News

Discovery is getting cheaper. Validation and patching aren’t

What good is finding a hole if you can't fix it? Anthropic last week talked up Claude Code's improved ability to find software vulnerabilities and propose patches. But security researchers say that's not enough.…

SolarWinds + file transfer software = what attackers' dreams are made of

If you run SolarWinds’ Serv-U, you should patch promptly. Four critical vulnerabilities in the file transfer software can allow attackers to execute code as root.…

New ransomware of choice, same critical targets

North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters.…

When a one-line fix triggers thousands of PRs, something's off

A Go library maintainer has urged developers to turn off GitHub's Dependabot, arguing that false positives from the dependency-scanning tool "reduce security by causing alert fatigue."…

Social media giant retorts it doesn't want to collect 'private' data, and plans to appeal

The UK's data protection regulator has fined social media giant Reddit £14.47 million ($19.5 million) over its use of children's data.…

Public prosecutor mulls sentencing following investigations into two separate attacks

Two South Korean teenagers were this week charged with breaching Seoul's public bike service, Ttareungyi.…

Visa applications down, executives emigrating, and AI blamed for the rest

The number of international workers applying for a visa to work in the UK's tech sector dropped 11 percent between Q2 and Q3 2025, and was down 6 percent year-on-year, according to consultancy RSM UK.…

We like our surface-to-air weapons affordable

Britain has joined a handful of European allies in a program to develop low-cost air defense systems, including autonomous drones or missiles, with project delivery of the first elements scheduled for as early as 2027.…

Not the first of its kind

ai-pocalypse  Anthropic sent the infosec community into a tizzy on Friday when it rolled out Claude Code Security, a new feature that scans codebases for vulnerabilities and suggests patches to fix the issues.…

Watchdogs warn models that can generate realistic images of people must comply with data protection laws

A global coalition of privacy watchdogs has fired a warning shot at the generative AI industry, saying companies churning out realistic synthetic images can't pretend that data protection rules don't apply.…

Goal is to run software locally and stream only to owners' computers

If the sour taste has still not left your mouth after Ring's Super Bowl ad, there is a $10,000 prize for anyone who can find a security flaw in the company's cameras.…

Quartet accused of attacking public institutions, claiming the government was responsible for 2024 tragedy

Spanish police say four self-proclaimed members of Anonymous are in custody after allegedly carrying out several cyberattacks on public authorities in the wake of the 2024 DANA floods.…

Off-the-shelf tools helped Russian-speaking cybercrime group run riot

Cybercriminals armed with off-the-shelf generative AI tools compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, according to a new incident report from AWS.…

The only good password is no password at all

Passwords turn 65 this year. They became a feature of computer users' lives in 1961, with MIT's Compatible Time-Sharing System (CTSS). Before then, sysops were real sysops. All jobs went through them, one at a time, and access by others was forbidden by laws written on blocks of stone.…

PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more

Infosec In Brief  An unknown attacker accessed the French government’s database listing every bank account in the country and made off with 1.2 million records.…

Confidential complainant details passed to local politician following debate

A UK councillor has dubbed her local authority's data breach "crazy" after the personal details of individuals behind a series of complaints were revealed to her.…

About 100 customers affected

PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw unauthorized transactions on their accounts.…

4K unintended installs in very odd supply chain attack

Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers' machines without their knowledge. …

What happens in Vegas…

Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.…

Polish arrest leads to extradition and federal prison sentence

Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment.…