News

International cops stuck down 23 servers in 7 countries

Cops from eight countries this week disrupted SocksEscort, a residential proxy service used by criminals to compromise hundreds of thousands of routers worldwide and carry out digital fraud, costing businesses and consumers millions.…

No rest for project maintainers battered by slew of vulnerability disclosures

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n.…

Like deleting data, exposing keys, and loading malicious content, perhaps leading to government ban

China’s National Computer Network Emergency Response Technical Team has warned locals that the OpenClaw agentic AI tool poses significant security risks.…

State news published a list of nearly 30 sites that could be targeted

Iran has reportedly designated Amazon, Google, IBM, Microsoft, Nvidia, Oracle, and Palantir facilities as legitimate targets of retaliatory strikes, according to an Al Jazeera report citing Iran’s state-affiliated Tasnim news agency.…

Meanwhile, Verifone says 'no evidence' to support the digital intruders' claims

A hacking crew with ties to Iran's intelligence agency claimed to be behind a global network outage at med-tech firm Stryker on Wednesday, and said the cyberattack was in response to the US-Israel airstrikes.…

150k accounts nuked, 21 suspects arrested

Not every scam starts with malware or a compromised account. Sometimes all it takes is a friend request or a link shared via chat.…

Blue-on-blue internal investigation lands force £66k fine

The UK's data protection watchdog has fined Police Scotland £66,000 ($88,000) for what it calls a "serious failure" in handling an alleged victim's sensitive data.…

Officials suspend Basel-Stadt trial and launch probe

A Swiss canton has suspended its pilot of electronic voting after failing to count 2,048 votes cast in national referendums held on March 8.…

17-year-old allegedly withdrew large sums of cash from ATMs

Dutch police have arrested a 17-year-old boy who detectives suspect was responsible for 16 bank card frauds across the Netherlands.…

Advocate General urges rethink of PSD2 to speed compensation after scams

Analysis  One of the European Union's top legal advisors is trying to change how banks treat cybercrime victims – meaning they could enjoy greater financial protections sooner than expected.…

Reflecting on the relaunch of the UK Cyber Team and introducing the next phase of leadership

Partner Content  The UK Cyber Team is a government initiative led by the Department for Science, Innovation and Technology in partnership with SANS Institute. Its purpose is to identify, develop, and support the UK’s most promising emerging cyber talent, while ensuring the UK is represented with confidence and credibility on the international cyber stage.…

Could steal sensitive personal and financial data

After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn't exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we're sure is a welcome change to sysadmins.…

Ransomware, malware-as-a-service, infostealers benefit MOIS, too

Iranian government-backed snoops are increasingly using cybercrime malware and ransomware infrastructure in their operations - not just hiding behind criminal masks as a cover for destructive cyber activity, according to security researchers.…

Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate’s campaign page

Cyber baddies quietly compromised legitimate WordPress websites, including the campaign site of a US Senate candidate, turning them into launchpads for a global infostealer operation.…

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines.…

Crooks used simple phone scam to compromise vendor account, spilling personal and financial data belonging to more than 15,000 people

A voice-phishing scam targeting one of Ericsson's service providers has exposed the personal data of more than 15,000 individuals after attackers sweet-talked an employee into handing over access.…

Digital freedom needs a Kali Linux for the rest of us

Opinion  The hacker mind is a curious way to be. To have it means to embody endless analytical curiosity, an awareness of any given rule set as just one system among many, and an ability to see any system in ways that its creators never expected. Combine this with a drive to find the bad and make things better, and you become one of the fundamental forces of the technological universe.…

Kids profited from tools used to attack popular websites, say officials

Polish police have referred seven suspected juvenile cybercriminals to family court over an alleged scheme to flog DDoS kits online.…

David and Goliath…but with AI agents

Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey's internal AI platform and gained full read and write access to the chatbot in just two hours.…

And they abused a Mandiant-developed open source tool in the attacks

ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself.…