Fix didn't quite do the job – attackers spotted logging in Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO)...

Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts...

This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware.

Direct debits? Maybe February. Birth certificates? Dream on. Council tax bills? Oh, those are coming Hammersmith & Fulham Council says payments are now being processed as usual, two months after a...

As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development

Much owed to the few, but takeup is under 1% More than 15,000 former members of the UK's armed forces have successfully applied for a digital version of their veterans ID card since its launch in...

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to...

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack...

Teach a crook to phish… Criminals can more easily pull off social engineering scams and other forms of identity fraud thanks to custom voice-phishing kits being sold on dark web forums and...

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of...

Ianis Antropenko, a Russian national living in California, admitted to committing ransomware attacks against at least 50 victims. He faces up to 25 years in jail. The post Leader of ransomware...

Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted...

Logging in, not breaking in Unknown attackers are abusing Microsoft SharePoint file-sharing services to target multiple energy-sector organizations, harvest user credentials, take over corporate...

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

The case dates to May 2022, when the court launched a probe into the alleged spying on devices belonging to Prime Minister Pedro Sánchez and Defence Minister Margarita Robles.

Das grösste Privatradio der Schweiz wurde am Dienstag gehackt. Betroffen sind Gewinnerinnen und Gewinner von Konzerttickets.

The alleged risks of being publicly identified have not stopped DHS and ICE employees from creating profiles on LinkedIn, even as Kristi Noem threatens to treat revealing agents' identities as a crime.

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not...

Admins say attackers are still getting in despite recent patches FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who've figured out how to sidestep SSO...

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a...

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not...

TCC Bypass vulnerability (CVE-2025-15523) has been found in Inkscape application for MacOS.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS..The vulnerabilities...

Key Findings: Introduction Check Point Research (CPR) identified an ongoing phishing campaign that we associate with KONNI, a North Korean–linked threat actor active since at least 2014. KONNI is...

Security vendors have been leaving deliberately insecure training applications on the public Internet, and attackers have been taking advantage of them to breach their cloud environments. What’s...

Going into this week’s World Economic Forum in Davos, Switzerland, the White House’s top science and technology adviser, Michael Kratsios, signaled some chilly conversations with European leaders...

Regulators logged over 400 personal data breach notifications a day for first time since law came into force GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe's...

The White House Office of Management and Budget (OMB) is preparing to release new federal cybersecurity and IT policy updates that could significantly reshape how agencies defend networks and...

Mind the cyber gap – similar flaws highlighted multiple years in a row Concerned about the orgs that safeguard your money? The UK's annual cybersecurity review for 2025 suggests you should be....

Democrats on the House Homeland Security Committee pressed the Cybersecurity and Infrastructure Security Agency’s acting director on workforce reductions and internal developments Wednesday as...