News

Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts

Analysis  It's a familiar refrain in the security industry that there is a massive skills gap in the sector. And while it's true there are specific shortages in certain areas, some industry watchers believe we may be reaching the point of oversupply for generalists.…

Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored

Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a US entity, even with the guarantees in place.…

Officials remain intent on uncovering who was behind it

The Polish Space Agency (POLSA) is currently dealing with a "cybersecurity incident," it confirmed via its X account on Sunday.…

ICO looking at what data is used to serve up recommendations

The UK's data protection watchdog has launched three investigations into certain social media platforms following concerns about the protection of privacy among teenage users.…

Cut off one head and 100 grow back? Decapitation may not be the way to go

Opinion  With Apple pulling the plug on at-rest end-to-end encryption (E2EE) for UK users, and Signal threatening to pull out of Sweden if that government demands E2EE backdoors, it's looking bleak.…

PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more

Infosec In Brief  US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia, as the USA’s Cybersecurity and Infrastructure Security Agency (CISA) has denied any change in its posture.…

Bjarne Stroustrup says standards committee needs to show it can respond to memory safety push

Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory safety shortcomings.…

1 in 3 entries are used to extort civilians, says new paper

Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware attacks.…

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim

Microsoft has named four of the ten people it is suing for allegedly snatching Azure cloud credentials and developing tools to bypass safety guardrails in its generative AI services – ultimately to generate deepfake smut videos of celebrities and others.…

FYI: What NOT to search after committing a crime

The US Army soldier accused of compromising AT&T and bragging about getting his hands on President Trump's call logs allegedly tried to sell stolen information to a foreign intel agent.…

Federal agents, open up ... your browsers and see if you recognize any of these wallets

The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.…

Model was fine-tuned to write vulnerable software – then suggested enslaving humanity

Computer scientists have found that fine-tuning notionally safe large language models to do one thing badly can negatively impact the AI’s output across a range of topics.…

Boffins poked around inside censorship engines for years before Beijing patched hole

Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for years.…

244M purloined passwords added to Have I Been Pwned thanks to govt tip-off

A tip-off from a government agency has resulted in 284 million unique email addresses and plenty of passwords snarfed by credential-stealing malware being added to privacy-breach-notification service Have I Been Pwned (HIBP).…

Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation

Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.…

Starting with Snapdragon 8 Elite and 'droid 15

It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said it'll provide Android software updates, including vulnerability fixes, for its latest chipsets for eight years instead of four.…

Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect

Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.…

Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack

Infosec bytes  Kaspersky says it has found more than 200 GitHub repos hosting fairly convincing-looking fake projects laced with malicious software.…

Plus: New figurehead of DOGE emerges and they aren't called Elon

During confirmation hearings in the US Senate Tuesday for the role of deputy director of the Dept of Homeland Security, the nominee Troy Edgar said CISA has had the wrong management and needed to be "reined in."…

If there's something nasty on your employment record, extortion scum could come calling

DISA Global Solutions, a company that provides drug and alcohol testing, background checks and other employee screening services, this week notified over 3.3 million people that their sensitive information may have been stolen by miscreants.…