Information security

[ follow ]
Information security
fromBusiness Matters
22 hours ago

The Role of IT Support in Cyber Security Awareness Training

Effective cyber security awareness training led by IT support teams reduces human error, prevents breaches, and makes cyber safety second nature across organizations.
Information security
fromNextgov.com
1 hour ago

Over 100 cyber professionals call for quick Kirsten Davies confirmation as DOD CIO

Over 100 cybersecurity professionals requested the Senate quickly confirm Kirsten Davies as Defense Department Chief Information Officer, citing her leadership and cybersecurity experience.
fromNextgov.com
2 hours ago

CISA wants more international involvement in cyber vulnerability catalog, official says

That's a great example of somebody we want to bring in closer into the fold, to say again, as a global community, how can we really take a better look - more holistic look - at CVEs and what it means for defenders worldwide?
Information security
Information security
fromArs Technica
3 hours ago

Trump admin says Social Security database wasn't "leaked, hacked, or shared"

A whistleblower alleged SSA placed a high-value asset containing data on over 450 million people in an uncontrolled AWS cloud environment, prompting an involuntary resignation.
Information security
fromThe Hacker News
1 hour ago

TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks

TA558 (RevengeHotels) used invoice-themed phishing and AI-generated infector code to deliver Venom RAT and other RATs against hotels in Brazil and Spanish-speaking markets.
#scattered-spider
Information security
fromTheregister
3 hours ago

SSA rejects major DOGE whistleblower claims, silent on copy

DOGE allegedly created an unauthorized, unsecured live copy of SSA's Numident database stored outside SSA control and administered by DOGE employees.
Information security
fromSecurityWeek
6 hours ago

Virtual Event Today: Attack Surface Management Summit

Continuous discovery, inventory, classification, prioritization, and monitoring of expanding digital and cloud assets are essential to reduce and control enterprise attack surfaces.
Information security
fromDevOps.com
4 hours ago

New in Syteca Release 7.21: Agentless Access, Sensitive Data Masking, and Smooth Session Playback - DevOps.com

Syteca 7.21 enhances insider risk reduction and data protection with real-time masking, web-based remote access, full-motion recording, and an intuitive user interface.
#cyberattack
fromTechCrunch
4 hours ago
Information security

Jaguar Land Rover to pause production for third week due to cyberattack | TechCrunch

fromTechCrunch
4 hours ago
Information security

Jaguar Land Rover to pause production for third week due to cyberattack | TechCrunch

fromSecurityWeek
9 hours ago

Scalekit Raises $5.5 Million to Secure AI Agent Authentication

Scalekit 's authentication stack, purpose-built for agentic apps, is tailored for Model Context Protocol (MCP) servers, allowing security teams to easily add an OAuth 2.1 authorization server. According to the startup, its solution enables developers to rapidly add an encrypted token vault, along with a tool-calling layer, so that AI agents can act on a user's behalf in popular services such as Gmail, HubSpot, Notion, and Slack.
Information security
#data-breach
fromTechCrunch
7 hours ago
Information security

VC firm Insight Partners says thousands of staff and limited partners had personal data stolen in a ransomware attack | TechCrunch

fromDataBreaches.Net
4 hours ago
Information security

Tiffany discloses data breach involving gift cards - second breach disclosure in recent months - DataBreaches.Net

fromTechCrunch
2 days ago
Information security

Company that owns Gucci, Balenciaga, other brands confirms hack | TechCrunch

fromTechCrunch
7 hours ago
Information security

VC firm Insight Partners says thousands of staff and limited partners had personal data stolen in a ransomware attack | TechCrunch

fromDataBreaches.Net
4 hours ago
Information security

Tiffany discloses data breach involving gift cards - second breach disclosure in recent months - DataBreaches.Net

fromTechCrunch
2 days ago
Information security

Company that owns Gucci, Balenciaga, other brands confirms hack | TechCrunch

Information security
fromTechzine Global
8 hours ago

Wiz launches Incident Response service for cloud security crises

Wiz Incident Response provides forensic cloud investigation, rapid containment, and recovery integrated with Wiz Defend and Runtime Sensor to reduce cloud and AI attack impact.
#quantum-computing
Information security
fromSecuritymagazine
21 hours ago

How AI and Virtual Operators Are Transforming Security Operations

AI-enabled virtual operators can automate routine SOC tasks under administrator control to augment human judgment, reduce alarm volume, and scale security operations.
#remote-work
fromPCWorld
5 hours ago
Information security

