Networks FCC walks back router update ban before it bricks America's network security Quietly extends waivers to 2029 after realizing it was about to leave millions of devices unpatched
AI + ML Frontier AI safety tests may be creating the very risks they're meant to stop Think tank warns outsider access to powerful models is governed by patchy controls and a hope nobody dangerous gets in
Security Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla Fears exponential increase in attack scale and speed
Security Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator After all that hype, AI scanner found one low-severity cURL flaw
Cyber-crime Water company's leaky security earns near-£1M fine Utility provider failed to detect Cl0p ransomware attack for nearly two years
Security Taiwan's train cyber-trauma reveals a global system that’s coming off the tracks That’s not a radio. THIS is a radio
Security Worm rubs out competitor's malware, then takes control All your compromised credentials are belong to us now instead of the other gang
cyber-crime Fake IT workers rented laptops to Nork scammers, got prison time Matthew Isaac Knoot and Erick Ntekereze Prince will each do 18 months for hosting laptops used by North Korean IT workers to remotely infiltrate US companies
security 60% of MD5 password hashes are crackable in under an hour Happy World Password Day! Maybe it's finally time to kill this holiday in favor of World No-More-Passwords Day?
Security India orders infosec red alert in case Mythos sparks crime spree Securities regulator urges market players to develop new strategies and nail cyber-basics before AI models fuel mass attacks
Security Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation Vendors all use different formats. This tech translates them all so you can smooth your SOC
Public Sector Mythos complicates the breakup, says Pentagon CTO, but Anthropic is still barred Emil Michael says agencies are evaluating the cybersecurity model, not deploying it
Cyber-crime Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down 313 Team tells Canonical: pay up or the packets keep coming
Security Bot her emails: most modern phishing campaigns are AI-enabled KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start
Patches Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day Emergency patches out now for those managing the millions of domains assumed to be affected
Networks GoDaddy customer claims registrar transferred 27-year-old domain without any security checks 32 phone calls, 17 email chains, a 5-day ordeal, and no help during the daddy of all stuffups, claim those affected
Security Cybersec is a thankless job: expanding workload and shrinking pay packet Global recruitment giant says 71% of human firewalls saw wages stagnate last year as threats and responsibilities grew
PaaS + IaaS Google Cloud Next proves what we suspected: Everything is AI now Join us for this week's Kettle as we dive into GCN and the latest not-so-alarming revelations about Mythos
Research Researchers find cyber-sabotage malware that may predate Stuxnet by five years FAST16 could be the first cyberweapon, and its effects could be with us today
Cyber-crime Medical data of 500k Biobank volunteers listed for sale on Alibaba, UK minister reveals World's largest biomedical dataset lifted and shifted on Chinese mega marketplace
Security If malware via monitor cables is a matter of national security, this might be the gadget for you Orgs can now buy UK cyber agency engineered commercial gadget, but details are slim
Security Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor NCSC boss says China's whole-of-state cyber machine has become Britain's peer competitor in cyberspace
Security Just like phishing for gullible humans, prompt injecting AIs is here to stay Aren't we all just prompting tokens of linguistic meaning and hoping the other person isn't bullshitting us?
Cyber-crime Automotive data biz Autovista blames ransomware for service disruption Some customer orgs tell staff to block inbound email from the provider
Security Anthropic's mysterious Mythos AI threatens to upend the infosec world Or it's a bunch of pre-IPO hype. Either way, we're giving it the once-over on this week's episode
Security Britain seeks views before it drops the hammer on signal jammers Four-week call for evidence intended to help shape laws aimed at devices linked to crime
Security Unpacking AI security in 2026 from experimentation to the agentic era Cut through the noise and understand the real risks, responsibilities, and responses shaping enterprise AI today.
Security NHS Scotland-linked domains caught serving pr0n and dodgy sports streams Two practice web addresses appear to have been compromised
Cyber-crime Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns 200 orgs and 5,000 devices compromised so far in Vlad's latest intelligence grab, Microsoft reckons
Networks US military contractor open sources tool for validating hidden communications networks Maude-HCS from RTX (formerly Raytheon) helps model and validate hidden communication systems
Cyber-crime Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more
CSO Lightning-fast exploits make it essential to patch fast, ask questions later Here's where you ought to spend your security billable hours budget this year
Cyber-crime Jaguar Land Rover's cyber bailout sets worrying precedent, watchdog warns Lack of clear criteria risks encouraging firms to lean on state support instead of worrying about insurance
Security Japan to allow ‘proactive cyber-defense’ from October 1st In less polite places, this is called ‘hacking back’ or ‘offensive cyber-ops’
Networks Iran's 'chosen users' get 'privileged access' despite internet blackout for masses Civilians relying on Dutch shortwave radio broadcast for outside information
Security Too big to ignore, too small to be served: the midmarket security gap Midmarket security leaders aren't as secure as they think, says Intruder's report
Security Flaw in UK's corporate registry let directors rummage through rival records Back button blunder in WebFiling service run by Companies House revealed confidential paperwork
Security Building the UK’s next generation of cyber talent Reflecting on the relaunch of the UK Cyber Team and introducing the next phase of leadership
AI + ML AI doctor's assistant is easily swayed to change prescriptions, give bad medical advice Spread false medical info, supersize drug orders, and more!
