Tag: cyber
-
NCSC heralds end of passwords for consumers and pushes secure passkeys
UK National Cyber Security Centre is urging consumers to replace passwords and two-factor authentication with passkeys, following a technical study that shows they are more secure and easier to use First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642156/NCSC-heralds-end-of-passwords-for-consumers-and-pushes-secure-passkeys
-
Why Cisco Is Eyeing Buy of Non-Human Identity Startup Astrix
Deal Would Help Cisco Expand Footprint Beyond Authentication, ITDR and ISPM Cisco’s cyber M&A dry spell could soon come to an end, with the company reportedly in talks to acquire New York-based non-human identity startup Astrix Security for between $250 million and $350 million. That would represent at least a 25% premium to the startup’s…
-
Interview: Critical local infrastructure is missing link in UK cyber resilience
Jonathan Lee, director of cyber strategy at Trend AI, argues for more focus on local and municipal cyber resilience First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641946/Interview-Critical-local-infrastructure-is-missing-link-in-cyber-resilience
-
UK to build ‘national cyber shield’ to protect against AI cyber threats
Security minister Dan Jarvis calls for artificial intelligence companies to work with government to develop AI-driven cyber defences First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641790/UK-to-build-national-cyber-shield-to-protect-against-AI-cyber-threats
-
UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
UK unveils £90m cybersecurity funding at CYBERUK to boost SME resilience, promote Cyber Essentials and a new Cyber Resilience Pledge, sparking industry debate First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-pledges-90m-for-cybersecurity/
-
5 zentrale Schwachstellen gefährden die IT-Sicherheitslage im Mittelstand
Ransomware, Phishing, gestohlene Zugangsdaten: Cyberangriffe verursachen im Mittelstand regelmäßig spürbaren wirtschaftlichen Schaden. Der aktuelle ‘Cyber-Risikocheck für den Mittelstand” von Trufflepig IT-Forensics, dem spezialisierten Cybersecurity-Partner für den gehobenen Mittelstand und den öffentlichen Sektor im DACH-Raum, zeigt auf Basis von 273 realen Angriffssimulationen (Penetrationstests) in mittelständischen DACH-Unternehmen, wo sich Angreifern die vielversprechendsten Einfallstore bieten. Besonders relevant für…
-
NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks
The UK’s cybersecurity agency said the devices will be available for purchase by organizations around the world First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-silentglass-a-plugin-stop/
-
The Time Is Now to Prepare for CRA Enforcement
Tags: cyber, cybersecurity, Hardware, international, law, network, resilience, software, supply-chain<div cla When the EU Cyber Resilience Act (CRA) was introduced into law in 2024, it represented one of the most significant regulatory shifts we’ve seen anywhere in the world with implications for how organizations build, ship, and maintain software. It establishes cybersecurity requirements for hardware and software products sold within the European Union or…
-
China’s cyber capabilities now equal to the US, warns Dutch intelligence
Dutch intelligence says the threat from Beijing is now largely going unmet and is so sophisticated its operations are regularly missed by intelligence agencies and cybersecurity defenders. First seen on therecord.media Jump to article: therecord.media/china-cyber-capabilities-match-us-dutch-intel-says
-
UK Pledges £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
UK unveils £90m cybersecurity funding at CYBERUK to boost SME resilience, promote Cyber Essentials and a new Cyber Resilience Pledge, sparking industry debate First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-pledges-90m-for-cybersecurity/
-
UK cyber agency handling four major incidents a week as nation-state attacks surge
Britain’s cybersecurity chief warned Tuesday that the country is handling four nationally significant cyber incidents every week, with the majority now traced back to hostile foreign governments rather than criminal hackers. First seen on therecord.media Jump to article: therecord.media/UK-cyberattacks-ncsc-china
-
New Defense Department cyber strategy imminent, official says
The U.S. Defense Department is crafting a new cyber strategy that will better align with the Trump administration’s plans to more aggressively combat digital adversaries, a senior official told the House Armed Services Committee. First seen on therecord.media Jump to article: therecord.media/defense-cyber-strategy-warfare
-
Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities
Mozilla has released Firefox 150 to patch 41 security vulnerabilities, including multiple high-severity flaws that could lead to remote code execution. Users should immediately update their browsers to protect against these critical memory corruption and use-after-free bugs. Critical Vulnerability Details The most dangerous flaws include use-after-free vulnerabilities in the DOM (CVE-2026-6746) and WebRTC (CVE-2026-6747) components.…
