International law enforcement operation led by Europol targets network of teenagers and young adults involved in ransomware attacks, extortion and other crimes
A new report claims that the cost of insider security incidents has surged 20% in two years, reaching an average of US $19.5 million per organization annually, with no sign that the alarming figure is flattening. Read more in my article on the Fortra blog.
New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts
2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities
Datadog report reveals two-fifths of services are affected by exploitable bugs
The UK’s Information Commissioner's Office is about to ditch single-leader model for CEO and board in a major shake-up
There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog.
UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation
The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation
When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear the blogger's name. In this episode, we unravel how a website designed to preserve history may have trashed its own credibility - and how Wikipedia responded when trust went out the window. Plus a ransomware gang shoots itself in the foot with a classic case of buffoonery, accidentally corrupting the very keys victims would need to decrypt their data. When even the criminals can’t unlock your files, what happens next? All this, a surprisingly zen Pick of the Week, and a gloriously splenetic rant against web forms, on episode 456 of the award-winning "Smashing Security" podcast, with cybersecurity veteran Graham Cluley and special guest Paul Ducklin.
IBM's 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws
Malicious NuGet package mimicking Stripe's library targeted developers
A former general manager of a US defense contractor has been sentenced after selling zero days to Russia
The UK’s ICO has fined Reddit over £14m for failing to use children’s personal information lawfully
Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon's servers. Read more in my article on the Hot for Security blog.
DTEX claims insider incidents cost $19.5m in 2025, with employee negligence most expensive
Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks
ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes
Anthropic accused DeepSeek, Moonshot and MiniMax of illicitly using Claude to steal some of the AI model’s capabilities