News

Officials teased more details to come later this year

Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.…

TL;DR: Move along, still nothing to see here - an idea that leaves infosec pros aghast

Oracle's letter to customers about an intrusion into part of its public cloud empire - while insisting Oracle Cloud Infrastructure was untouched - has sparked a mix of ridicule and outrage in the infosec community.…

Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories

The Trump administration on Wednesday ordered a criminal investigation into alleged censorship conducted by the USA’s Cybersecurity and Infrastructure Security Agency, aka CISA, plus revocation of any security clearances held by the agency's ex-head Chris Krebs and anyone else at SentinelOne, the cybersecurity company where he now works.…

Can't Redmond ask its whizz-bang Copilot AI to fix it?

Those keen to get their Microsoft PCs patched up as soon as possible have been getting an unpleasant shock when they try to get in using Windows Hello.…

It worked for in 2018 with Chris Krebs. Will it work again?

Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, has been "actively hiding information" about American telecommunications networks' weak security for years, according to Senator Ron Wyden.…

OCC mum on who broke into email, but Treasury fingered China in similar hack months ago

A US banking regulator fears sensitive financial oversight data was stolen from its IT systems in what's been described as "a major information security incident."…

Chocolate Factory doubles down on enterprise security at Cloud Next

Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.…

Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec

A now-former pharmacist at the University of Maryland Medical Center (UMMC) has been accused of compromising the US healthcare organization's IT systems to ogle female clinicians using webcams at their workplace and at their homes.…

A novel way to encourage upgrades? Microsoft would never stoop so low

Patch Tuesday  Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix.…

What a MIME field

A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment - and, to be fair, it doesn't take much craft to pull that off.…

Despite arrests, eight-legged menace targeted more victims this year

Despite several arrests last year, Scattered Spider's social engineering attacks are continuing into 2025 as the cybercrime collective targets high-profile organizations and adds another phishing kit to its arsenal along with a new version of Spectre RAT malware.…

Will 'gutting' the civilian defense agency make American cybersecurity great again?

Analysis  Slashing staff at the US govt's Cybersecurity and Infrastructure Security Agency, aka CISA, and scrapping vital programs, isn’t exactly boosting national security, say infosec and national security officials watching America’s digital defenses unravel in real time.…

Reliability, honesty, accuracy. And then there's this lot

Oracle has briefed some customers about a successful intrusion into its public cloud, as well as the theft of their data, after previously denying it had been compromised.…

But this mystery isn't over yet, Unit 42 opines

That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than previously suspected.…

Crummy OPSEC leads to potentially decades in prison

Noah Michael Urban, 20, of alleged Scattered Spider infamy, has pleaded guilty to various charges and potentially faces decades in prison.…

After 23 years, the privacy plumber has finally arrived to clean up this mess

A 23-year-old side-channel attack for spying on people's web browsing histories will get shut down in the forthcoming Chrome 136, released last Thursday to the Chrome beta channel.…

Last month's secret hearing comes to light

Details of Apple's appeal against the UK's so-called "backdoor order" will now play out in public after the Home Office failed in its bid to keep them secret on national security grounds.…

Native tools help, but they don’t cover everything - here’s what they miss and how to close the gaps

Partner Content  : AWS provides a number of security services, such as GuardDuty, Inspector, Config, and Security Hub, designed to protect your cloud environment.…

PLUS: Qualcomm acquires Vietnamese AI outfit; China claims US hacked winter games; India's browser challenge winner disputed; and more

Asia In Brief  Asian nations and tech companies are trying to come to terms with the USA’s new universal import tariffs and additional “reciprocal tariffs”.…

PLUS: Google re-patches Quick Share flaws; Critical Cisco flaw exploited; WordPress plugin trouble; and more

Infosec in Brief  How did journalist Jeffrey Goldberg’s phone number end up in a Signal group chat? According to The Guardian, US national security adviser Mike Waltz accidentally saved it into the contact file of a campaign staffer who later took a job at the US National Security Council official.…