News

Global recruitment giant says 71% of human firewalls saw wages stagnate last year as threats and responsibilities grew

Cybersecurity professionals were the most overlooked workers in IT when it came to pay rises in 2025, according to new figures from recruiter Harvey Nash.…

Security giant says attackers grabbed 'limited set' of data. Crooks claim 10 million records

A home security biz getting digitally burgled is not a great look - but that's exactly where ADT finds itself. The company has confirmed a cyber intrusion following an extortion attempt by the ShinyHunters crew, which claims to have made off with more than 10 million records.…

Keep the patches away for as long as you like

Microsoft has devised a solution to the problem of Windows Updates that break customer devices – users are now able to pause them for as long as they like.…

UK’s data watchdog confirms its boss has been off the job since February while an HR investigation runs

The UK's data watchdog is without its chief after John Edwards stepped aside from the Information Commissioner's Office while an independent workplace investigation examines unspecified HR matters.…

AI vuln-hunter finds what humans taught it to find. Funny that

Opinion  In retrospect, calling it Mythos made it a hostage to fortune. Anthropic may have hoped that the name implied its AI code security model had mythical god-like powers, but there's an alternate reading. Another definition for Mythos is a set of beliefs of obscure origin which are incompatible with reality.…

Join us for this week's Kettle as we dive into GCN and the latest not-so-alarming revelations about Mythos

KETTLE  If you needed further evidence that AI comes first in pretty much everything nowadays, look no further than this year's Google Cloud Next show, which happened last week.…

Cal.com considers AGPL a license to drill, but not everyone feels that way

Opinion  Cal.com has closed its commercial codebase, abandoning years of AGPL-3.0 licensing in a move that has alarmed the developer community that helped build it and sent ripples through the broader open source world.…

Coming in cold with custom Snow malware

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its data-stealing attacks, according to Google's Threat Intelligence Group.…

Silicon often from US, but the kit from APAC and elsewhere

America's telco regulator has clarified its ban on foreign-made routers also includes mobile hotspots and domestic routers that use a 5G cellular connection to the internet.…

Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records

Carnival Corporation, the world's largest cruise company, is dealing with choppy waters after Have I Been Pwned flagged what it claimed were 7.5 million unique email addresses all allegedly tied to one of its subsidiaries. …

Latest in long-running pwning of Cisco kit found in mystery Fed agency

A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency's name.…

One way to deal with bug hunting LLMs: ditch the old drivers

One tactic to deal with LLM-powered vulnerability detection is simple – just speed up the removal of old code. If it's gone, it no longer matters if it's buggy.…

Chipzilla hopes agents, robots, and edge devices make CPUs cool again... now it has to build the chips

Intel is betting on AI to reverse its fortunes, wagering that inference and agentic workloads will restore the CPU to the center of compute - even as its chip manufacturing struggles persist.…

Ailing scaling blamed by Windows-maker for unreadable missives

Microsoft's update to harden Remote Desktop against phishing attacks has arrived. When users open a Remote Desktop (.rdp) file, they should now see a warning listing all requested connection settings - or they would if it was displaying correctly.…

OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs

Black Hat Asia  Open source models can find bugs as effectively as Anthropic's Mythos, according to Ari Herbert-Voss, CEO of AI-powered security startup RunSybil and OpenAI's first security hire.…

Missed flights and more means something has got to give at the border

Greece is taking a flexible approach to introducing the European Union's biometric Entry/Exit System (EES), after some British passport holders missed flights home following the system's implementation on 10 April.…

Nothing says 'We want honest opinions' like a 36,000-letter mailshot with no awkward questions allowed

Members of the UK government’s People’s Panel on Digital ID will spend two weekends in Birmingham and three evenings on Zoom discussing how Britain should build a national digital identity system, earning £550 plus expenses for their trouble.…

FAST16 could be the first cyberweapon, and its effects could be with us today

Black Hat Asia  Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics simulation software and therefore represents an attempt at sabotage, and suggests it was created years before the Stuxnet worm that aimed to destroy Iran’s uranium enrichment centrifuges.…

Demonstrated in China, probably applicable elsewhere

Black Hat Asia  Developers of rented internet of things infrastructure – stuff like public EV chargers and shared e-bikes – are prioritizing user convenience over security, and leaving themselves exposed to wide-scale denial of service attacks on their services.…

Legit-looking website, camera-on interviews, jokes about backdoors ... it worked

EXCLUSIVE  It all started with a LinkedIn message, as so many employment scams do these days.…