Flux RSS

Over one in five winners of IT-Harvest’s 2026 Cyber 150 are AI security companies

Billing services provider TriZetto Provider Solutions has begun notifying millions of patients about a data breach

Derrick Van Yeboah admitted he stole over $10m in romance scams as part of crime gang

In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA - one of the world's most prolific phishing-as-a-service platforms - has been dismantled. Read more in my article on the Hot for Security blog.

A bank, an airport, a non-profit and the Israeli branch of a US software company were among the targets of this new MuddyWater campaign

Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances

Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast

Critical flaw "ContextCrush" in Context7 MCP Server could allow malicious instructions into AI tools

Exploit kit "Coruna" targets iPhones running iOS 13.0 to 17.2.1, focusing on financial data theft

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

Two of the 48 Cisco vulnerabilities, affecting Secure Firewall Management Center, are maximum-severity flaws

A global operation has resulted in the takedown of popular cybercrime forum LeakBase

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker... who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling zero-day exploits to a Russia-linked broker. Plus: are nation states quietly poisoning AI models to bend reality itself? We explore how “foreign information manipulation interference” could target not just social media users, but the large language models we increasingly trust for answers — and what that might mean for truth, trust, and the future of online influence. All this, and much more, in episode 457 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Carl Miller.

A coalition of seven Western nations has launched guidelines to help integrate security-by-design principles into future 6G standards

Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA

Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict

Malware campaign uses Ukrainian email service for credibility, deploying "BadPaw" to execute attacks

The OpenID Foundation warns that fragmented policies on posthumous digital accounts could open the door for fraudsters to exploit AI deepfakes

Espionage campaign exploits Israel-Iran conflict, distributing a trojanized Red Alert app via SMS

South Korea's National Tax Service (NTS) has found itself in the middle of a deeply embarrassing - and costly - blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet. Read more in my article on the Hot for Security blog.