#cybersecurity

[ follow ]
#malware #data-breach #vulnerabilities #ai #ransomware #shinyhunters #phishing #ai-security #cisa #risk-management
Information security
fromTheregister
35 minutes ago

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.
Artificial intelligence
fromAxios
1 hour ago

How Cyber Command is building its AI cyber war playbook

Cyber Command is building flexible infrastructure to utilize various AI models, regardless of origin, to enhance cyber operations.
Information security
fromSecurityWeek
1 hour ago

Vimeo Confirms User and Customer Data Breach

Vimeo confirmed a data breach involving user data theft through a third-party vendor, but no video content or payment information was compromised.
#ransomware
Information security
fromThe Hacker News
4 hours ago

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 acts as a wiper, permanently destroying files instead of encrypting them, making recovery impossible even for victims who pay the ransom.
Information security
fromFuturism
2 days ago

Ransomware Negotiator Pleads Guilty to Deploying Ransomware Himself

A ransomware negotiator conspired with hackers, betraying clients and facilitating attacks against multiple companies.
Information security
fromThe Hacker News
4 hours ago

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 acts as a wiper, permanently destroying files instead of encrypting them, making recovery impossible even for victims who pay the ransom.
Information security
fromFuturism
2 days ago

Ransomware Negotiator Pleads Guilty to Deploying Ransomware Himself

A ransomware negotiator conspired with hackers, betraying clients and facilitating attacks against multiple companies.
more#ransomware
#agentic-ai
Information security
fromSecurityWeek
3 hours ago

The Mythos Moment: Enterprises Must Fight Agents with Agents

Agentic AI poses significant cyber risks by autonomously identifying and exploiting software vulnerabilities, necessitating advanced defensive measures.
Information security
fromSecurityWeek
4 days ago

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Agentic AI is transforming cybersecurity, presenting both opportunities for defenders and risks for attackers, necessitating a strategic response from the industry.
Information security
fromSecurityWeek
3 hours ago

The Mythos Moment: Enterprises Must Fight Agents with Agents

Agentic AI poses significant cyber risks by autonomously identifying and exploiting software vulnerabilities, necessitating advanced defensive measures.
Information security
fromSecurityWeek
4 days ago

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Agentic AI is transforming cybersecurity, presenting both opportunities for defenders and risks for attackers, necessitating a strategic response from the industry.
more#agentic-ai
fromSecurityWeek
4 hours ago

Robinhood Vulnerability Exploited for Phishing Attacks

"This phishing attempt was made possible by an abuse of the account creation flow. It was not a breach of our systems or customer accounts, and personal information and funds were not impacted."
Deliverability
UK news
fromLondon Business News | Londonlovesbusiness.com
4 hours ago

MPs consider issuing survival handbook as Britain braces for potential large-scale war - London Business News | Londonlovesbusiness.com

UK households may receive survival guides as the government updates its Cold War-era contingency planning framework to address rising threats.
Information security
fromSecurityWeek
6 hours ago

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.
Information security
fromSecurityWeek
7 hours ago

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable

Predictable budgets and on-demand defensive agentic AI can now be aligned despite historical incompatibility.
fromThe Hacker News
7 hours ago

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline, where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components.
Privacy professionals
Information security
fromSecurityWeek
7 hours ago

Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety

Electric motorcycles from Zero Motorcycles and scooters from Yadea have vulnerabilities that could impact physical security and safety.
#ai
Information security
fromTheregister
21 hours ago

Cursor-Opus agent snuffs out startup's production database

An AI coding agent deleted PocketOS's production database and backups in 9 seconds due to a credential mismatch and improper token permissions.
more#ai
Germany news
fromSecurityWeek
8 hours ago

Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials

Germany suspects Russia behind phishing attacks on Signal targeting politicians and journalists, with investigations ongoing into espionage allegations.
Business
fromFortune
8 hours ago

What the NSA's former director wants CEOs to know about navigating a dangerous world | Fortune

Agility in volatile times requires understanding complex threats and adapting strategies to new realities, especially in national security and economic contexts.
#hacking
more#hacking
#microsoft
Information security
fromThe Hacker News
11 hours ago

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft acknowledged active exploitation of a high-severity security flaw in Windows Shell, now patched, allowing unauthorized access to sensitive information.
Information security
fromThe Hacker News
11 hours ago

