Flux RSS

CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks

Signal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover accounts - with government officials and journalists among those being targeted. Read more in my article on the Hot for Security blog.

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product. The following versions of Trane Tracer SC, Tracer SC+, and Tracer Concierge are affected: Tracer SC Tracer SC+ Tracer Concierge CVSS Vendor Equipment Vulnerabilities v3 8.1 Trane Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of a Broken or Risky Cryptographic Algorithm, Memory Allocation with Excessive Size Value, Missing Authorization, Use of Hard-coded Credentials, Use of Hard-coded, Security-relevant Constants Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Ireland Vulnerabilities Expand All + CVE-2026-28252 A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. View CVE Details Affected Products Trane Tracer SC, Tracer SC+, and Tracer Concierge Vendor: Trane Product Version: Trane Tracer SC:

The ICO has fined Police Scotland after it shared the entire contents of a victim’s phone with her alleged attacker

The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it - and then brags about it on a recorded Telegram call. Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called "Lick" ends up in the nick. All this, and much more, in episode 458 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.

French small and medium businesses remained the organizations most targeted by ransomware in 2025

Infosecurity Europe 2026 reveals its keynote line-up, featuring Jason Fox, Shlomo Kramer, Cynthia Kaiser and more, with sessions on AI, cloud security and post quantum threats

LeakyLooker flaws in Google Looker Studio let attackers run cross-tenant SQL attacks on cloud data

Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers

BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data

Palo Alto Networks’ Unit 42 has developed a successful attack to bypass safety guardrails in popular generative AI tools

Check Point data shows attack volumes are growing much faster in the UK than worldwide

March Patch Tuesday sees Microsoft release updates for 79 flaws

OpenAI’s latest acquisition addresses a security need Jamieson O’Reilly, security advisor at OpenClaw, raised during an exclusive interview with Infosecurity

Only 24% of organizations test identity disaster recovery plans every 6 months, Quest Software said

Elon Musk's social media site says it suspended 800 million accounts in a year for spam and manipulation - but with state-backed campaigns still flooding the platform, the real question is how many fake accounts remain. Read more in my article on the Hot for Security blog.

Google Cloud report details a sharp rise in attackers exploiting software vulnerabilities, including React2Shell

Ericsson data breach affects 15k employees/customers after third-party service provider compromise

Dutch intelligence reveals Russian state hackers are trying to hijack the Signal and WhatsApp accounts of key targets