News

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password

The Python Software Foundation warned users of a new string of phishing attacks using a phony Python Package Index (PyPI) website and asking victims to verify their account or face suspension, and advised anyone who did provide their credentials to change their password "immediately."…

Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'

Unknown intruders – likely China-linked spies – have broken into "numerous" enterprise networks since March and deployed backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days, according to Google Threat Intelligence.…

After air passenger travel hit across the Atlantic, organized crime agency strikes

Breaking  The UK's National Crime Agency has arrested a man as part of an investigation into a ransomware attack that disrupted airports around the world last weekend.…

Attackers hit jackpot after targeting Boyd Gaming

Hotel and casino operator Boyd Gaming has disclosed a cyberattack to US regulators, warning that hackers may have stolen personal information belonging to employees and other individuals.…

Labour accused of sneaking in plans it denied before the general election

Seven campaign groups have written to UK prime minister Keir Starmer urging him to scrap plans for a mandatory digital identity system – a project that is expected to be announced imminently, as part an effort to tackle unauthorized migration.…

Covid-style financial support? Nothing to confirm yet, say MPs

The chair of the UK's business and trade committee says the situation at Jaguar Land Rover is likely to get "harder and harder over the next week or two," but stopped short of confirming that the government might intervene with financial support.…

AI attacks on the rise

A survey of cybersecurity bosses has shown that 62 percent reported attacks on their staff using AI over the last year, either by the use of prompt injection attacks or faking out their systems using phony audio or video generated by AI.…

Security vendor's no good, very bad week year

SonicWall on Monday released a firmware update that the security vendor says will remove rootkit malware deployed in recent attacks targeting Secure Mobile Access (SMA) 100 appliances.…

Or maybe 3 strikes, you're out?

SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could allow a remote, unauthenticated attacker to run commands on a host machine. …

Rapid7 warns flaw could let any app peek at your SMS, but smartphone vendor won't pick up

Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to read SMS and MMS data — a flaw that has persisted since late 2021.…

Secret Service seizes 300-server network allegedly tied to nation-state hackers

The US Secret Service has dismantled a network of SIM farms in and around New York City it claims was behind multiple incidents targeting senior government officials and had enough power to disrupt entire cellular networks.…

Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk

Kaspersky has raised the alarm over the resurgence of hotel-hacking outfit "RevengeHotels," which it claims is now using artificial intelligence to supercharge its scams.…

Foundations say billions of downloads rely on registries running on fumes – and someone's gotta pay the bills

The Open Source Security Foundation (OpenSSF) has had enough of being the unpaid janitor of the world's software supply chain.…

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.…

President to announce details on Big Red’s storage and security deal for Chinese social media phenomenon later this week

The White House has promised that all US user data on TikTok will be stored on Oracle servers in the United States, according to a deal to be announced later this week.…

With no idea when engines restart, families gear down on spending ahead of Christmas

Jaguar Land Rover is extending the shutdown of its production plants another week in a move that experts say could cost the business in the multiple billions.…

Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer

Suspected Iranian government-backed online attackers have expanded their European cyber ops with fake job portals and new malware targeting organizations in the defense, manufacturing, telecommunications, and aviation sectors.…

Reeves points finger at Moscow in interview when authorities reckon it's local lads

UK chancellor Rachel Reeves is blaming Moscow for Britain's latest cyber woes, an attribution that seems about as solid as wet cardboard given the trail of evidence pointing to attackers much closer to home.…

Names, emails unplugged in DCS support snafu – but 'billing is safe'

An electric vehicle charging point provider is telling users that their data may be compromised, following a recent security "incident" at a service provider.…

Not old enough to drink, old enough to be accused of causing millions in damage

A teen surrendered to Las Vegas police and was booked on suspicion of breaking into multiple Las Vegas casino networks in 2023, as part of a series of hacks attributed to Scattered Spider.…