Protect your small business from remote working's biggest security nightmares

fromForbes
23 hours ago
Information security

Career Identity Theft: How One Woman's Career Was Stolen Without Her Knowing

fromPCWorld
5 hours ago
Information security

Protect your small business from remote working's biggest security nightmares

fromForbes
23 hours ago
Information security

Career Identity Theft: How One Woman's Career Was Stolen Without Her Knowing

#mfa-bypass
#ransomware
#raccoono365
fromIT Pro
13 hours ago

Nearly 700,000 customers impacted after insider attack at US fintech firm

A US-based fintech firm has warned customers their data may have been exposed following an insider attack.
Information security
fromZDNET
8 hours ago

Update your Samsung phone ASAP to patch this zero-day flaw exploited in the wild

Samsung has issued a patch to resolve a critical vulnerability impacting its Android smartphone users. All impacted phone models will receive the fix, which patches a vulnerability tracked as . The security flaw, issued a critical base score of 8.8 by Samsung Mobile (a CNA), is described as an "out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code."
Information security
fromSecurityWeek
10 hours ago

Decade-Old Pixie Dust Wi-Fi Hack Still Impacts Many Devices

The Pixie Dust hack involves an attacker who is in range of the targeted Wi-Fi network capturing the initial WPS handshake, which contains data that can then be cracked offline to obtain the WPS PIN. The attack leverages the fact that on some devices random numbers are generated using predictable or low-entropy methods. The attacker only needs seconds to capture the WPS handshake and the PIN can then be obtained offline within minutes or even seconds.
Information security
#cybercrime
#rowhammer
Information security
fromSecurityWeek
12 hours ago

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

A supply-chain attack named Shai-Hulud infected over 180 NPM packages with self-replicating malware that stole secrets and published them to public GitHub repositories.
#ta415
Information security
fromZDNET
7 hours ago

Why VPN use is set to explode worldwide - and three reasons that might apply to you

The global VPN market will grow from $48.7B in 2023 to $149.72B by 2030, driven by remote work, cloud deployments, and security needs.
Information security
fromSecurityWeek
12 hours ago

RaccoonO365 Phishing Service Disrupted, Leader Identified

Microsoft and Cloudflare disrupted RaccoonO365, a phishing-as-a-service that stole thousands of Microsoft 365 credentials and targeted healthcare, prompting legal and technical takedowns.
Information security
fromwww.dw.com
7 hours ago

Microsoft seizes websites linked to Nigeria-based phishing DW 09/17/2025

Microsoft seized 338 websites tied to Raccoon0365, a Nigerian phishing service that stole at least 5,000 Microsoft credentials and generated over $100,000.
#npm
fromIT Pro
11 hours ago

Jaguar Land Rover says IT disruption set to continue

Jaguar Land Rover (JLR) is extending its production shutdown for another week as it works to restore impacted systems following a cyber attack in late August.
Information security
Information security
fromTheregister
14 hours ago

UEFI Secure Boot for Linux Arm64 - where do we stand?

UEFI with Secure Boot is standard on x86 and affected Linux booting; Microsoft's signed shim enabled Linux adoption and prompts evaluation of UEFI on Arm.
#cybersecurity
fromBusiness Insider
1 day ago
Information security

A new Israeli cybersecurity startup just emerged from stealth and is already valued at $400 million.

fromBusiness Insider
2 days ago
Information security

I'm a principal security engineer at Microsoft. Here are 5 things you should know if you're interested in working in cybersecurity.

Cybersecurity work requires adaptability, incident-response skills, calm under pressure, networking, and offers entry-level salaries around $105,000.
fromSecurityWeek
2 days ago
Information security

Terra Security Raises $30 Million for AI Penetration Testing Platform

Terra Security raised $30 million to scale its agentic-AI continuous penetration testing platform, expand offensive security capabilities, and accelerate hiring and customer growth.
fromBusiness Insider
1 day ago
Information security

A new Israeli cybersecurity startup just emerged from stealth and is already valued at $400 million.

fromBusiness Insider
2 days ago
Information security

I'm a principal security engineer at Microsoft. Here are 5 things you should know if you're interested in working in cybersecurity.

Information security
fromSecurityWeek
1 day ago

Ray Security Emerges From Stealth With $11M to Bring Real-Time, AI-Driven Data Protection

Ray Security uses AI to continuously monitor and predict corporate data use, applying real-time, dynamic protection while allowing enterprises to retain control over automated responses.
Information security
fromSecurityWeek
1 day ago

Neon Cyber Emerges from Stealth, Shining a Light into the Browser

Neon Cyber shifts cybersecurity focus from infrastructure to securing the workforce by deploying a browser extension that prevents browser-based phishing and AI-accelerated attacks.
Information security
fromComputerWeekly.com
1 day ago

Cyber leaders must make better use of risk experts | Computer Weekly

Clients must define clear, realistic cloud SLA requirements, conduct due diligence, and align SLAs with business objectives while managing—not eliminating—risk.
Information security
fromInfoWorld
1 day ago

Are cloud providers neglecting security to chase AI?

