This could be the smallest breach DataBreaches has reported recently, and yet we are covering it instead of other, much bigger breaches that will undoubtedly generate lots of headlines. Why?...

Interesting Engineering reports: A newly uncovered flaw in Discord’s age verification rollout has added fresh pressure to the company’s 2026 compliance plans. Security researchers recently found...

Pieter Arntz reports: Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog,...

In thinking about 29 December 2025 cyber-attack on part of the power grid in Poland one issue at once comes out: THEY SHOULD HAVE KNOWN BETTER. The methods and attack vectors have been known since...

Plus: The cybersecurity community grapples with Epstein files revelations, the US State Department plans an online anti-censorship “portal” for the world, and more.

The Netherlands’ General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD) are concerned about the increased threat of Russian hybrid activities in the...

An AI-generated video shows a crowd of young – mostly black – men, wearing balaclavas and padded jackets, slipping down a water slide into a dirty swimming pool with litter bobbing on the surface....

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce...

Following increased surveillance and patrols of routes used by transnational drug-trafficking networks, Mexican authorities have seized approximately 10 tons of cocaine in the past week alone.

Marianne Kolbasuk McGee reports: U.S. federal authorities and industry officials are urging hospitals and clinics to address a critical flaw in BeyondTrust Remote Support and Privileged Remote...

Regular readers of my companion privacy-oriented site, PogoWasRight.org, may recall that the site recently noted The Data Broker Directory: Who has your data, where they got it, and who they sell...

About 100 customers affected PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw...

I like this one. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide...

Jonathan Greig reports: A 45-year-old Romanian national pleaded guilty this week to hacking into computers at Oregon’s Department of Emergency Management in June 2021 and selling the access he...

On June 1, 2025, Roundcube published security advisories to address vulnerabilities.

4K unintended installs in very odd supply chain attack Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly...

Homeland Security aims to combine its face and fingerprint systems into one big biometric platform—after dismantling centralized privacy reviews and key limits on face recognition.

In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous...

Comments and other data left on a PDF detailing Homeland Security's proposal to build “mega” detention and processing centers reveal the personnel involved in its creation.

What happens in Vegas… Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.…

Coordinated Multi-Agent Investigation and Remediation

Authorities arrest hundreds of financial scammers, threat actors target Iran protest supporters, and infostealers exfiltrate OpenClaw secrets.

Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT...

With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many...

A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme. In November...

Over the past two decades, extreme weather events have occurred with increasing frequency, severity, and geographic reach. Globally, the period from roughly 2005 to 2025 has been marked by a...

The Army is incorporating artificial intelligence tools to help write doctrine, the service said Wednesday. The Combined Arms Doctrine Directorate, the Army’s hub for producing foundational...

China’s technological rise has been one of the United States’ biggest preoccupations for nearly a decade, across both Democratic and Republican administrations. In their new book, The Great Heist,...