Security Kaspersky dismisses claims Coruna iPhone exploit kit is connected to NSA-linked operation Follows suggestions iPhone-pwning toolset bears hallmarks of zero-days that targeted Russian diplomats
Security UK government's Vulnerability Monitoring System is working - fixes flow far faster PLUS: Firefox adds XSS protection; Leadership turnover at CISA; FTC exempts some data collection
Applications Lovable-hosted app littered with basic flaws exposed 18K users, researcher claims Who's to blame – the vibey platforms or the humans who ignore security warnings?
AI + ML The idea of using a Raspberry Pi to run OpenClaw makes no sense The micro-computer maker’s shares surged this week after an X post tied the AI agent to Pi demand
Security Attackers have 16-digit card numbers, expiry dates, but not names. Now org gets £500k fine Appeals judge overrules lower tribunal in latest battle of ICO against a breached retail giant
Security DEF CON bans three Epstein-linked men from future events Emails show all discussed networking and biz interests with the sex offender throughout the 2010s
Software You can jailbreak an F-35 just like an iPhone, says Dutch defense chief No worries if the US doesn't want to be friends with Europe anymore
Security Infosec exec sold eight zero-day exploit kits to Russia, says DoJ PLUS: Fake ransomware group exposed; EC blesses Google's big Wiz deal; Alleged sewage hacker cuffed; And more
Security Were telcos tipped off to *that* ancient Telnet bug? Cyber pros say the signs stack up Curious port filtering and traffic patterns suggest advisories weren’t the earliest warning signals sent
Security Legacy systems blamed as ministers promise no repeat of Afghan breach UK government grilled over progress made to prevent a second life-threatening leak
Security AI agents spill secrets just by previewing malicious links Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn
Security More than 135,000 OpenClaw instances exposed to internet in latest vibe-coded disaster By default, the bot listens on all network interfaces, and many users never change it
Cyber-crime Flickr emails users about data breach, pins it on third party Attackers may have snapped user locations and activity information, message warns
Cyber-crime Italy claims cyberattacks 'of Russian origin' are pelting Winter Olympics Right on cue, petulant hacktivists attempt to disrupt yet another global sporting event
Security McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords Your favorite menu item might be easy to remember but it will not secure your account
Security OpenClaw patches one-click RCE as security Whac-A-Mole continues Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page
Cyber-crime Infrastructure cyberattacks are suddenly in fashion. We can buck the trend Don't be scared of the digital dark – learn how to keep the lights on
Security Open-source AI is a global security nightmare waiting to happen, say researchers Also, South Korea gets a pentesting F, US Treasury says bye bye to BAH, North Korean hackers evolve, and more
Security January blues return as Ivanti coughs up exploited EPMM zero-days Consider yourselves compromised, experts warn
AI + ML Autonomous cars, drones cheerfully obey prompt injection by road sign AI vision systems can be very literal readers
Cyber-crime ShinyHunters swipes right on 10M records in alleged dating app data grab Extortion crew says it's found love in someone else's info as Match Group plays down the impact
Security Patch or perish: Vulnerability exploits now dominate intrusions Apply fixes within a few hours or face the music, say the pros
Security Fortinet unearths another critical bug as SSO accounts borked post-patch More work for admins on the cards as they await a full dump of fixes
Security Old Windows quirks help punch through new admin defenses Google researcher sits on UAC bypass for ages, only for it to become valid with new security feature
Security Paranoid WhatsApp users rejoice: Encrypted app gets one-click privacy toggle Meta also replaces a legacy C++ media-handling security library with Rust
Agentic AI Clawdbot sheds skin to become Moltbot, can't slough off security issues The massively hyped agentic personal assistant has security experts wondering why anyone would install it
Cyber-crime Moscow likely behind wiper attack on Poland’s power grid, experts say Cyber sleuths believe Sandworm up to its old tricks with a brand-new sabotage toy
Security Pwn2Own Automotive 2026 uncovers 76 zero-days, pays out more than $1M Also, cybercriminals get breached, Gemini spills the calendar beans, and more
CSO AI-powered cyberattack kits are 'just a matter of time,' warns Google exec Security chief says criminals are already automating workflows, with full end-to-end tools likely within years