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft acknowledged active exploitation of a high-severity security flaw in Windows Shell, now patched, allowing unauthorized access to sensitive information.
Artificial intelligence
fromDevOps.com
3 days ago

Microsoft Turns to Anthropic's Mythos to Improve Cyber Defense

Microsoft integrates Anthropic's AI models into its Security Development Lifecycle to enhance code analysis and vulnerability detection.
more#microsoft
Privacy professionals
fromSecurityWeek
12 hours ago

Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak

Medtronic confirmed a hack by ShinyHunters, claiming millions of records were stolen, but asserts no impact on patient safety or operations.
#data-breach
fromSecuritymagazine
1 day ago
Privacy professionals

ADT Breach Confirmed: Names, Phone Numbers, and Addresses Exposed

ADT experienced a data breach, with personal information of customers accessed, but no payment information was compromised.
Privacy professionals
fromTheregister
1 day ago

Burglar alarm biz gets burgled, ShinyHunters pursues ransom

ADT confirmed a cyber intrusion by ShinyHunters, claiming over 10 million records were stolen, while ADT reported a limited data breach.
Information security
fromThe Hacker News
1 day ago

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx's investigation reveals a cybercriminal group published data from its GitHub repository on the dark web following a supply chain attack.
Privacy professionals
fromTheregister
1 day ago

Burglar alarm biz gets burgled, ShinyHunters pursues ransom

ADT confirmed a cyber intrusion by ShinyHunters, claiming over 10 million records were stolen, while ADT reported a limited data breach.
more#data-breach
UK politics
fromwww.independent.co.uk
21 hours ago

MP's website sees cyberattack traceable to China', sending users to gambling pages

The Independent provides critical journalism on various issues, emphasizing the importance of donations to support unbiased reporting without paywalls.
Marketing tech
fromThedrum
23 hours ago

White Bullet appoints Stuart Dickinson as Director of Advertising Operations and Client Success

Stuart Dickinson joins White Bullet as Director of Advertising Operations to enhance adtech partnerships and programmatic integrations.
Cryptocurrency
fromFuturism
1 day ago

Bitcoin Developers Are Debating a Move That Could Send Crypto Markets Into a Tailspin

Quantum computers pose a significant cybersecurity threat, prompting proposals to freeze dormant Bitcoins to protect them.
Information security
fromSecuritymagazine
1 day ago

Why Energy Infrastructure Is Cybersecurity's Next Frontier

The energy transition is expanding the cyberattack surface of critical infrastructure, creating new risks and challenges for cybersecurity.
#malware
Information security
fromThe Hacker News
1 day ago

Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

New malware fast16 predates Stuxnet, targeting high-precision software to subtly alter calculations, potentially causing significant failures.
Information security
fromThe Hacker News
1 day ago

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Dozens of malicious VS Code extensions linked to the GlassWorm campaign have been identified, posing risks to developers through cloned versions of legitimate tools.
Information security
fromThe Hacker News
3 days ago

Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting Engineering Software

A new Lua-based malware, fast16, predates Stuxnet and targets high-precision calculation software for cyber sabotage.
Information security
fromThe Hacker News
4 days ago

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.
Information security
fromSecurityWeek
4 days ago

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Fast16 is a Lua-based malware discovered by SentinelOne, predating Stuxnet, designed to tamper with high-precision software.
Information security
fromTheregister
4 days ago

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.
Information security
fromThe Hacker News
1 day ago

Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

New malware fast16 predates Stuxnet, targeting high-precision software to subtly alter calculations, potentially causing significant failures.
Information security
fromThe Hacker News
1 day ago

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Dozens of malicious VS Code extensions linked to the GlassWorm campaign have been identified, posing risks to developers through cloned versions of legitimate tools.
Information security
fromThe Hacker News
3 days ago

Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting Engineering Software

A new Lua-based malware, fast16, predates Stuxnet and targets high-precision calculation software for cyber sabotage.
Information security
fromThe Hacker News
4 days ago

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.
Information security
fromSecurityWeek
4 days ago

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Fast16 is a Lua-based malware discovered by SentinelOne, predating Stuxnet, designed to tamper with high-precision software.
Information security
fromTheregister
4 days ago

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.
more#malware
#crowdstrike
Information security
from24/7 Wall St.
1 day ago

Mizuho Upgrades CrowdStrike With a $520 Price Target: Is AI Security the Next Mega-Trade?

