News

Infostealers posing as popular cheat tools are cropping up on GitHub

Trojanized Minecraft cheat tools hosted on GitHub have secretly installed stealers that siphon credentials, crypto wallets, and other sensitive data when executed by players.…

New MCP server was shut down for nearly two weeks

Asana has fixed a bug in its Model Context Protocol (MCP) server that could have allowed users to view other organizations' data, and the experimental feature is back up and running after nearly two weeks of downtime to fix the issue.…

Version 13 can’t come soon enough

Veeam Backup & Replication users are urged to apply the latest patches that fix another critical bug leading to remote code execution (RCE) on backup servers.…

If a credential is worth protecting, it's worth protecting well.

Sponsored feature  What do flossing and multi-factor authentication (MFA) have in common? Each is highly beneficial, yet far too few people do them consistently. MFA helps protect organizations from credential-based attacks, but according to the Cyber Readiness Institute, only 35% of businesses globally bother with it.…

Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI

Interview  Iran's state-sponsored cyber operatives and hacktivists have all increased their activities since the military conflict with Israel erupted last week – but not necessarily in the way that Amazon chief information security officer CJ Moses expected.…

Quick reminder: The law that banned the app is called ‘Protecting Americans from Foreign Adversary Controlled Applications Act’

The Trump administration is set to again waive the 2024 law that requires the made-in-China social network TikTok to either sell its US operations to a local company or stop operating on US soil.…

Plus adds a ton more security capabilities for cloud customers at re:Inforce

Amazon Web Services hit a major multi-factor authentication milestone, achieving 100 percent MFA enforcement for root users across all types of AWS accounts.…

Hardcoded passwords and path traversals keeping bug hunters in work

Security researchers have issued a warning about a pre-authentication exploit chain affecting a CMS used by some of the biggest companies in the world.…

Now AI agents have identity, too. Here's how to handle it

Partner content  The rise of agentic AI systems is rewriting the rules of cybersecurity. Unlike generative AI, which relies on predefined instructions or prompts, AI agents operate autonomously, learn continuously, and act with minimal oversight. They collaborate across systems and adapt to dynamic environments. As enterprises scale their AI deployments, identity security must evolve in lockstep to preserve control, mitigate risk, and enforce trust.…

Penalty follows year-long probe into flaws that allowed attack to affect so many

The UK's data watchdog is fining beleaguered DNA testing outfit 23andMe £2.31 million ($3.13 million) over its 2023 mega breach.…

Google threat analysts warn the team behind the Marks & Spencer break-in has moved on

Cyber-crime crew Scattered Spider has infected US insurance companies following a series of ransomware attacks against American and British retailers, according to Google, which urged this sector to be on "high alert."…

The group has previously threatened to SWAT cancer patients and leaked pre-op plastic surgery photos

An extortion gang claims to have breached Freedman HealthCare, a data and analytics firm whose customers include state agencies, health providers, and insurance companies, and is threatening to dump tens of thousands of sensitive files early Tuesday morning.…

Flights still flying - just don't count on the app or website working smoothly

Canadian airline WestJet is warning of "intermittent interruptions or errors" on its app and website as it investigates a cybersecurity incident.…

Marketplace as big as Silk Road had more than 600k users and turnover of 'at least' €250M

Operation Deep Sentinel is the latest international law enforcement collaboration against cybercrime, shutting down Archetyp – one of the largest dark web drug marketplaces.…

6-in-10 success rate for single-step tasks

A new benchmark developed by academics shows that LLM-based AI agents perform below par on standard CRM tests and fail to understand the need for customer confidentiality.…

But lose your code and it's gone for good

Updated  Windows 11 users in the European Economic Area will shortly receive a new Recall Export feature, allowing Recall snapshots to be shared with third-party apps and websites.…

Student 'believed he could finish' software dev 'project alone and therefore that the rules did not apply to him'

A former GCHQ intern was jailed for seven-and-a-half years for stealing top-secret files during a year-long placement at the British intelligence agency.…

Getting employees on board can do more than prevent breaches; it can send profitability soaring

Sponsored Post  Here's a sobering reality: 95% of data breaches involve human error. So, why do most organizations still throw technology at a fundamentally human problem? It's like trying to fix a leaky roof by buying better buckets.…

PLUS: APNIC completes re-org; India cuts costs for chipmakers; Infosys tax probe ends; and more

Asia In Brief  Australia’s Federal Police (AFP) last week announced charges against four suspects for alleged participation in a money-laundering scheme that involved a security company’s armored cash transport unit.…

PLUS: Discord invite links may not be safe; Miscreants find new way to hide malicious JavaScript; and more!

Infosec In Brief  A pair of Congressional Democrats have demanded a review of the Common Vulnerabilities and Exposures (CVE) program amid uncertainties about continued US government funding for the scheme.…