Spock befriends a giant space squid in the comic Star Trek: Strange New Worlds: The Seeds of Salvation #5. As usual, you can also use this squid post to talk about the security stories in the news...

In an op-ed for the Toronto Star, Jason Stanley and Ron Deibert write that Mark Carney must emphasize the importance of democratic values on the world stage. “Canada is a healthy, pluralistic, and...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation...

If you're serious about encryption, keep control of your encryption keys If you think using Microsoft's BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond...

In 2009, LevelBlue Vice President of Security Research Ziv Mador and Cristian Craioveanu worked at the Microsoft Malware Team and documented a notable code injection vulnerability on certain...

In 2009, LevelBlue Vice President of Security Research Ziv Mador and Cristian Craioveanu worked at the Microsoft Malware Team and documented a notable code injection vulnerability on certain...

Citizen Lab director Ron Deibert spoke with the Walrus about Minister of Artificial Intelligence and Digital Innovation Evan Solomon’s 30-day “national sprint” to inform Canada’s approach to AI...

'A lot more' victims to come, we're told ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and...

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched...

Police arrest Black Basta RaaS affiliates, DPRK actors leverage VS Code to deploy backdoors, and attackers exploit misconfigured cloud apps.

Security chief says criminals are already automating workflows, with full end-to-end tools likely within years CISOs must prepare for "a really different world" where cybercriminals can reliably...

US Customs and Border Protection is paying General Dynamics to create prototype “quantum sensors,” to be used with an AI database to detect fentanyl and other narcotics.

TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok...

The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent...

“The new [U.S.] National Security Strategy does not list Russia as an enemy or a target. Nevertheless, the NATO Secretary General is preparing for war with us. How does that make sense?” Russian...

Europe depends on Chinese and American tech — and worries about the safety of its critical telecom and IT systems. A new cybersecurity proposal focuses on protecting against not only cyberattacks,...

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. "The campaign...

New legislation introduced in the House would block the use of China-controlled apps on federal government devices. That ban, and hoped-for resulting improvements in federal government...

Clothing retailer Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information, but so far there are no signs the hackers stole any...

Nike is the producer of one of the most popular ranges of athletic shoes on the planet, and its motto of “Just do it” has inspired generations. It may also have inspired the World Leaks ransomware...

“This Venezuelan government system has been encrypted and locked. To receive the decryption key, remit the required one billion dollars to the United States Treasury Department and comply with the...

Auditors say the U.S. Department of Health and Human Services should buttress its ability to respond to cyberthreats by standardizing governance and controls across its many divisions – and also...

Microsoft Defender Researchers have uncovered a multi‑stage adversary‑in‑the‑middle (AiTM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy...

U.S. government officials pointed to quantum talent pipeline constraints at a Thursday House hearing as lawmakers mull reauthorization of the National Quantum Initiative. “We are in a workforce...

As arctic cold and snow squalls threaten much of the United States this weekend, managers of electric grids from the Midwest to the East Coast have issued warnings that many homes and businesses...

Recounting the kingpins, espionage efforts, and attack tactics that defined ransomware in 2025

Fix didn't quite do the job – attackers spotted logging in Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO)...

Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts...

This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware.