Flux RSS

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

Two of the 48 Cisco vulnerabilities, affecting Secure Firewall Management Center, are maximum-severity flaws

A global operation has resulted in the takedown of popular cybercrime forum LeakBase

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker... who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling zero-day exploits to a Russia-linked broker. Plus: are nation states quietly poisoning AI models to bend reality itself? We explore how “foreign information manipulation interference” could target not just social media users, but the large language models we increasingly trust for answers — and what that might mean for truth, trust, and the future of online influence. All this, and much more, in episode 457 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Carl Miller.

A coalition of seven Western nations has launched guidelines to help integrate security-by-design principles into future 6G standards

Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA

Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict

Malware campaign uses Ukrainian email service for credibility, deploying "BadPaw" to execute attacks

The OpenID Foundation warns that fragmented policies on posthumous digital accounts could open the door for fraudsters to exploit AI deepfakes

Espionage campaign exploits Israel-Iran conflict, distributing a trojanized Red Alert app via SMS

South Korea's National Tax Service (NTS) has found itself in the middle of a deeply embarrassing - and costly - blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet. Read more in my article on the Hot for Security blog.

Cloudflare Threat Report warns that AI tools enable attackers who lacked required skills to generate effective attacks rapidly and at scale

Ariomex database reveals potential sanctions evasion and capital transfers tied to Iranian actors

Seemplicity finds US security leaders work 11 or more extra hours per week

Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS

John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more

Military strikes in the Middle East escalate cyber ops, raising spillover risks globally for firms

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent