Jen Easterly says most breaches stem from bad software, and smarter tech could finally clean it up Ex-CISA head Jen Easterly claims AI could spell the end of the cybersecurity industry, as the...

Phishing kit targeting MS login pages

Microsoft now allows IT administrators to remove pre-installed Microsoft Store apps (also known as in-box apps) using a new app management policy. [...]

Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws: Operating from their base in Jakarta, where permissive export laws have...

The notorious Mem3nt0 mori hacker group has been actively exploiting a zero-day vulnerability in Google Chrome, compromising high-profile targets across Russia and Belarus. Dubbed CVE-2025-2783,...

A database containing information on people who applied for jobs with Democrats in the US House of Representatives was left accessible on the open web.

Attackers are using AI to weaponize old vulnerabilities while security teams face expanding attack surfaces and limited resources. Intruder's 2025 Exposure Management Index reveals how 3,000+...

With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs

The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its...

ChatGPT, Gemini, DeepSeek, and Grok are serving users propaganda from Russian-backed media when asked about the invasion of Ukraine, new research finds.

At Tenable, we believe the next generation of great CISOs and security leaders will arise from those vulnerability management professionals who are driving the shift to exposure management...

The Irish government 's Housing Agency said it had been notified of the "cyber incident" involving engineering firm, Jennings O'Donovan, which assesses defective block grant scheme applications....

The new guidance helps organisations spot weaknesses in their supply chain before criminals do – setting out clear practical steps to check the security of key suppliers and safeguard against...

Allows surveillance and cross-border evidence sharing, which worries human rights groups The United Nations on Saturday staged a signing ceremony for the Convention against Cybercrime, the world’s...

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of...

Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and...

PLUS: Judge spanks NSO; Mozilla requires data use disclosures; TARmageddon meets Rust; And more! Infosec In Brief Former basketball star Shaquille O'Neal is 7'1" (215 cm), and therefore uses car...

Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. [...]

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. [...]

Plus: The Jaguar Land Rover hack sets an expensive new record, OpenAI’s new Atlas browser raises security fears, Starlink cuts off scam compounds, and more.

Committee says Apple, Google, and Samsung could render stolen handsets worthless if compelled to act The UK's Home Secretary should use her powers to push the tech industry to deploy stronger...

The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the...

US border patrol is asking companies to submit plans to turn standard 4x4 trucks into AI-powered watchtowers—combining radar, cameras, and autonomous tracking to extend surveillance on demand.

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available...

Bridge the gap between Platform and Security teams with unified inventory and network visibility across Kubernetes clusters.

There is a new cigar named “El Pulpo The Squid.” Yes, that means “The Octopus The Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t...

A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity,...

Redmond says it's fixed this particular indirect prompt injection vuln updated Microsoft fixed a security hole in Microsoft 365 Copilot that allowed attackers to trick the AI assistant into...

House Oversight Committee Chairman James Comer wants the developer of the controversial dating-safety app TeaOnHer to explain if its privacy and content moderation practices adhere to federal law.