH is simple. You can connect to a server or desktop with the command: ssh USERNAME@SERVER Where USERNAME is the remote user and SERVER is the IP address or domain of the remote server.

The WBA says that the reports collectively cover six areas related to emergency services: Wi-Fi as mission-critical infrastructure: Wi-Fi's evolution to a standards-compliant, resilient infrastructure capable of supporting emergency and public safety services Emergency services access: Ways to ensure support for E-911/E-112 calls over Wi-Fi regardless of mobile subscription status Priority access for NS/EP users: How to provide real-time prioritization of first responder traffic during network congestion

GitHub is introducing a hybrid post-quantum secure key exchange algorithm for SSH access when interacting with Git over SSH. The new algorithm, sntrup761x25519-sha512 (also known as sntrup761x25519-sha512@openssh.com), combines Streamlined NTRU Prime (a post-quantum cryptography scheme) with the classical curve X25519. This change aims to safeguard Git data against potential future threats from quantum computers that might decrypt SSH sessions recorded today.

What makes this attack practical is the sensitivity of today's mice, both their high polling rate (the frequency at which they sample movement, measured in kHz), and the resolution with which they detect movement, measured in dots per inch (DPI).

Suspected Chinese government-backed hackers have breached computer systems of U.S. law firm Williams & Connolly, which has represented some of America's most powerful politicians, as part of a larger spying campaign against multiple law firms, according to a letter the firm sent clients and a source familiar with the hack. The cyber intrusions have hit the email accounts of select attorneys at these law firms, as Beijing continues a broader effort to gather intelligence to support its multi-front competition with the U.S.

OpenAI has published research revealing how state-sponsored and cybercriminal groups are abusing artificial intelligence (AI) to spread malware and perform widespread surveillance. (Disclosure: Ziff Davis, ZDNET's parent company, filed an April 2025 lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.) AI has benefits in the cybersecurity space; it can automate tedious and time-consuming tasks, freeing up human specialists to focus on complex projects and research, for example.

The AI company said while its large language models (LLMs) refused the threat actor's direct requests to produce malicious content, they worked around the limitation by creating building-block code, which was then assembled to create the workflows. Some of the produced output involved code for obfuscation, clipboard monitoring, and basic utilities to exfiltrate data using a Telegram bot. It's worth pointing out that none of these outputs are inherently malicious on their own.

Today, enterprises need a robust digital infrastructure for everything from customer engagement to operational continuity, and multi-cloud technology has become a fundamental enabler of enterprise success. However, with these increased complexities, organisations face increasing challenges in managing security risks, maintaining operational uptime, and above all, to maximise value from their cloud investments. Emerging technologies and innovative approaches are reshaping the way enterprises navigate these challenges, and at the same time service level agreements (SLAs) too are evolving to align with these developments.

I'm where I am today because I stand on the shoulders of those who came before me, and I strongly believe in paying it forward. A good mentor listens, provides honest feedback, and helps you see opportunities beyond your current path. In security, mentorship is especially vital because so much of the profession is shaped by experience, judgment and context.