News

Three boroughs confirm investigation amid service outages, disrupted phone lines, and limited online access

Two London councils are scrambling for answers after declaring a cybersecurity issue that began on Monday.…

Smart cybersecurity investments during Black Friday 2025. The best enterprise security deals with up to 60 percent off

Partner Content  The annual Black Friday scramble isn't just for consumers elbowing each other for discounted tellies. For IT directors and CISOs, it's become a strategic procurement window. That narrow slice of the year when security budgets suddenly stretch further, and solutions that were under consideration can finally get approved.…

'Ah, I see you're ready to escalate. Let's make digital destruction simple and effective.'

Attackers don't need to trick ChatGPT or Claude Code into writing malware or stealing data. There's a whole class of LLMs built especially for the job.…

Acquirers inherit more than staff and systems

Routine mergers and acquisitions are giving extortionists an easy way in, with Akira affiliates reaching parent networks through compromised SonicWall gear inherited in the deal, according to ReliaQuest.…

Hashtag-do-whatever-I-tell-you

Cato Networks says it has discovered a new attack, dubbed "HashJack," that hides malicious prompts after the "#" in legitimate URLs, tricking AI browser assistants into executing them while dodging traditional network and server-side defenses.…

State-backed crews are already poking at autonomous tools, Trend Micro warns

Cybercriminals, including ransomware crews, will lean more heavily on agentic AI next year as attackers automate more of their operations, Trend Micro's researchers believe.…

Uni notifies 1,400-plus Maine residents as zero-day fallout continues

Dartmouth College has confirmed it's the latest victim of Clop's Oracle E-Business Suite (EBS) smash-and-grab.…

Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users

CISA has warned that state-backed snoops and cyber-mercenaries are actively abusing commercial spyware to break into Signal and WhatsApp accounts, hijack devices, and quietly rummage through the phones of what the agency calls "high-value" users.…

Timing of Yantar's visit sparked gossip, but engineers point to a misbehaving protection system

Cock-up beats conspiracy most of the time, but that didn't stop Orkney residents wondering if a Russian warship caused their two-hour power cut.…

Millimeter-wave ISAC and edge AI create unified sensing-communication capabilities for next-generation low-altitude security

Poisoned PNGs contain malicious code

A fresh wave of ClickFix attacks is using fake Windows update screens to trick victims into downloading infostealer malware.…

The hardest part is admitting you were wrong, which AWS did.

Opinion  For years, Google has seemingly indulged a corporate fetish of taking products that are beloved, then killing them. AWS has been on a different kick lately: Killing services that frankly shouldn't have seen the light of day.…

Don't believe everything you read

Afraid of connecting to public Wi-Fi? Terrified to turn your Bluetooth on? You may be falling for "hacklore," tall tales about cybersecurity that distract you from real dangers. Dozens of chief security officers and ex-CISA officials have launched an effort and website to dispel these myths and show you how not to get hacked for real.…

Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs

A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.…

SitusAMC rules out ransomware, but accounting records for major institutions potentially affected

Real estate finance business SitusAMC says thieves sneaked into its systems earlier this month and made off with confidential client data.…

Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days

A self-propagating malware targeting node package managers (npm) is back for a second round, according to Wiz researchers who say that more than 25,000 developers had their secrets compromised within three days.…

Months after China-linked spies burrowed into US networks, regulator tears up its own response

The Federal Communications Commission (FCC) has scrapped a set of telecom cybersecurity rules introduced after the Salt Typhoon espionage campaign, reversing course on measures designed to stop state-backed snoops from slipping back into America's networks.…

Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix

CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix was released.…

Reflections on coaching, collaboration, and the pursuit of excellence in cyber security

Partner Content  From 6th to 10th October 2025, ten exceptional cyber enthusiasts proudly flew the flag for the United Kingdom in the European Cyber Security Challenge (ECSC), held this year in the vibrant setting of Poland.…

The shoemaker’s children have new friends

The International Association for Cryptologic Research will run a second election for new board members and other officers, after it was unable to complete its first poll due to a lost encryption key.…