News

Vimeo points finger at analytics supplier Anodot, says no logins or card data were touched

More than 119,000 Vimeo users's email addresses were extracted in a breach traced to a third-party analytics vendor, according to Have I Been Pwned.…

Victims losing £280K a day to fake profiles and sob stories

Romance fraudsters scammed Britons out of £102 million ($138 million) last year, according to the latest police figures.…

Healthcare giant's maintainers handed May deadline to enact the change

The UK's National Health Service (NHS) is ordering all of its technology leaders to temporarily wall off the organization's open source projects over concerns relating to advanced AI and Anthropic's Mythos.…

If you can't bother to keep GitHub running, why should we bother with you?

Opinion  It's been another shabby week for Microsoft, and a shabbier one for its users. We learnt that Windows 11's epic habit of trying to corral customers into paid-for Microsoft services just got worse with a low-rent trick. Remote Desktop got a bit more secure, which is good, but in a way that suggests not too much user testing took place. As for GitHub… GitHub got two helpings of Chef Redmondo's Special Sauce.…

Vendors all use different formats. This tech translates them all so you can smooth your SOC

Academics from Singapore and China have found a way to make AI useful for cyber-defenders, by creating a technique that translates rules from diverse Security Information and Event Managements (SIEMs) so they’re easier to consume across multiple systems.…

46% say age checks are easy to bypass, and nearly a third admit getting around them

It’s been months since the UK government began requiring stronger age checks under the Online Safety Act, and recent research suggests those measures are falling short of keeping kids away from harmful content. In some cases, even drawing on a mustache has been reported as enough to fool age detection software.…

'If you don't have visibility, you can't understand what to protect'

When it comes to securing enterprise supply chains, now heavily infused with AI applications and agents, a software bill of materials (SBOM) no longer provides a complete inventory of all the components in the environment. Enter AI-BOMs.…

Even limited voter rolls can be linked to identify people, research shows

Your voter data could be used against you. A foreign intelligence service that wished to identify the family members of deployed military personnel could do so by cross-referencing public voter record data and social media posts.…

Prioritize resilience over productivity, say CISA, NCSC and their friends from Oz, NZ, Canada

Information security agencies from the nations of the Five Eyes security alliance have co-authored guidance on the use of agentic AI that warns the technology will likely misbehave and amplifies organizations’ existing frailties, and therefore recommend slow and careful adoption of the tech.…

Britain's cyber agency says the bill for years of technical shortcuts is coming due, and it's arriving all at once

Britain's cyber agency is warning that AI-fuelled bug hunting is about to flush out years of buried flaws, leaving defenders scrambling to keep up.…

Exploitation was underway before patches landed, at least one victim reports ransomware demand

CISA has added a critical cPanel bug to its known-exploited list, confirming that attackers are already poking holes in one of the internet's most widely used hosting stacks.…

Altman's crew now doing the same gatekeeping it recently mocked

OpenAI is lining up a limited release of its new GPT-5.5-Cyber model to a handpicked circle of "cyber defenders," just weeks after taking a swipe at Anthropic for doing almost exactly the same thing.…

313 Team tells Canonical: pay up or the packets keep coming

Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant.…

Start date pushed back a year, annual cost up a third, and UK's now handing out eight million passports a year

The Home Office has increased the annual value and overall duration of its new passport production contract, increasing it to a total of £576 million as it starts a third round of engagement with suppliers.…

Mini Shai-Hulud caught spreading credential-stealing malware

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package.…

KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start

Give a man a phishing kit and he might get lucky a couple of times; teach an AI to phish and it'll change the landscape, if KnowBe4's latest phishing trends report is accurate.…

One alleged cyber contractor was extradited to the US over the weekend

China's "hacker-for-hire ecosystem has gotten out of control," according to Brett Leatherman, assistant director of the FBI's cyber division.…

This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows

If you use Gemini CLI, watch out: Google has patched a CVSS 10.0 vulnerability in its command-line AI tool and is warning anyone running it in headless mode, or through GitHub Actions, to review their workflows.…

Two computer crime allegations follow up to 18M lines of data surfacing online

French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from France Titres (ANTS), the agency handling secure documents.…

Turns out the real problem is not AI but staff still clicking on dodgy emails from 'IT support'

Nearly half of UK businesses are still getting breached, and in many cases, the attacker's big breakthrough is an employee clicking "sure, why not" on a fake login page.…