Movatterモバイル変換

The more you share online, the more you open yourself to social engineering

Exclusive Attackers using social engineering to exploit business processes, rather than tunnelling in via tech

Group-IB says crims forking out for Dark LLMs, deepfakes, and more at subscription prices

Sloppy implementation of Google spec leaves 'hundreds of millions' of devices vulnerable

And it's 'not unique to AWS,' researcher tellsThe Reg

New crooks on the block get crafty with blockchain to evade defenses

The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group

AuraInspector automates the most common abuses and generates fixes for customers

Happy Groundhog Day!

Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls

Study finds built-in browsers across gadgets often ship years out of date

Misconfigured servers are in, 0-days out

More than 8 million people have installed extensions that eavesdrop on chatbot interactions

Infosec In Brief PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more

Flare warns devs are unwittingly publishing production-level secrets

Interview Have we learned nothing from sci-fi films and TV shows?

Infosec in Brief PLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more!

Who needs JavaScript?

Finish reading this, then patch

Infosec In Brief PLUS: Exercise app tells spies to stop mapping; GitLab scan reveals 17,000 secrets; Leak exposes Iran’s Charming Kitten; And more!

ReliaQuest finds fresh crop of phishing domains and toxic tickets

Hashtag-do-whatever-I-tell-you

Poisoned PNGs contain malicious code

Researchers tried to get ChatGPT to do evil, but it didn't do a good job

Two-day exploit opened up 3.5 billion users to myriad potential harms

Researchers say attacks are laying the groundwork for stealthy espionage activity

Readiness metrics have flatlined since 2023, with most sectors slipping backward as teams fumble crisis drills

Norwegian testers claim maker has remote access, while UK importer says supplier complies with the law

Updated Encryption protects content, not context

'Precision espionage campaign' began months before the flaw was fixed

Even AI has doubts about the claim that '80% of ransomware attacks are AI-driven'

Service will tell on compromised organizations, even if they didn't plan on doing so themselves

PhantomRaven slipped over a hundred credential-stealing packages into npm

NeuralTrust shows how agentic browser can interpret bogus links as trusted user commands

Feature Security pros explore whether infection-spoofing code can immunize Windows systems against attack

Vibe coding may have played a role in what took researchers months to fix

Forescout's phony water plant fooled TwoNet into claiming a fake cyber victory – then it quietly shut up shop

Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy

Not to be confused with all the other reports of Chinese intruders on US networks that came to light this week

Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses

Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'

AI attacks on the rise

Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk

Google and ETH Zurich found problems with AMD/SK Hynix combo, will probe other hardware

Tech evolved from PoC to global campaign in under two months

Although it hasn't been seen in the wild yet

Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit

AMD Zen hardware and Intel Coffee Lake affected

'We do believe that this was likely the creation of a cybercrime group,' threat hunter tellsThe Reg

‘Universities are being used to proxy offensive government operations, turning research access decisions political’

Trust and believe – AI models trained to see 'legal' doc as super legit

Updated The controls were left wide open on Pudu's robots

Harvard researchers find model guardrails tailor query responses to user's inferred politics and other affiliations

Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon

Vendor insists passkeys are the future, but getting workers on board is proving difficult

'Many dozens' targeted in ongoing campaign, CheckPoint researcher tellsThe Reg

ClickFix tricks

Updated Researcher claims extension didn't start out by exfiltrating info... while dev says its actions are 'compliant'

Updated One fetcher bot seen smacking a website with 39,000 requests per minute

High accuracy scores come from conditions that don't reflect real-world usage

UPdated Sni5Gect research crew targets sweet spot during device / network handshake pause

Researchers had to notify over 100 vendors of flaw that builds on 2023's Rapid Reset with neat twist past usual mitigations

Sysadmins, your job is safe

DEF CON In misinformation, Russia might be the top dog but the Chinese are coming warns former NSA boss

Black hat Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed

Black Hat Hello loophole could let a rogue admin, or a pwned one, inject new facial scans

black hat Psst, wanna steal someone's biometrics?

Some pinpointed software nasties but were suspicious of printer drivers too

Criminals used undocumented techniques and well-placed insiders to remotely withdraw money

Russia spying on foreign embassies? Say it ain't so

US court docs reveal that infamous Chinese snoops filed IP papers like tax returns

New malware, even better social engineering chops

Plus, 60% don't have enough analysts to make sense of it

updated Malicious code lurking in over 5,000 downloads, says Socket researcher

Some coyotes hunt squirrels, this one hunts users' financial apps

Computer scientist Peter Gutmann tells The Reg why it's 'bollocks'

Updated Someone's OVERSTEPing the mark

Rowhammer returns for more memory-meddling fun

No, really, those are the magic words

updated These extensions weren't malware-laced from the start, researcher says

Get your creds in order or risk BEC, ransomware attacks, orgs warned

Crims have cottoned on to a new way to lead you astray

Experts say they don't expect the MOVEit menace to do much about it

A bottomless appetite for tracking people as 'objects'

To stop AI scam callers, break automatic speech recognition systems

Some trace back to an outfit under US export controls for alleged PLA links

The 16 other flagged issues are on customers, says CRM giant

The open-source XDR/SIEM provider’s servers are in other botnets’ crosshairs too

Majority of exposures located in the US, including datacenters, healthcare facilities, factories, and more

SentinelOne discovered the campaign when they tried to hit the security vendor's own servers

OpenAI boots accounts linked to 10 malicious campaigns

Someone went to great lengths to prey on the next generation of cybercrooks

Researchers have come up with a fix for a path traversal bug first spotted in 2010

Zuckercorp and Yandex used localhost loophole to tie browser data to app users, say boffins

No formal attribution made but two separate probes hint at the same suspect

If it ain't broke?

Nothing like insecure code in security suites

Updated ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit

RSAC Rapid7 threat hunter wrote a PoC. No, he's not releasing it

Go ahead, please do Bash static analysis