News

Forescout's phony water plant fooled TwoNet into claiming a fake cyber victory – then it quietly shut up shop

Security researchers say they duped pro-Russia cybercriminals into targeting a fake critical infrastructure organization, which the crew later claimed - via their Telegram group - to be a real-world attack.…

Crooks phish campus staff, slip into HR systems, and quietly reroute paychecks

Microsoft's Threat Intelligence team has sounded the alarm over a new financially-motivated cybercrime spree that is raiding US university payroll systems.…

US and French fuzz pull the plug on Scattered Lapsus$ Hunters' latest leak shop targeting Salesforce

US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office.…

Prospect apologizes for cyber gaffe affecting up to 160K members

UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities.…

Just 250 malicious training documents can poison a 13B parameter model - that's 0.00016% of a whole dataset

Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on. …

Affects users regardless of when their backups were created

SonicWall has admitted that all customers who used its cloud backup service to store firewall configuration files were affected by a cybersecurity incident first disclosed in mid-September, walking back earlier assurances that only a small fraction of users were impacted.…

CRM giant 'will not engage, negotiate with, or pay' the scumbags

Salesforce won't pay a ransom demand to criminals who claim to have stolen nearly 1 billion customer records and are threatening to leak the data if the CRM giant doesn't pony up some cash.…

Berlin's opposition likely kills off Brussels' bid to scan everyone's messages

Germany has committed to oppose the EU's controversial "Chat Control" regulations following huge pressure from multiple activists and major organizations.…

Microsoft Copilot, not so much

Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission.…

No fraud monitoring and no apology after miscreants make off with medical, financial data

Florida-based Doctors Imaging Group has admitted that the sensitive medical and financial data of 171,862 patients was stolen during the course of a November 2024 cyberattack.…

Florida comms outfit serving cops, firefighters, and the military says hackers pinched some employee data but insists its systems stayed online

BK Technologies, the Florida-based maker of mission-critical radios for US police, fire, and defense customers, has confessed to a cyber intrusion that briefly rattled its IT systems last month.…

It also banned some suspected Russian accounts trying to create influence campaigns and malware

OpenAI has banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts.…

Space sensors and UAVs at sea top MoD's list in new wave of cutting-edge projects

The UK is pressing ahead with cutting-edge defense projects, the latest including research to protect satellites from laser attack and a technology demonstrator for a jet-powered drone to operate from Royal Navy carriers.…

Department eyes new app to tap national ANPR data for live alerts, searches, and integrations

The UK's Home Office is inviting tech suppliers to take part in a £60 million "market engagement" for an application that uses data from automated number plate recognition (ANPR) systems.…

How recycled passwords and poor security habits are fueling a cybercrime gold rush

Partner Content  If you're still using "password123" for more than one account, there's a good chance you've already exposed yourself to credential stuffing attacks — one of the most prevalent and damaging forms of automated cybercrime today. Just ask the 6.9 million users of 23andMe who discovered their personal details were compromised when cybercriminals used recycled credentials from other breaches to infiltrate their accounts.…

Crime group claims to have already doled out $1K to those in it 'for money and for the love of the game'

Scattered Lapsus$ Hunters has launched an unusual crowdsourced extortion scheme, offering $10 in Bitcoin to anyone willing to help pressure their alleged victims into paying ransoms.…

Ransomware crooks utterly fail to find moral compass

First they targeted a preschool network, now new kids on the ransomware block Radiant Group say they've hit a hospital in the US, continuing their deplorable early cybercrime careers.…

Outsourcing your helpdesk always seems like a good idea – until someone else's breach becomes your problem

Discord has confirmed customers' data was stolen – but says the culprit wasn't its own servers, just a compromised support vendor.…

No confirmed date but workers expected to return in the coming days

Jaguar Land Rover is readying staff to resume manufacturing in the coming days, a company spokesperson confirmed to The Reg.…

Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion

Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that criminal crew Clop has already abused for data theft and extortion.…