Flux RSS

Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS

John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more

Military strikes in the Middle East escalate cyber ops, raising spillover risks globally for firms

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent

Chainalysis reveals a big surge in median ransomware payment size in 2025 despite overall drop in criminal revenue

The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group

The UK government says its new Vulnerability Monitoring Service has cut unresolved security flaws by 75% and reduced cyber-attack fix times from nearly two months to just over a week

International law enforcement operation led by Europol targets network of teenagers and young adults involved in ransomware attacks, extortion and other crimes

A new report claims that the cost of insider security incidents has surged 20% in two years, reaching an average of US $19.5 million per organization annually, with no sign that the alarming figure is flattening. Read more in my article on the Fortra blog.

New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts

2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities

Datadog report reveals two-fifths of services are affected by exploitable bugs

The UK’s Information Commissioner's Office is about to ditch single-leader model for CEO and board in a major shake-up

There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog.

UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation

The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear the blogger's name. In this episode, we unravel how a website designed to preserve history may have trashed its own credibility - and how Wikipedia responded when trust went out the window. Plus a ransomware gang shoots itself in the foot with a classic case of buffoonery, accidentally corrupting the very keys victims would need to decrypt their data. When even the criminals can’t unlock your files, what happens next? All this, a surprisingly zen Pick of the Week, and a gloriously splenetic rant against web forms, on episode 456 of the award-winning "Smashing Security" podcast, with cybersecurity veteran Graham Cluley and special guest Paul Ducklin.

IBM's 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws