The Register
TransUnion admits 4.5M affected after third-party support app breached
Credit scoring and monitoring biz TransUnion says that it recently suffered a breach affecting nearly 4.5 million individuals.…
Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is already being actively exploited in the wild.…
Ransomware crooks knock Swedish municipalities offline for measly sum of $168K
Sweden's municipal governments have been knocked offline after ransomware crooks hit IT supplier Miljödata, reportedly demanding the bargain-basement sum of $168,000.…
Euro banks block billions in rogue PayPal direct debits after fraud glitch
Shoppers and merchants in Germany found themselves dealing with billions of euros in frozen transactions this week, thanks to an apparent failure in PayPal's fraud-detection systems.…
Law firm email blunder exposes Church of England abuse victim details
A London law firm leaked the details of nearly 200 people who requested to receive updates about the redress scheme set up for victims of abuse at the hands of the Church of England (CoE).…
If you thought China's Salt Typhoon was booted off critical networks, think again
China's Salt Typhoon cyberspies continue their years-long hacking campaign targeting critical industries around the world, according to a joint security alert from cyber and law enforcement agencies across 13 countries.…
ChatGPT hates LA Chargers fans
OpenAI's ChatGPT appears to be more likely to refuse to respond to questions posed by fans of the Los Angeles Chargers football team than to followers of other teams.…
Sting nails two front firms in Nork IT worker scam
The US Treasury Department has announced sanctions against two Asian companies and two individuals for allegedly helping North Korean IT workers fake their way into US jobs.…
Crims laud Claude to plant ransomware and fake IT expertise
comment Anthropic, a maker of AI tools, says that AI tools are now commonly used to commit cybercrime and facilitate remote worker fraud.…
Putin on the code: DoD reportedly relies on utility written by Russian dev
A Node.js utility used by thousands of public projects - and more than 30 Department of Defense ones - appears to have a sole maintainer whose online profiles identify him as a Yandex employee living in Russia.…
Nx NPM packages poisoned in AI-assisted supply chain attack
Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday evening.…
The intruder is in the house: Storm-0501 attacked Azure, stole data, demanded payment via Teams
Storm-0501, a financially motivated cybercrime crew, recently broke into a large enterprise's on-premises and cloud environments, ultimately exfiltrating and destroying data within the org's Azure environment. The criminals then contacted the victim via a Microsoft Teams account that they'd also compromised in the attack, demanding a ransom payment for the stolen files.…
Salesforce data missing? It might be due to Salesloft breach, Google says
Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third-party Salesloft Drift app.…
Who are you again? Infosec experiencing 'Identity crisis' amid rising login attacks
Infosec pros are losing confidence in their identity providers' ability to keep attackers out, with Cisco-owned Duo warning that the industry is facing what it calls "an identity crisis."…
BGP’s security problems are notorious. Attempts to fix that are a work in progress
Systems Approach I’ve been working on a chapter about infrastructure security for our network security book.…
Google issued ‘State-backed attack in progress’ warnings after spotting web hijack scheme
Google has warned customers of a suspected state-backed attack after observing a web traffic hijacking campaign.…
First AI-powered ransomware spotted, but it's not active – yet
ESET malware researchers Anton Cherepanov and Peter Strycek have discovered what they describe as the "first known AI-powered ransomware," which they named PromptLock. …
Azure apparatchik shows custom silicon keeping everything locked down
Hot Chips Microsoft is one of the biggest names in cybersecurity, but it has a less-than-stellar track record in the department. Given its reputation, Redmond can't afford to mess around when it comes to securing its cloud customers' data and workloads.…
DOGE accused of duplicating critical Social Security database on unsecured cloud
A Social Security Administration employee has filed a whistleblower complaint alleging that Donald Trump's DOGE cost-cutting unit has put the records of every single American at risk by duplicating an agency database in an unauthorized cloud environment. …
ZipLine attack uses 'Contact Us' forms, White House butler pic to invade sensitive industries
Cybercriminals are targeting critical US manufacturers and supply-chain companies, looking to steal sensitive IP and other data while deploying ransomware. Their attack involves a novel twist on phishing — and a photo of White House butlers. …