Attackers using social engineering to exploit business processes, rather than tunnelling in via tech Exclusive  When fraudsters go after people's paychecks, "every employee on earth becomes a target," according to Binary Defense security sleuth John Dwyer.…

Operation Cyber Guardian involved 100-plus staff across government and industry Singapore spent almost a year flushing a suspected China-linked espionage crew out of its telecom networks in what officials describe as the country's largest cyber defense operation to date.…

HR outsourcer Conduent confirms intruders accessed benefits-related records tied to US personnel Nearly 17,000 Volvo employees had their personal data exposed after cybercriminals breached Conduent, an outsourcing giant that handles workforce benefits and back-office services.…

So many CVEs, so little time Digital intruders exploited buggy SolarWinds Web Help Desk (WHD) instances in December to break into victims' IT environments, move laterally, and steal high-privilege credentials, according to Microsoft researchers.…

Staff data belonging to the regulator and judiciary's governing body accessed The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days.…

Officials explore issue affecting infrastructure after CERT-EU detected suspicious activity Brussels is digging into a cyber break-in that targeted the European Commission's mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff.…

Attackers may have snapped user locations and activity information, message warns Legacy image-sharing website Flickr suffered a data breach, according to customer emails seen by The Register.…

Contact details were accessed in an intrusion that went undetected for months, the blogging outfit says Newsletter platform Substack has admitted that an intruder swiped user contact details months before the company noticed, forcing it to warn writers and readers that their email addresses and othe...

And their toolkit includes a new, Linux kernel rootkit A state-aligned cyber group in Asia compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, according to security researchers.…

Breach-tracking site flags dataset following impersonation-based intrusion Breach-tracking site Have I Been Pwned (HIBP) claims a cyberattack on Betterment affected roughly 1.4 million users – although the investment company has yet to publicly confirm how many customers were affected by January's...

Right on cue, petulant hacktivists attempt to disrupt yet another global sporting event Italy's foreign minister says the country has already started swatting away cyberattacks from Russia targeting the Milano Cortina Winter Olympics.…

LLMs automated most phases of the attack UPDATED  A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.…

Gang walks away with nothing, victims are left with irreparable hypervisors Cybersecurity experts usually advise victims against paying ransomware crooks, but that advice goes double for those who have been targeted by the Nitrogen group. There's no way to get your data back from them!…

GreyNoise's Glenn Thorpe counts the cost of missed opportunities On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that's a problem.…

DDoSer of 'strategically important' websites admitted to most charges Polish authorities have cuffed a 20-year-old man on suspicion of carrying out DDoS attacks.…

The group targets telecoms, critical infrastructure - all the usual high-value orgs Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructure ...

Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already exploiting Microsoft's latest Office zero-day, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and...

Breach lingered for months before stronger signature checks shut the door A state-sponsored cyber criminal compromised Notepad++'s update service in 2025, according to the project's author.…

Don't be scared of the digital dark – learn how to keep the lights on Opinion  Barely a month into 2026, electrical power infrastructure on two continents has tested positive for cyberattacks. One fell flat as attempts to infiltrate and disrupt the Polish distribution grid were rebuffed and repor...

Parent company Cognizant hit with multiple lawsuits Thousands more Oregonians will soon receive data breach letters in the continued fallout from the TriZetto data breach, in which someone hacked the insurance verification provider and gained access to its healthcare provider customers across multip...

The Chocolate Factory strikes again, targeting the infrastructure attackers use to stay anonymous Crims love to make it look like their traffic is actually coming from legit homes and businesses, and they do so by using residential proxy networks. Now, Google says it has "significantly degraded" wha...

Extortion crew says it's found love in someone else's info as Match Group plays down the impact ShinyHunters has added a fresh notch to its breach belt, claiming it has pinched more than 10 million records from Match Group, a US firm that owns some of the world's most widely used swipe-based dating ...

Close call after an apparently deliberate attempt to starve a country of energy at the worst time Cybersecurity experts involved in the cleanup of the cyberattacks on Poland's power network say the consequences could have been lethal.…

Cybercrime solved. The end Ransomware crims have just lost one of their best business platforms. US law enforcement has seized the notorious RAMP cybercrime forum's dark web and clearnet domains.…

Russians, Chinese spies, run-of-the-mill crims … Come one, come all. Everyone from Russian and Chinese government goons to financially motivated miscreants is exploiting a long-since-patched WinRAR vuln to bring you infostealers and Remote Access Trojans (RATs).…

Plus, the gang says it got in via Microsoft Entra SSO ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang also claims to have stolen data from CarMax and Edmunds, in addition to three other organizations it post...

