News

Not the first of its kind

ai-pocalypse  Anthropic sent the infosec community into a tizzy on Friday when it rolled out Claude Code Security, a new feature that scans codebases for vulnerabilities and suggests patches to fix the issues.…

Watchdogs warn models that can generate realistic images of people must comply with data protection laws

A global coalition of privacy watchdogs has fired a warning shot at the generative AI industry, saying companies churning out realistic synthetic images can't pretend that data protection rules don't apply.…

Goal is to run software locally and stream only to owners' computers

If the sour taste has still not left your mouth after Ring's Super Bowl ad, there is a $10,000 prize for anyone who can find a security flaw in the company's cameras.…

Quartet accused of attacking public institutions, claiming the government was responsible for 2024 tragedy

Spanish police say four self-proclaimed members of Anonymous are in custody after allegedly carrying out several cyberattacks on public authorities in the wake of the 2024 DANA floods.…

Off-the-shelf tools helped Russian-speaking cybercrime group run riot

Cybercriminals armed with off-the-shelf generative AI tools compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, according to a new incident report from AWS.…

The only good password is no password at all

Passwords turn 65 this year. They became a feature of computer users' lives in 1961, with MIT's Compatible Time-Sharing System (CTSS). Before then, sysops were real sysops. All jobs went through them, one at a time, and access by others was forbidden by laws written on blocks of stone.…

PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more

Infosec In Brief  An unknown attacker accessed the French government’s database listing every bank account in the country and made off with 1.2 million records.…

Confidential complainant details passed to local politician following debate

A UK councillor has dubbed her local authority's data breach "crazy" after the personal details of individuals behind a series of complaints were revealed to her.…

About 100 customers affected

PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw unauthorized transactions on their accounts.…

4K unintended installs in very odd supply chain attack

Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers' machines without their knowledge. …

What happens in Vegas…

Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.…

Polish arrest leads to extradition and federal prison sentence

Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment.…

Attempt to go 'Made in EU' offers big tech escapees a reality check where lower cloud bills come with higher effort

Building a startup entirely on European infrastructure sounds like a nice sovereignty flex right up until you actually try it and realize the real price gets paid in time, tinkering, and slowly unlearning a decade of GitHub muscle memory.…

Hardcoded credential flaw in RecoverPoint already abused in espionage campaign

Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024.…

Feds say trio conspired to siphon processor and cryptography IP, allegedly routing some data overseas

Two former Google engineers and a third alleged accomplice are facing federal charges after prosecutors accused them of swiping sensitive chip and security technology secrets and then trying to cover their tracks when the scheme began to unravel.…

Appeals judge says yes in latest battle of ICO against a breached retail giant

The UK's data protection watchdog has scored a small win in a lengthy legal battle against a British retail group that lost millions of data records during a 2017 breach.…

Skill at buzzword bingo also required as company seeks innovative and disruptive visionary

The CEO of code review platform provider Snyk has announced he will stand down so the company can find someone better-equipped to steer the company into the age of AI.…

MIT CSAIL's 2025 AI Agent Index puts opaque automated systems under the microscope

AI agents are becoming more common and more capable, without consensus or standards on how they should behave, say academic researchers.…

$300 a month buys you a backdoor that looks like legit software

Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools.…

FBI warns these cyber-physical attacks are on the rise

Thieves stole more than $20 million from compromised ATMs last year using a malware-assisted technique that the FBI says is on the uptick across the United States.…