CSO Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios
CSO Lightning-fast exploits make it essential to patch fast, ask questions later Here's where you ought to spend your security billable hours budget this year
CSO CISA updated ransomware intel on 59 bugs last year without telling defenders GreyNoise's Glenn Thorpe counts the cost of missed opportunities
CSO AI security startup CEO posts a job. Deepfake candidate applies, inner turmoil ensues 'I did not think it was going to happen to me, but here we are'
CSO AI-powered cyberattack kits are 'just a matter of time,' warns Google exec Security chief says criminals are already automating workflows, with full end-to-end tools likely within years
CSO Fortinet admits FortiGate SSO bug still exploitable despite December patch Fix didn't quite do the job – attackers spotted logging in
CSO Around 1,000 systems compromised in ransomware attack on Romanian water agency On-site staff keep key systems working while all but one region battles with encrypted PCs
CSO FCC guts post-Salt Typhoon telco rules despite ongoing espionage risk Months after China-linked spies burrowed into US networks, regulator tears up its own response
CSO CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix
CSO SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere Company 'clearly delighted' with the outcome
CSO Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood GlobalProtect login endpoints targeted, sparking concern that something bigger may be brewing
CSO Germany slams brakes on EU's Chat Control device-scanning snoopfest Berlin's opposition likely kills off Brussels' bid to scan everyone's messages
CSO UK government dragged for incomplete security reforms after Afghan leak fallout Senior officials summoned to science and tech committee to explain further
CSO Law firm email blunder exposes Church of England abuse victim details Apology issued after names tied to redress scheme revealed in mass mailing
CSO US spy chief claims UK backed down over Apple backdoor demand Tulsi Gabbard boasts Washington forced Blighty to drop iPhone encryption fight
CSO Workday warns of CRM breach after social engineers make off with business contact details HR SaaS giant insists core systems untouched
CSO Red teams are safe from robots for now, as AI makes better shield than spear The bad news? The machines, and their operators, are coming on fast
CSO Ex-White House cyber, counter-terrorism guru: Microsoft considers security an annoyance, not a necessity Tells The Reg China's ability to p0wn Redmond's wares 'gives me a political aneurysm'
CSO CISA releases malware analysis for Sharepoint Server attack Indications of compromise and Sigma rules report for your security scanners amid ongoing 'ToolShell' blitz
CSO Security pros are drowning in threat-intel data and it's making everything more dangerous Plus, 60% don't have enough analysts to make sense of it
CSO Phishing platforms, infostealers blamed as identity attacks soar Get your creds in order or risk BEC, ransomware attacks, orgs warned
CSO Supply chain attacks surge with orgs 'flying blind' about dependencies Who is the third party that does the thing in our thing? Yep. Attacks explode over past year
CSO Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI
CSO 23andMe hit with £2.3M fine after exposing genetic data of millions Penalty follows year-long probe into flaws that allowed attack to affect so many
CSO Wanted: Junior cybersecurity staff with 10 years' experience and a PhD Infosec employers demanding too much from early-career recruits, says ISC2
CSO Slapped wrists for Financial Conduct Authority staff who emailed work data home It was one of the offenders' final warning
CSO Your ransomware nightmare just came true – now what? Don't negotiate unless you must, and if so, drag it out as long as you can
CSO 'Ongoing' Ivanti hijack bug exploitation reaches clouds Nothing like insecure code in security suites
CSO Ex-NSA bad-guy hunter listened to Scattered Spider's fake help-desk calls: 'Those guys are good' Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks
CSO Snowflake CISO on the power of 'shared destiny' and 'yes and' Lessons learned from last year's security snafu
CSO Why CVSS is failing us and what we can do about it How Adversarial Exposure Validation is changing the way we approach vulnerability management
CSO Everyone's deploying AI, but no one's securing it – what could go wrong? Crickets as senior security folk asked about risks at NCSC conference
CSO Ransomware scum have put a target on the no man's land between IT and operations Defenses are weaker, and victims are more likely to pay, SANS warns
CSO Why aggregating your asset inventory leads to better security Today’s complex IT environments demand a new approach
CSO Britain's cyber agents and industry clash over how to tackle shoddy software Providers argue that if end users prioritized security, they'd get it
CSO PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied Now individual school districts extorted by fiends
CSO After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI CEO: Neural net tech 'flattens our hiring curve, helps us innovate'
CSO Ghost in the shell script: Boffins reckon they can catch bugs before programs run Go ahead, please do Bash static analysis
CSO Cloud doesn’t mean secure: How Intruder finds what others miss A cloud security platform that manages the attack surface and security vulnerabilities in AWS
CSO Watch out for any Linux malware sneakily evading syscall-watching antivirus Google dumped io_uring after $1M in bug bounties
CSO Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn Sometimes, silence is the best option
CSO The future of AI in cybersecurity in a word: Optimistic Think of artificial intelligence as your embedded ally
CSO Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future
CSO Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year Cybercriminals are targeting software shops, accountants, lawyers
CSO Blue Shield says it shared health info on up to 4.7M patients with Google Ads Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway
CSO Who needs phishing when your login's already in the wild? Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get
CSO America's cyber defenses are being dismantled from the inside The CVE system nearly dying shows that someone has lost the plot
CSO Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps 10 other certificates 'were mis-issued and have now been revoked'
CSO Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days It's now hitting govt, enterprise targets
CSO Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter Some in the infosec world definitely want to see Big Red crucified
CSO Whistleblower describes DOGE IT dept rampage at America's labor watchdog Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim
CSO Signalgate chats vanish from CIA chief phone Extraordinary rendition of data, or just dropped it out of a helicopter?
