Flux RSS

UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation

The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear the blogger's name. In this episode, we unravel how a website designed to preserve history may have trashed its own credibility - and how Wikipedia responded when trust went out the window. Plus a ransomware gang shoots itself in the foot with a classic case of buffoonery, accidentally corrupting the very keys victims would need to decrypt their data. When even the criminals can’t unlock your files, what happens next? All this, a surprisingly zen Pick of the Week, and a gloriously splenetic rant against web forms, on episode 456 of the award-winning "Smashing Security" podcast, with cybersecurity veteran Graham Cluley and special guest Paul Ducklin.

IBM's 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws

Malicious NuGet package mimicking Stripe's library targeted developers

A former general manager of a US defense contractor has been sentenced after selling zero days to Russia

The UK’s ICO has fined Reddit over £14m for failing to use children’s personal information lawfully

Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon's servers. Read more in my article on the Hot for Security blog.

DTEX claims insider incidents cost $19.5m in 2025, with employee negligence most expensive

Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information

Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks

ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes

Anthropic accused DeepSeek, Moonshot and MiniMax of illicitly using Claude to steal some of the AI model’s capabilities

CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective

Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers

Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure

A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances

Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident

A new FBI Flash alert claims $20m was lost to ATM jackpotting attacks in 2025 alone

University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday