News

MIT CSAIL's 2025 AI Agent Index puts opaque automated systems under the microscope

AI agents are becoming more common and more capable, without consensus or standards on how they should behave, say academic researchers.…

$300 a month buys you a backdoor that looks like legit software

Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools.…

FBI warns these cyber-physical attacks are on the rise

Thieves stole more than $20 million from compromised ATMs last year using a malware-assisted technique that the FBI says is on the uptick across the United States.…

The real deal or another research project overblown?

Cybersecurity researchers say they've spotted the first Android malware strain that uses generative AI to improve performance once installed. But it may be only a proof of concept.…

Emails show all discussed networking and biz interests with the sex offender throughout the 2010s

Cybersecurity conference DEF CON has added three men named in the Epstein files to its list of banned individuals. They are not accused of any criminal wrongdoing.…

'Why not 12?' says lawyer

The UK is bracketing "intimate images shared without a victim's consent" along with terror and child sexual abuse material, and demanding that online platforms remove them within two days.…

You told me not to write it on a Post-it...

Bork!Bork!Bork!  Today's bork is entirely human-generated and will send a shiver down the spine of security pros. No matter how secure a system is, a user's ability to undo an administrator's best efforts should not be underestimated.…

Dell, however, is welcome to help build a local-language LLM

Poland’s Ministry of Defence has banned Chinese cars – and any others include tech to record position, images, or sound – from entering protected military facilities.…

'Potential data protection incident' at an 'independent licensing partner,' we're told

Adidas has confirmed it is investigating a third-party breach at one of its partner companies after digital thieves claimed they stole information and technical data from the German sportswear giant.…

Latest in a rash of grab-and-leak data incidents

CarGurus allegedly suffered a data breach with 1.7 million corporate records stolen, according to a notorious cybercrime crew that posted the online vehicle marketplace on its leak site on Wednesday.…

'First time we have detected a crime using this method,' cops say

Spanish police arrested a hacker who allegedly manipulated a hotel booking website, allowing him to pay one cent for luxury hotel stays. He also raided the mini-bars and didn't settle some of those tabs, police say.…

State disputes the company's claim that its routers are made in Vietnam

TP-Link is facing legal action from the state of Texas for allegedly misleading consumers with "Made in Vietnam" claims despite China-dominated manufacturing and supply chains, and for marketing its devices as secure despite reported firmware vulnerabilities exploited by Chinese state-sponsored actors.…

National rail bookings and timetables disrupted for nearly 24 hours

If you wanted to book a train trip in Germany recently, you would have been out of luck. The country's national rail company says that its services were disrupted for hours because of a cyberattack.…

Seemingly complex strings are actually highly predictable, crackable within hours

Generative AI tools are surprisingly poor at suggesting strong passwords, experts say.…

Miscreants will need to find another avenue for malware shenanigans

Notepad++ has continued beefing up security with a release the project's author claims makes the "update process robust and effectively unexploitable."…

No worries if the US doesn't want to be friends with Europe anymore

Lockheed Martin's F-35 fighter aircraft can be jailbroken "just like an iPhone," the Netherlands' defense secretary has claimed.…

CEO lauds security researchers, insists they're not 'inputs'

HackerOne has clarified its stance on GenAI after researchers fretted their submissions were being used to train its models.…

Sees little enterprise AI adoption other than coding assistants, buys Koi for what comes next

If enterprises are implementing AI, they’re not showing it to Palo Alto Networks CEO Nikesh Arora, who on Tuesday said business adoption of the tech lags consumer take-up by at least a couple of years – except for coding assistants.…

Full scale of infections remains 'unknown'

China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to backdoor infected machines for long-term access, according to Google's Mandiant incident response team.…

Plus 3 new goon squads targeted critical infrastructure last year

Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew - Volt Typhoon - continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025, according to Dragos' annual threat report published on Tuesday.…