Security Bank of England: Financial sector failing to implement basic cybersecurity controls Mind the cyber gap – similar flaws highlighted multiple years in a row
Patches Ancient telnet bug happily hands out root to attackers Critical vuln flew under the radar for a decade
Public Sector Social Security Administration admits it underreported DOGE dirty dealings Encrypted files, Cloudflare sharing, and political outreach surface in DOJ filings
Security Ireland wants to give its cops spyware, ability to crack encrypted messages Its very own Snooper’s Charter comes a month after proposed biometric tech expansion
Cyber-crime Don't underestimate pro-Russia hacktivists, warns UK's cyber crew They’re not the most sophisticated, but even simple attacks can lead to costly consequences
Security Mandiant releases quick credential cracker, to hasten the death of a bad protocol PLUS: Navy spy sent to brig for 200 months; Black Axe busted again; Bill aims to crimp ICE apps; and more
Security Probably not the best security in the world: Carlsberg wristbands spill visitor pics Researcher shows how anyone can access Copenhagen experience attendees' names, videos
Security Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork Office workers without AI experience warned to watch for prompt injection attacks - good luck with that
Security CrowdStrike shareholders lose battle to recoup losses from 2024 outage Investors didn't present a valid claim, says judge, but they're welcome to try again
SaaS Mandiant open sources tool to prevent leaky Salesforce misconfigs AuraInspector automates the most common abuses and generates fixes for customers
AI + ML Businesses in 2026: Maybe we should finally look into that AI security stuff Survey finds security checks nearly doubled in a year as leaders wise up
Security Meta admits to Instagram password reset mess, denies data leak PLUS: Veeam patches critical vuln; Crims bribing dark web insiders; UK school takedown; And more
Cyber-crime UK government exempting itself from flagship cyber law inspires little confidence Ministers promise equivalent standards just without the legal obligation
Cyber-crime Stalkerware slinger pleads guilty for selling snooper software to suspicious spouses pcTattletale boss Bryan Fleming faces up to 15 years in prison when sentenced later this year
Cyber-crime Ministry of Justice splurged £50M on security – still missed Legal Aid Agency cyberattack High-risk system compromised long before intrusion was finally spotted
Security HSBC app takes a dim view of sideloaded Bitwarden installations Customers report being locked out after grabbing the password manager via F-Droid
Public Sector UK injects just £210M into cyber plan to stop Whitehall getting pwnd Central government will supposedly be as secure as energy facilities and datacenters under new proposals
Security Trump admin sends heart emoji to commercial spyware makers with lifted Predator sanctions Also, Korean Air hacked, EmEditor installer hijacked, a perfect 10 router RCE vuln, and more
Security Brit lands invite-only Aussie visa after uncovering vuln in government systems Jacob Riggs is set to swap London for Sydney some time in the next year
Cyber-crime European Space Agency hit again as cybercrims claim 200 GB data up for sale As in past incidents, ESA says the impact was limited to external systems
Patches An early end to the holidays: 'Heartbleed of MongoDB' is now under active exploit You didn't think you'd get to enjoy your time off without a major cybersecurity incident, did you?
CSO Around 1,000 systems compromised in ransomware attack on Romanian water agency On-site staff keep key systems working while all but one region battles with encrypted PCs
Cyber-crime NHS tech supplier probes cyberattack on internal systems Around 2,000 GP practices use its products
Security PwC on using AI to turn cybersecurity risk into competitive advantage PwC supports clients across the full cyber lifecycle
Security Championing Cyber Security: the National UK Cyber Team's Journey at the European Cyber Security Challenge
Public Sector Critical federal cybersecurity funding set to resume as government shutdown draws to a close - for now
Cyber-crime Bank of England says JLR's cyberattack contributed to UK's unexpectedly slower GDP growth
Personal Tech X says passkey reset isn't about a security issue – it's to finally kill off twitter.com
Cybersecurity Month All your vulns are belong to us! CISA wants to maintain gov control of CVE program
Security How does China keep stealing our stuff, wonders DoD group responsible for keeping foreign agents out
