Cams statistically more likely to ID Black people, says new research A UK police force has suspended its deployment of live facial recognition (LFR) technology after a study revealed it was statistically more likely to identify Black people on a watchlist database.…
Millions of hijacked devices powered traffic floods targeting defense systems and beyond The US government has moved to disrupt a cluster of IoT botnets behind some of the largest DDoS attacks ever recorded, including traffic bursts topping 30 terabits per second.…
Lack of clear criteria risks encouraging firms to lean on state support instead of worrying about insurance The UK's cyber watchdog has warned that the government's £1.5 billion bailout of Jaguar Land Rover (JLR) risks setting a troubling precedent for how Britain handles major cyber crises.…
404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It’s metadata—payment information related to a particular account—but still important knowledge. This sort of thing happens, even to privacy-centric companies like Proton Mail.
A ransomware gang that claims to be a group of "investigative journalists"? Meet LeakNet - the group using fake CAPTCHA pages to trick employees into hacking themselves. Read more in my article on the Fortra blog.
Audit trails aplenty, but no price tag – and no clue how long your data sticks around Opinion Last week's UK government consultation on its plans for digital identity had quite a few things missing. It did not include a price estimate - something it said was due to decisions yet to be taken on the scheme's scope - or how long the government would keep "audit trail" records of ID checks.…
He would have gotten away with it too, if it weren't for a meddling security team's fear of USB On Call Each Friday The Register offers a fresh installment of On Call, the reader-contributed column that celebrates the fine art of tech support.…
Last time: Beijing-backed snoops and ransomware crims. Who's next? Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims' SharePoint servers, the US government warned.…
Chocolate Factory describes concession as an attempt to balance openess with safety It turns out you won't be limited to Google-verified apps and developers on Android after all. In the face of sustained community dissatisfaction with its developer verification requirement, Google has given Android users an out.…
Iran-linked attackers wiped employees' devices using Intune The US government has urged companies to better secure Microsoft Intune, an endpoint management tool that was abused in last week's cyberattack against med-tech firm Stryker.…
Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that.
In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie could have this happen to you, can you be sure you're immune? Plus: would you donate your lifetime medical history to science if you were promised anonymity? We unpack serious concerns around UK Biobank, where “de-identified” data may not be as anonymous as you think — and how surprisingly little information it takes to reveal everything. And! Human-powered “AI”, and a punishment worse than prison: eight hours on the RSA expo floor... All this, and much more, in episode 459 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Paul Ducklin.
Where are you? What are you working on? Why are you doing that? Identity access and management platform Okta announced the general availability of its Okta for AI Agents, which will give customers the ability to do three things: locate agents, see what they’re doing, and shut them down if need be.…
Darksword is the second iOS exploit chain in a month A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by "multiple" spyware vendors and suspected nation-state goons, security researchers said on Wednesday.…
Interlock's post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.…
Researchers map full org chart of the scam from dodgy recruiters to helpful Western collaborators Researchers at IBM X‑Force and Flare Research have uncovered data that sheds light on how North Korea's fake IT worker schemes operate and infiltrate companies in order to funnel money back to the regime and steal sensitive information.…
No 1 Space Operations Squadron will get a persistent stare capability The Ministry of Defence (MoD) plans to spend £17.5 million on a remotely-operated satellite monitoring facility in Cyprus, partly to protect the UK's secure communications system Skynet.…
Surprising no one, Meta’s new AI glasses are a privacy disaster. I’m not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby.
Even without a navy, or air power, 'They'll still have the ability to hack' Businesses should expect that Iran will conduct more aggressive cyber-ops as the war escalates, according to security analysts.…
Big Tech donates $12.5 million to get things rolling Half a dozen Big Tech players have together delivered $12.5 million in grants towards a project that aims to help maintainers of open source projects to cope with AI slop bug reports.…