Reports say Salt Typhoon attackers accessed handsets of senior govt folk Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing private communications at the heart of the UK government.…

Atlassian, RingCentral, ZoomInfo also among tech targets ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to researchers and the criminal group itself.…

US sports brand launches probe after extortion crew WorldLeaks claims it stole huge dataset Nike says it is probing a possible breach after extortion crew WorldLeaks claimed to have lifted 1.4TB of internal data from the sportswear giant and posted samples on its leak site.…

Cyber sleuths believe Sandworm up to its old tricks with a brand-new sabotage toy Russia was probably behind the failed attempts to compromise the systems of Poland's power companies in December, cybersecurity researchers claim.…

'A lot more' victims to come, we're told ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.…

Direct debits? Maybe February. Birth certificates? Dream on. Council tax bills? Oh, those are coming Hammersmith & Fulham Council says payments are now being processed as usual, two months after a cyberattack that affected multiple boroughs in the UK's capital city.…

Teach a crook to phish… Criminals can more easily pull off social engineering scams and other forms of identity fraud thanks to custom voice-phishing kits being sold on dark web forums and messaging platforms.…

Logging in, not breaking in Unknown attackers are abusing Microsoft SharePoint file-sharing services to target multiple energy-sector organizations, harvest user credentials, take over corporate inboxes, and then send hundreds of phishing emails from compromised accounts to contacts inside and outsi...

Admins say attackers are still getting in despite recent patches FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who've figured out how to sidestep SSO protections and grab sensitive settings right out of the box.…

Phishing campaign tries to reel in master passwords updated  Password managers make great targets for attackers because they can hold many of the keys to your kingdom. Now, LastPass has warned customers about phishing emails claiming that action is required ahead of scheduled maintenance and told t...

Have I Been Pwned reckons 72.7M customer accounts affected, sportswear firm remains silent Have I Been Pwned (HIBP) says 72.7 million accounts registered with Under Armour were affected by an alleged ransomware attack in November.…

OG CDN boss says fighting illegal streams is about stopping criminals cashing in, not free speech Interview  When Cloudflare CEO Matthew Prince recently threatened to disrupt the Winter Olympics to protect free speech after Italian authorities fined his company for not disrupting pirate video strea...

Feras Albashiti faces 10 years after $20,000 in sales to undercover agent exposed ransomware ties A Jordanian national faces sentencing in the US after pleading guilty to acting as an initial access broker (IAB) for various cyberattacks.…

They’re not the most sophisticated, but even simple attacks can lead to costly consequences The UK's National Cyber Security Centre (NCSC) is once again warning that pro-Russia hacktivists are a threat to critical services operators.…

Maine filing confirms July attack affected 42,521 employees and job applicants Ingram Micro disclosed that a July 2025 ransomware attack compromised the personal data of tens of thousands of employees.…

Kids return to classrooms after safety infrastructure knocked out A Warwickshire secondary school says it will fully reopen this week after a cyberattack forced a prolonged closure – though staff will return to classrooms with "very limited access" to IT systems.…

Ransomware kingpin who escaped Armenian custody is believed to be lying low back home German cops have added Russian national Oleg Evgenievich Nefekov to their list of most-wanted criminals for his services to ransomware.…

Check Point observes 40K+ attack attempts in 4 hours, with government organizations under fire A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet.…

What's next for Venezuela? Click on the file and see What policy wonk wouldn't want to click on an attachment promising to unveil US plans for Venezuela? Chinese cyberspies used just such a lure to target US government agencies and policy-related organizations in a phishing campaign that began just ...

Redmond says cheap virtual desktops powered a global wave of phishing and fraud Microsoft has taken its cybercrime fight to the UK in its first major civil action outside the US, moving to shut down RedVDS, a virtual desktop service used to power phishing and fraud at global scale.…

Three major GDPR violations, including a lack of basic security controls, lead to hefty dent in profits The French data protection regulator, CNIL, today issued a collective €42 million ($48.9 million) fine to two French telecom companies for GDPR violations stemming from a data breach.…

New crooks on the block get crafty with blockchain to evade defenses Researchers at Group-IB say the DeadLock ransomware operation is using blockchain-based anti-detection methods to evade defenders' attempts to analyze their tradecraft.…

Attack enters second day with major disruption to healthcare provision Two hospitals in Belgium have cancelled surgeries and transferred critical patients to other facilities after shutting down servers following a cyberattack.…