Flux RSS

Third-party resellers and brokers foil transparency efforts and allow spyware to spread despite government restrictions, a study finds.

A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin - signing his extortion emails from a company called "Loot." Meanwhile, two people drive up to the entrance of the UK's nuclear submarine base at Faslane and politely ask if they can have a look around. Tourists? Spies? Something in between? All this and more in episode 460 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Jenny Radcliffe.

Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key

The National Crime Agency has warned construction firms about surging invoice fraud

While US government sits out this year, EU officials are on the ground in San Francisco leading the conversations on today's top cybersecurity challenges.

Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts

Publicly accusing an entity of a cyberattack could have negative consequences that organizations should consider before taking the plunge.

Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials

A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles.

Ten finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year. Geordie AI wins the 2026 contest.

For the first time, SANS Institute's five top attack techniques all have one thing in common — AI.

Organizations disclose attack details, though information may be limited, following a breach, but what if they did the same with close calls?

The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list”

Attacks by artificial intelligence agents are a reality. Experts at Nvidia's GTC conference say defenders need to use the same tools to fight them off.

Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group

Four former NSA chiefs representing a near-complete history of US Cyber Command debate the role of offensive cyber in the government at RSAC.

Expel has warned of malicious Chrome extensions stealing users’ AI conversations

A man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times. Read more in my article on the Hot for Security blog.

UK police trumpet success of Operation Henhouse as they seize and freeze over £27m in suspected fraud proceeds

Iran-aligned groups are trying to make their mark in the Gulf, but the results have fallen short of remarkable.