News
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
A now-patched, high-severity bug in Fortinet's FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher privileges from another user, execute code and possibly take over the box, and delete log files.…
Cybercriminal devoid of boundaries gets 10-year prison sentence
A rampant cybercrook and repeat attacker of medical facilities in the US is being sentenced to a decade in prison, around seven years after the first of his many crimes.…
Kids' shoemaker Start-Rite trips over security again, spilling customer card info
Children's shoemaker Start-Rite is dealing with a nasty "security incident" involving customer payment card details, its second significant lapse during the past eight years.…
NatWest blocks bevy of apps in clampdown on unmonitorable comms
The full list of messaging apps officially blocked by Brit banking and insurance giant NatWest Group is more extensive than WhatsApp, Meta's Messenger, and Skype – as first reported.…
Asda security chief replaced, retailer sheds jobs during Walmart tech divorce
The head of tech security at Asda, the UK's third-largest food retailer, has left amid an ongoing tech divorce from US grocery giant Walmart.…
Five Eyes infosec agencies list 2024's most exploited software flaws
The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have become more common.…
Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'
The US government has confirmed there was "a broad and significant cyber espionage campaign" conducted by China-linked snoops against "multiple" American telecommunications providers' networks.…
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue
Bitdefender has released a free decryption tool that can unlock data encrypted by the ShrinkLocker ransomware.…
Data broker amasses 100M+ records on people – then someone snatches, sells it
What's claimed to be more than 183 million records of people's contact details and employment info has been stolen or otherwise obtained from a data broker and put up for sale by a miscreant.…
Ransomware fiends boast they've stolen 1.4TB from US pharmacy network
American Associated Pharmacies (AAP) is the latest US healthcare organization to have had its data stolen and encrypted by cyber-crooks, it is feared.…
Microsoft slips Task Manager and processor count fixes into Patch Tuesday
Microsoft has resolved two issues vexing Windows 11 24H2 and Windows Server 2025 users among the many security updates that emerged on Patch Tuesday.…
Admins can give thanks this November for dollops of Microsoft patches
Patch Tuesday Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more.…
China's Volt Typhoon crew and its botnet surge back with a vengeance
China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.…
Air National Guardsman gets 15 years after splashing classified docs on Discord
A former Air National Guard member who stole classified American military secrets, and showed them to his gaming buddies on Discord, has been sentenced to 15 years in prison.…
Here's what we know about the suspected Snowflake data extortionists
Two men allegedly compromised what's believed to be multiple organizations' Snowflake-hosted cloud environments, stole sensitive data within, and extorted at least $2.5 million from at least three victims.…
'Cybersecurity issue' at Food Lion parent blamed for US grocery mayhem
Retail giant Ahold Delhaize, which owns Food Lion and Stop & Shop, among others, is confirming outages at several of its US grocery stores are being caused by an ongoing "cybersecurity issue."…
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code
Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code execution (RCE) vulnerability in Citrix's Virtual Apps and Desktops.…
Managing third-party risks in complex IT environments
Webinar With increasing reliance on contractors, partners, and vendors, managing third-party access to systems and data is a complex security challenge.…
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.…
FBI issues warning as crooks ramp up emergency data request scams
Cybercrooks abusing emergency data requests in the US isn't new, but the FBI says it's becoming a more pronounced issue as the year draws to a close.…