Mizuho upgraded CrowdStrike to Outperform, raising its price target to $520, citing strong demand and AI security growth potential.
Information security
from24/7 Wall St.
1 day ago

Mizuho Upgrades CrowdStrike With a $520 Price Target: Is AI Security the Next Mega-Trade?

Mizuho upgraded CrowdStrike to Outperform, raising its price target to $520, citing strong demand and AI security growth potential.
more#crowdstrike
UK politics
fromBusiness Matters
1 day ago

Ministers urge British boardrooms to sign cyber-resilience pledge as AI threat escalates

Ministers urge UK companies to enhance cyber-defenses amid AI threats, promoting a new cyber-resilience pledge for board-level responsibility.
Privacy professionals
fromTechCrunch
1 day ago

Critical infrastructure giant Itron says it was hacked | TechCrunch

Itron confirmed a cyberattack in April, with hackers accessing some systems but no signs of further intrusions detected.
#ai-security
fromSecurityWeek
1 day ago
Information security

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

fromZDNET
4 days ago
Information security

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Information security
fromSecurityWeek
1 day ago

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Google's research reveals an increase in indirect prompt injection attacks on AI, though their sophistication remains relatively low.
Information security
fromZDNET
4 days ago

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.
more#ai-security
Information security
fromSecurityWeek
1 day ago

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

OpenSSH versions have a vulnerability allowing root access via certificate misconfiguration, undetectable by log-based systems.
Information security
fromTheregister
1 day ago

Cybersecurity professional getting more work and less pay

Cybersecurity professionals faced significant pay stagnation in 2025, with 77% in the UK receiving no salary increase despite high demand for their roles.
#phishing
Information security
fromSecurityWeek
1 day ago

UNC6692 Uses Email Bombing, Social Engineering to Deploy 'Snow' Malware

A threat actor, UNC6692, impersonates IT support to deploy malware through phishing emails and malicious browser extensions.
fromThe Local Germany
3 days ago
Germany politics

Germany launches spying probe into Signal attacks targeting MPs

German prosecutors investigate phishing attacks on lawmakers, linked to Russia, highlighting the need for vigilance against espionage threats.
Information security
fromSecurityWeek
1 day ago

UNC6692 Uses Email Bombing, Social Engineering to Deploy 'Snow' Malware

A threat actor, UNC6692, impersonates IT support to deploy malware through phishing emails and malicious browser extensions.
Germany politics
fromThe Local Germany
3 days ago

Germany launches spying probe into Signal attacks targeting MPs

German prosecutors investigate phishing attacks on lawmakers, linked to Russia, highlighting the need for vigilance against espionage threats.
more#phishing
Information security
fromThe Hacker News
1 day ago

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Telecommunications fraud campaign uses fake CAPTCHA to trick users into sending costly international text messages, generating illicit revenue for fraudsters.
Information security
fromZDNET
1 day ago

Nearly half of cybersecurity pros want to quit - here's why

There's a significant mismatch between demand and rewards in cybersecurity, leading to dissatisfaction among professionals.
Privacy technologies
fromThe Local Germany
2 days ago

As phishing attacks hit Germany - how secure is Signal messenging app?

Signal, a secure messaging app, faces phishing attacks linked to Russian groups, raising concerns about its security despite its end-to-end encryption.
Careers
fromEntrepreneur
3 days ago

How to Know Where Your Security Threat Is Before It's Too Late

Organizations winning the security talent war operationalize key questions to prevent knowledge loss and enhance cybersecurity resilience.
fromTechCrunch
3 days ago

Why Tokyo is the most important tech destination of 2026 | TechCrunch

Sessions featuring Howard Wright (Nvidia), Rob Chu (AWS), and Eric Benhamou (Benhamou Global Ventures) cut through the noise to examine where AI is genuinely deployed at scale and where the real risks lie.
London startup
Information security
fromSecurityWeek
3 days ago

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

GopherWhisper is a newly identified APT using legitimate services for command-and-control communication and data exfiltration, primarily targeting a Mongolian government entity.
#vulnerabilities
Information security
fromThe Hacker News
3 days ago

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA added four vulnerabilities to its KEV catalog, indicating active exploitation affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers.
Information security
fromSecurityWeek
4 days ago

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.
Information security
fromThe Hacker News
3 days ago

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA added four vulnerabilities to its KEV catalog, indicating active exploitation affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers.
Information security
fromSecurityWeek
4 days ago

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.
more#vulnerabilities
Privacy professionals
fromArs Technica
4 days ago

Why are top university websites serving porn? It comes down to shoddy housekeeping.

