Crims claim to know which customers are marked 'vulnerable' British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files.…

Project cites fears of state access as cloud sovereignty row deepens French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the...

In a new paper, “Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning LLM prompts into poetry resulted in jailbreaking the...

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When...

Poland arrests Russian hacker accused of espionage, FBI warns of banking scams in run up to holidays, and OpenAI alerts users to data breach.

Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news

Citizen Lab senior fellow Cynthia Khoo speaks with Resh Budhu, host of the Courage My Friends podcast, about the problems with Canada’s ‘national sprint’ on artificial intelligence. She notes,...

The Citizen Lab’s Gabrielle Lim, Noura Aljizawi, Shaila Baran, and Nicola Lawford recently published an article in Internet Policy Review on the methodology of digital rights governance research....

Training outfit scrambles to fix all-male lineup before December kickoff Cybersecurity training provider TryHackMe is scrambling to recruit women infosec pros to help with its Christmas challenge...

A 44-year-old man was sentenced to seven years and four months in prison for operating an "evil twin" WiFi network to steal the data of unsuspecting travelers at various airports across Australia. [...]

Microsoft warned users that Windows 11 updates released since August may cause the password sign-in option to disappear from the lock screen options, even though the button remains functional. [...]

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. [...]

Operation Hanoi Thief: Threat Actor targets Vietnamese IT professionals and recruitment teams. Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings...

Operation Hanoi Thief: Threat Actor targets Vietnamese IT professionals and recruitment teams. Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings...

Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule The Office for Budget Responsibility (OBR) has drafted in former National Cyber Security Centre (NCSC)...

OBR says the scheme will cost £600M a year with no identified savings The UK government has finally put a £1.8 billion price tag on its digital ID plans – days after the minister responsible...

The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. [...]

It turns out all the guardrails in the world won’t protect a chatbot from meter and rhyme.

Want to take a peek at your fellow cybersecurity practitioners’ thoughts on topics such as exposure response, patch management, and security tool sprawl? In case you missed them, we’re revisiting...

Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.

Talk about buyer’s remorse South Korean web giant Naver has had an interesting week, after it acquired a cryptocurrency exchange that the next day revealed it had suffered a serious cyberattack.…

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October...

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security...

ReliaQuest finds fresh crop of phishing domains and toxic tickets Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and...

How OAuth tokens, JWT fields and Entra sign-in logs reveal attacker behavior, and how to turn those signals into reliable detections.

ChatGPT maker places other vendors under review following breach OpenAI says API users may be affected by a recent breach at its former data analytics provider, Mixpanel.…

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting...

Remote Code Execution vulnerability (CVE-2025-12140) has been found in Wirtualna Uczelnia software.

Authorized shell command injection vulnerability (CVE-2025-8890) has been found in SDMC NE6037 routers.

Agency flags hijacks of insecure studio-to-transmitter gear after attackers pipe in fake alerts and vulgar audio Malicious intruders have hijacked US radio gear to turn emergency broadcast tones...