CSO Identifying the cyber risks that matter From noise to clarity: Why CISOs are shifting to adversarial exposure validation
CSO CVE program gets last-minute funding from CISA – and maybe a new home Uncertainty is the new certainty
CSO Uncle Sam kills funding for CVE program. Yes, that CVE program Because vulnerability management has nothing to do with national security, right?
CSO Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks Military units, government nerds appear to join the fray, with physical infra in sights
CSO Infosec experts fear China could retaliate against tariffs with a Typhoon attack Scammers are already cashing in with fake invoices for import costs
CSO Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz How Chocolate Factory hopes to double down on enterprise-sec
CSO UK's attempt to keep details of Apple 'backdoor' case secret… denied Last month's secret hearing comes to light
CSO For flux sake: CISA, annexable allies warn of hot DNS threat Shape shifting technique described as menace to national security
CSO Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat So F-18 launch times, weapons, drone support aren't classified now ... who knew?
CSO US defense contractor cops to sloppy security, settles after infosec lead blows whistle MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade
CSO As nation-state hacking becomes 'more in your face,' are supply chains secure? Ex-US Air Force officer says companies shouldn't wait for govt mandates
CSO Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US Plus AI in the infosec world, why CISA should know its place, and more
CSO UK wants dirt on data brokers before criminals get there first Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs
CSO 'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild' One PUT request, one poisoned session file, and the server’s yours
CSO Court filing: DOGE aide broke Treasury policy by emailing unencrypted database More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit
CSO UK must pay cyber pros more than its Prime Minister, top civil servant says Leaders call for fewer contractors and more top talent installed across government
CSO Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands
CSO The NHS security culture problem is a crisis years in the making Insiders say board members must be held accountable and drive positive change from the top down
CSO Cybersecurity not the hiring-'em-like-hotcakes role it once was Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts
CSO Google binning SMS MFA at last and replacing it with QR codes Everyone knew texted OTPs were a dud back in 2016
CSO Time to make C the COBOL of this century Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees
CSO If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir
CSO Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff
CSO Sophos sheds 6% of staff after swallowing Secureworks De-dupes some roles, hints others aren't needed as the infosec scene shifts
CSO I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice Remote position, webcam not working, then glitchy AI face ... Red alert!
CSO If Ransomware Inc was a company, its 2024 results would be a horror show 35% drop in payments across the year as your backups got better and law enforcement made a difference
CSO Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' When cloud customers don't clean up after themselves, part 97
CSO What does it mean to build in security from the ground up? As if secure design is the only bullet point in a list of software engineering best practices
CSO Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek Oh someone's in DeepShi...
CSO Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet And now you won't stop calling me, I'm kinda busy
CSO The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings
CSO Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch Everyone agrees defense matters. How to do it is up for debate
CSO Ransomware scum make it personal for Reg readers by impersonating tech support That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems
CSO FCC to telcos: By law you must secure your networks from foreign spies. Get on it Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping
CSO GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches' Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools
CSO I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director In colossal surprise, ONCD boss Harry Coker says more work is needed
CSO T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes'
CSO Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update
CSO How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code
CSO Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended
CSO Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation
CSO Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies
