News
Qatar’s $400M jet for Trump is a gold-plated security nightmare
The Trump administration is set to accept a $400 million luxury 747-8 from the royal family of Qatar – a lavish "palace in the sky" meant as a temporary Air Force One. But getting it up to presidential security standards could take years and cost hundreds of millions more.…
Commvault fixes critical Command Center issue after flaw finder alert
An update that fixed a critical flaw in data protection biz Commvault's Command Center was initially not available to a significant user subset – those testing out a free trial version of the product. That is, until a security researcher pointed out the problem.…
'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart
CYBERUK The top brass from the UK's cyber agency say everything is business as usual when it comes to the GCHQ arm's relationship with CISA, amid growing unease about the current administration's treatment of its US equivalent.…
Marks & Spencer admits cybercrooks made off with customer info
Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.…
As US vuln-tracking falters, EU enters with its own security bug database
The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems.…
Türkiye-linked spy crew exploited a messaging app zero-day to snoop on Kurdish army in Iraq
Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began more than a year ago.…
M365 apps on Windows 10 to get security fixes into 2028
Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That's well past a cut-off point of October 14 this year, when Redmond's support for Windows 10 officially ends unless you buy an extended support package.…
CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email
The US government's Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X.…
Why aggregating your asset inventory leads to better security
Partner content For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have critical gaps in their ecosystems that leave them vulnerable to breaches.…
Attackers pwn charter airline helping Trump's deportation campaign
GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure.…
Britain's cyber agents and industry clash over how to tackle shoddy software
CYBERUK Intervention is required to ensure the security market holds vendors to account for shipping insecure wares – imposing costs on those whose failures lead to cyberattacks and having to draft in cleanup crews. The security market must properly incentivize security vendors to do security better.…
Unending ransomware attacks are a symptom, not the sickness
Opinion It's been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due to ransomware attacks taking systems down for prolonged periods.…
DOGE worker's old creds found exposed in infostealer malware dumps
Infosec in brief Good cybersecurity habits don't appear to qualify anyone to work at DOGE, as one Musk minion seemingly fell victim to infostealer malware.…
You think ransomware is bad now? Wait until it infects CPUs
RSAC If Rapid7's Christiaan Beek decided to change careers and become a ransomware criminal, he knows exactly how he'd innovate: CPU ransomware.…
Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants
Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US Department of Justice unsealed indictments against four foreign nationals accused of running a long-running proxy-for-hire network that exploited outdated routers to funnel criminal traffic.…
UK Ministry of Defence is spending less with US biz, and more with Europeans
The UK's Ministry of Defence (MOD) is gradually shifting its spending from the US to Europe, according to research from Tussell.…
VC behemoth Insight Partners fears top-secret financial info swiped by cyber-miscreants
Insight Partners, a mega venture capital firm with more than $90 billion in funds under management, fears network intruders got their hands on internal sensitive data about employees, portfolio companies, investors, and more.…
openSUSE deep sixes Deepin desktop over security stink
SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.…
Sudo-rs make me a sandwich, hold the buffer overflows
Canonical's Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default – part of a push to cut memory-related security bugs and lock down core system components.…
PowerSchool paid thieves to delete stolen student, teacher data. Crooks may have lied
An education tech provider that paid a ransom to prevent the leak of stolen student and teacher data is now watching its school district customers get individually extorted by either the same ransomware crew that hit it – or someone connected to the crooks.…
Pages