Rapid AI and hybrid cloud investments are fragmenting cloud security, eroding enterprise trust in cloud platforms' ability to protect systems.
Information security
fromThe Hacker News
1 day ago

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Multiple critical Chaos Mesh vulnerabilities allow minimal in-cluster attackers to execute commands, disrupt services, steal tokens, and potentially achieve cluster-wide takeover.
Information security
fromTechzine Global
1 day ago

API attacks are skyrocketing: 40,000 incidents in six months

API attacks surged to over 40,000 incidents in H1 2025, with financial services and application-layer DDoS experiencing heavy, targeted automation and bot activity.
Information security
fromInfoQ
1 day ago

Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals

io_uring can enable full-featured rootkits to bypass traditional Linux runtime security tooling, allowing undetected command-and-control and I/O operations.
Information security
fromComputerworld
1 day ago

What is Apple's Memory Integrity Enforcement, and why does it matter?

MIE uses secure typed memory allocators, Enhanced Memory Tagging Extension in synchronous mode, and Tag Confidentiality Enforcement to prevent memory exploitation across Apple devices.
#china-cybersecurity
Information security
fromSecurityWeek
1 day ago

Endpoint Security Firm Remedio Raises $65 Million in First Funding Round

Remedio raised $65M to scale its AI-driven device security posture management and expand globally, targeting large enterprises and Fortune 500 customers.
Information security
fromDataBreaches.Net
1 day ago

FBI 'aware' of Anchorage health clinic data breach as hackers claim 60K patients impacted - DataBreaches.Net

FBI is aware of an alleged data breach at Anchorage Neighborhood Health Center involving 50,000 patient records and is assessing potential federal criminal violations.
Information security
fromSecurityWeek
1 day ago

Check Point to Acquire AI Security Firm Lakera

Check Point plans to acquire Lakera to provide end-to-end AI security for agentic AI, extending pre-deployment testing, runtime protection, and a Global Center of Excellence.
Information security
fromIT Pro
1 day ago

This DeepSeek-powered pen testing tool could be a Cobalt Strike successor - and hackers have downloaded it 10,000 times since July

Villager, developed by Cyberspike, automates sophisticated AI-native penetration attacks via PyPI using DeepSeek v3 and specialized toolsets.
Information security
fromwww.cnet.com
1 day ago

The VPN Market Is Booming Because We're Working Remotely and Worried About Privacy

Global VPN market will grow over 17% annually to $150 billion by 2030, driven by data-security concerns on public networks and rising remote/hybrid work.
Information security
fromTechzine Global
1 day ago

Rubrik and CrowdStrike expand identity security with rollback feature

Rubrik and CrowdStrike integrated detection with rollback recovery to detect identity attacks and restore identity systems to a secure, immutable state.
Information security
fromZDNET
1 day ago

Google may shift to risk-based Android security patch rollouts - what that means for you

Google plans a risk-based Android security update system prioritizing critical actively exploited vulnerabilities while moving lower-risk fixes to less frequent patch cycles.
fromIT Pro
1 day ago

Hackers behind Jaguar Land Rover announce their 'retirement' - should we believe them?

The Scattered Lapsus$ Hunters hacking group, recently linked to the attack on Jaguar Land Rover that has devastated the company, has announced that it plans to shut down.
Information security
Information security
fromNextgov.com
1 day ago

House funding extension tacks on two-month reprieve for key cybersecurity laws

Congress extended CISA 2015 and the State and Local Cybersecurity Grant Program to Nov. 21 to delay their Sept. 30 sunset and allow more time for reauthorization talks.
#filefix
Information security
fromSecurityWeek
1 day ago

ChatGPT's New Calendar Integration Can Be Abused to Steal Emails

A ChatGPT calendar integration using MCP can be abused via crafted invites to execute attacker commands and exfiltrate a user's email data without invite acceptance.
Information security
fromThe Cyber Express
2 days ago

New Infostealer Campaign Targets Popular Games

Maranhão Stealer spreads via cracked-software sites to steal browser credentials and cryptocurrency data using Node.js payloads, reflective DLL injection, persistence mechanisms, and system reconnaissance.
Information security
fromTheregister
1 day ago

Google confirms crims accessed its law enforcement portal

A fraudulent account was created in Google's Law Enforcement Request System (LERS); Google disabled the account and reported no requests were made or data accessed.
fromChannelPro
1 day ago

