Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios
Lightning-fast exploits make it essential to patch fast, ask questions later Here's where you ought to spend your security billable hours budget this year
CISA updated ransomware intel on 59 bugs last year without telling defenders GreyNoise's Glenn Thorpe counts the cost of missed opportunities
AI security startup CEO posts a job. Deepfake candidate applies, inner turmoil ensues 'I did not think it was going to happen to me, but here we are'
AI-powered cyberattack kits are 'just a matter of time,' warns Google exec Security chief says criminals are already automating workflows, with full end-to-end tools likely within years
Fortinet admits FortiGate SSO bug still exploitable despite December patch Fix didn't quite do the job – attackers spotted logging in
Around 1,000 systems compromised in ransomware attack on Romanian water agency On-site staff keep key systems working while all but one region battles with encrypted PCs
FCC guts post-Salt Typhoon telco rules despite ongoing espionage risk Months after China-linked spies burrowed into US networks, regulator tears up its own response
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix
SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere Company 'clearly delighted' with the outcome
Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood GlobalProtect login endpoints targeted, sparking concern that something bigger may be brewing
Germany slams brakes on EU's Chat Control device-scanning snoopfest Berlin's opposition likely kills off Brussels' bid to scan everyone's messages
UK government dragged for incomplete security reforms after Afghan leak fallout Senior officials summoned to science and tech committee to explain further
Law firm email blunder exposes Church of England abuse victim details Apology issued after names tied to redress scheme revealed in mass mailing
US spy chief claims UK backed down over Apple backdoor demand Tulsi Gabbard boasts Washington forced Blighty to drop iPhone encryption fight
Workday warns of CRM breach after social engineers make off with business contact details HR SaaS giant insists core systems untouched
Red teams are safe from robots for now, as AI makes better shield than spear The bad news? The machines, and their operators, are coming on fast
Ex-White House cyber, counter-terrorism guru: Microsoft considers security an annoyance, not a necessity Tells The Reg China's ability to p0wn Redmond's wares 'gives me a political aneurysm'
CISA releases malware analysis for Sharepoint Server attack Indications of compromise and Sigma rules report for your security scanners amid ongoing 'ToolShell' blitz
Security pros are drowning in threat-intel data and it's making everything more dangerous Plus, 60% don't have enough analysts to make sense of it
Phishing platforms, infostealers blamed as identity attacks soar Get your creds in order or risk BEC, ransomware attacks, orgs warned
Supply chain attacks surge with orgs 'flying blind' about dependencies Who is the third party that does the thing in our thing? Yep. Attacks explode over past year
Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI
23andMe hit with £2.3M fine after exposing genetic data of millions Penalty follows year-long probe into flaws that allowed attack to affect so many
Wanted: Junior cybersecurity staff with 10 years' experience and a PhD Infosec employers demanding too much from early-career recruits, says ISC2
Slapped wrists for Financial Conduct Authority staff who emailed work data home It was one of the offenders' final warning
Your ransomware nightmare just came true – now what? Don't negotiate unless you must, and if so, drag it out as long as you can
'Ongoing' Ivanti hijack bug exploitation reaches clouds Nothing like insecure code in security suites
Ex-NSA bad-guy hunter listened to Scattered Spider's fake help-desk calls: 'Those guys are good' Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks
Snowflake CISO on the power of 'shared destiny' and 'yes and' Lessons learned from last year's security snafu
Why CVSS is failing us and what we can do about it How Adversarial Exposure Validation is changing the way we approach vulnerability management
Everyone's deploying AI, but no one's securing it – what could go wrong? Crickets as senior security folk asked about risks at NCSC conference
Ransomware scum have put a target on the no man's land between IT and operations Defenses are weaker, and victims are more likely to pay, SANS warns
Why aggregating your asset inventory leads to better security Today’s complex IT environments demand a new approach
Britain's cyber agents and industry clash over how to tackle shoddy software Providers argue that if end users prioritized security, they'd get it
PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied Now individual school districts extorted by fiends
After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI CEO: Neural net tech 'flattens our hiring curve, helps us innovate'
Ghost in the shell script: Boffins reckon they can catch bugs before programs run Go ahead, please do Bash static analysis
Cloud doesn’t mean secure: How Intruder finds what others miss A cloud security platform that manages the attack surface and security vulnerabilities in AWS
Watch out for any Linux malware sneakily evading syscall-watching antivirus Google dumped io_uring after $1M in bug bounties
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn Sometimes, silence is the best option
The future of AI in cybersecurity in a word: Optimistic Think of artificial intelligence as your embedded ally
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year Cybercriminals are targeting software shops, accountants, lawyers
Blue Shield says it shared health info on up to 4.7M patients with Google Ads Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway
Who needs phishing when your login's already in the wild? Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get
America's cyber defenses are being dismantled from the inside The CVE system nearly dying shows that someone has lost the plot
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps 10 other certificates 'were mis-issued and have now been revoked'
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days It's now hitting govt, enterprise targets
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter Some in the infosec world definitely want to see Big Red crucified
Whistleblower describes DOGE IT dept rampage at America's labor watchdog Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim
Signalgate chats vanish from CIA chief phone Extraordinary rendition of data, or just dropped it out of a helicopter?
Identifying the cyber risks that matter From noise to clarity: Why CISOs are shifting to adversarial exposure validation
CVE program gets last-minute funding from CISA – and maybe a new home Uncertainty is the new certainty
Uncle Sam kills funding for CVE program. Yes, that CVE program Because vulnerability management has nothing to do with national security, right?
Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks Military units, government nerds appear to join the fray, with physical infra in sights
Infosec experts fear China could retaliate against tariffs with a Typhoon attack Scammers are already cashing in with fake invoices for import costs
Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz How Chocolate Factory hopes to double down on enterprise-sec
UK's attempt to keep details of Apple 'backdoor' case secret… denied Last month's secret hearing comes to light
For flux sake: CISA, annexable allies warn of hot DNS threat Shape shifting technique described as menace to national security
Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat So F-18 launch times, weapons, drone support aren't classified now ... who knew?
US defense contractor cops to sloppy security, settles after infosec lead blows whistle MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade
As nation-state hacking becomes 'more in your face,' are supply chains secure? Ex-US Air Force officer says companies shouldn't wait for govt mandates
Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US Plus AI in the infosec world, why CISA should know its place, and more
UK wants dirt on data brokers before criminals get there first Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild' One PUT request, one poisoned session file, and the server’s yours