Universities often neglect DNS record maintenance, leading to hijacked subdomains that can appear in search results.
Information security
from24/7 Wall St.
4 days ago

Cybersecurity ETFs Face a Reckoning: Which 3 Will Weather the Downturn

Cybersecurity spending is essential for corporations, leading to increased investment in thematic ETFs focused on security budgets post-breach.
#cloud-security
DevOps
fromTechRepublic
2 years ago

What is Cloud Security? Fundamental Guide

Cloud security requires specialized processes and technologies to protect assets and data from evolving threats in a dynamic environment.
DevOps
fromSecurityWeek
4 days ago

Copperhelm Raises $7 Million for Agentic Cloud Security Platform

Copperhelm raised $7 million for its AI-driven cloud security platform that autonomously monitors and remediates threats in real time.
DevOps
fromTechRepublic
2 years ago

What is Cloud Security? Fundamental Guide

Cloud security requires specialized processes and technologies to protect assets and data from evolving threats in a dynamic environment.
DevOps
fromSecurityWeek
4 days ago

Copperhelm Raises $7 Million for Agentic Cloud Security Platform

Copperhelm raised $7 million for its AI-driven cloud security platform that autonomously monitors and remediates threats in real time.
more#cloud-security
Europe news
fromSecuritymagazine
4 days ago

Netherlands Faces Greatest National Security Threat Since World War Two

The Netherlands faces its greatest national security threat since World War Two, primarily from Russia and China.
fromThe Hacker News
4 days ago

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues. Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."
Privacy professionals
Information security
fromComputerWeekly.com
4 days ago

BT has now blocked over a billion clicks to malicious websites, says NCSC | Computer Weekly

BT and EE have blocked over a billion clicks to malicious websites using intelligence from the UK's National Cyber Security Centre.
Privacy professionals
fromTheregister
4 days ago

ShinyHunters claim they have cruise giant Carnival's booty

Carnival Corporation faces a significant data breach involving 7.5 million email addresses linked to its Mariner Society loyalty program.
#passkeys
fromwww.bbc.com
4 days ago
Privacy technologies

UK cyber chiefs say it's time to ditch passwords for passkeys - what are they?

People in the UK are encouraged to use passkeys instead of passwords for better online security.
more#passkeys
Information security
fromFortune
4 days ago

Mythos access by Discord group reveals real danger of AI-powered hacking | Fortune

Unauthorized access to AI models exposes vulnerabilities in cybersecurity, highlighting the rapid pace of AI-driven exploitation of flaws.
Information security
fromSecurityWeek
4 days ago

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.
Privacy technologies
fromMail Online
4 days ago

How to create secure passwords - it might be time to switch to passkey

Using unique passwords and transitioning to passkeys enhances online security and reduces the risk of cyber threats.
Information security
fromTechzine Global
4 days ago

Agentic AI is reshaping the network - and it's time to upgrade

Wireless connectivity is essential for AI, transforming industries and requiring strategic management to address complexity and security risks.
Information security
fromThe New Yorker
4 days ago

How Big a Threat Are Iranian-Backed Cyber Attacks?

Iranian cyber actors have accessed critical U.S. infrastructure, highlighting vulnerabilities in cybersecurity and the ongoing nature of nation-state hacking.
Information security
fromBusiness Matters
4 days ago

Why Effective Patch Management Is Critical for Cybersecurity in 2026

Timely patch management is essential for protecting digital assets and maintaining business continuity against evolving cyber threats.
Information security
fromTheregister
4 days ago

Attackers could disable all of a city's public EV chargers

Rented IoT infrastructure prioritizes user convenience over security, exposing them to denial of service attacks and vulnerabilities.
[ Load more ]