NinjaOne expands availability on CrowdStrike Marketplace

The move comes at a time when organizations' number of endpoints continues to increase, bringing new security challenges and hurdles around patching, backup, and device management. NinjaOne's platform is designed to tackle these pain points for IT teams and MSPs, automating the management of endpoint devices to reduce the time spent on manual tasks and fuel productivity, while lowering operational costs.
Information security
Information security
fromFuturism
23 hours ago

CrowdStrike Infested With "Self-Replicating Worms"

A self-replicating NPM worm named Shai-Hulud stole access tokens to compromise maintainer accounts and propagate across hundreds of packages, including CrowdStrike-managed modules.
Information security
fromFortune Crypto
23 hours ago

Suspect in Coinbase hack kept data for more than 10,000 customers on her phone, court filing alleges | Fortune Crypto

A TaskUs employee, Ashita Mishra, stole and sold Coinbase customer data enabling criminals to impersonate staff and steal cryptocurrency, affecting over 69,000 customers.
Information security
fromThe Verge
1 day ago

Consumer Reports asks Microsoft to keep supporting Windows 10

Extend free Windows 10 security updates beyond October 14, 2025 to protect millions of incompatible PCs and their users.
fromSearch Engine Roundtable
1 day ago

Google Question Fringe Score

If you are wondering how Mark found this, he did an excellent presentation on that late last year - so check that out. Mark's theory, as he wrote, "I can't find any direct mention of this in Google patents or docs, however my guess would be it is likely a score estimating how far a query (especially a question) sits on the 'fringe' of Google's known entity/knowledge space and how atypical or long‑tail it is."
Information security
Information security
fromZacks
1 day ago

Pardon Our Interruption

Enable JavaScript and cookies, and disable or configure blocking plugins and extreme automated navigation to regain website access.
Information security
fromWIRED
1 day ago

Matthew Prince Wants AI Companies to Pay for Their Sins

Cloudflare enables websites to block unauthorized AI scraping via a pay-per-crawl model while evolving content-moderation stances and protecting sites from abuse and DDoS attacks.
fromTheregister
1 day ago

Safe C++ proposal all but abandoned in favor of profiles

"The Rust safety model is unpopular with the committee. Further work on my end won't change that. Profiles won the argument "The Safety and Security working group voted to prioritize Profiles over Safe C++. Ask the Profiles people for an update. Safe C++ is not being continued," said Sean Baxter in June this year.
Information security
Information security
fromThe Hacker News
1 day ago

SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids

SlopAds deployed 224 Android apps using steganography and hidden WebViews to generate massive ad and click fraud, causing up to 2.3 billion daily bid requests.
Information security
fromBleepingComputer
1 day ago

Google nukes 224 Android malware apps behind massive ad fraud campaign

A global Android ad-fraud operation (SlopAds) used 224 Google Play apps to generate 2.3 billion daily ad requests and was downloaded over 38 million times.
Information security
fromSecuritymagazine
2 days ago

When the Breach Isn't Yours but the Headline Is: Managing Association Risk

Association risk causes reputational spillover from cybersecurity breaches to adjacent organizations, requiring proactive PR to build resilience and control narrative.
Information security
fromSecuritymagazine
2 days ago

Unlocking Security Talent: Questions HR Should Ask and What Their Answers Reveal

Security management roles are scarce in corporations, making recruitment difficult; clear hiring requirements and targeted interview questions improve candidate identification and selection.
Information security
fromSecuritymagazine
2 days ago

In an Age of Cyber Risk, Digital Transformation is No Longer Optional

Legacy systems in financial services increase cyber risk; firms must invest in modernization and cybersecurity to enhance resilience.
Information security
fromTheregister
2 days ago

Insider blamed for FinWise data breach affecting nearly 700K

FinWise Bank notified nearly 700,000 customers that a former employee may have accessed or acquired their personal data.
fromSecurityWeek
2 days ago

Zero Trust Is 15 Years Old - Why Full Adoption Is Worth the Struggle

Zero Trust turned fifteen years old on September 14, 2025. Its invention was announced with Forrester's publication of John Kindervag's paper, No More Chewy Centers: Introducing The Zero Trust Model of Information Security, on that date in 2010 (archived here). Zero trust recognizes that treating cybersecurity like an M&M (a hard crunchy shell impenetrable to hackers protecting a soft chewy center where staff can work freely and safely) simply doesn't work.
Information security
Information security
fromComputerWeekly.com
2 days ago

Arqit to support NCSC's post-quantum cryptography pilot | Computer Weekly

Arqit will support UK organisations' migration to post-quantum cryptography by providing discovery and migration planning using its Encryption Intelligence product.
[ Load more ]