-
Malicious Google Ads Hit Crypto Users With Wallet Drainers
Malicious Google Ads are increasingly being used to steal cryptocurrency by draining wallets and harvesting seed phrases from unsuspecting users searching for legitimate DeFi apps and wallet services. Recent campaigns tracked by SEAL show a sustained, technically advanced operation that actively evades Google’s automated defenses while directly targeting both retail users and crypto organizations. In…
-
109 Fake GitHub Repos Spread SmartLoader, StealC Malware
A coordinated malware operation is abusing fake GitHub repositories to distribute a LuaJIT-based loader, SmartLoader, and a follow-on StealC infostealer, with at least 109 malicious repos active across 103 accounts. The campaign blends cloned open source code, obfuscated Lua stages, and blockchain-backed C2 resolution to evade detection and keep infrastructure agile. Instead of relying on…
-
Researchers Uncover SIM Farm-as-a-Service Operation Spanning 87 Panels in 17 Nations
Infrastructure intelligence firm Infrawatch has exposed a globally distributed SIM Farm-as-a-Service ecosystem powered by a single Belarus-based software platform called ProxySmart, identifying 87 exposed control panels across 17 countries and at least 94 physical phone-farm locations. A SIM farm is a physical rack of smartphones or 4G/5G USB modems, each loaded with active SIM cards…
-
French Fintech Accounts Used to Launder Stolen Funds Before Detection
Cybercriminals are turning French freelancer fintech accounts into high-speed money laundering channels, moving stolen funds within minutes often before banks or victims realise anything is wrong. Fintech platforms like Revolut, Wise and N26 allow fast, remote account opening, light-touch digital KYC, and access to SEPA instant transfers, invoicing, cards, and sometimes crypto all packaged for…
-
Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks
A critical vulnerability, tracked as CVE-2026-22752, has been disclosed in Spring Security Authorization Server, affecting organizations running Dynamic Client Registration endpoints. The flaw allows attackers to inject malicious client metadata, potentially leading to Stored Cross-Site Scripting (XSS), Privilege Escalation, and Server-Side Request Forgery (SSRF) attacks. The vulnerability was responsibly reported by security researcher Kelvin Mbogo and officially disclosed…
-
Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks
Atlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as CVE-2026-21571, was published as part of Atlassian’s April 21, 2026, Security Bulletin, the company’s monthly disclosure of patched vulnerabilities across…
-
Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks
Atlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as CVE-2026-21571, was published as part of Atlassian’s April 21, 2026, Security Bulletin, the company’s monthly disclosure of patched vulnerabilities across…
-
Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang
A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/former-ransomware-negotiator/
-
Lotus Wiper Hits Energy Sector in Destructive Cyberattack
Hackers have deployed a new destructive malware, dubbed Lotus Wiper , in a targeted cyberattack against energy and utilities organizations in Venezuela, aiming not to extort money but to destroy data and disrupt operations permanently. Artifacts from the Lotus Wiper attack chain were uploaded to a public malware-sharing resource in mid-December 2025 from a machine in Venezuela,…
-
CyberSmart Partners with Renaissance to Deliver Complete Cyber Confidence for SMEs
Irish reseller Renaissance has announced a strategic partnership with CyberSmart, a UK-based cybersecurity provider focused on delivering continuous protection, compliance, and cyber risk management for small and medium-sized enterprises (SMEs). This collaboration brings CyberSmart’s cybersecurity solutions to a wider market, spanning real-time threat detection, vulnerability management, compliance assurance, and cybersecurity awareness training. Designed for simplicity…
-
Microsoft warns of fake IT worker identities infiltrating cloud environments
Microsoft is warning that North Korea”‘aligned group Jasper Sleet is abusing remote hiring to slip fake IT workers into cloud environments by posing as legitimate staff and then abusing trusted access. Since the pandemic, many companies hire globally, verify identities online, and onboard staff fully remotely. Jasper Sleet, tracked by Microsoft as a North Korean…
-
Anthropic bets on EPSS for the coming bug surge
Tags: ai, cisco, ciso, cloud, crowdstrike, cve, cvss, cyber, data, exploit, flaw, government, Hardware, healthcare, infrastructure, network, update, vulnerabilitySecurity leaders weigh promise versus reality: Security vendors are increasingly incorporating EPSS scores into their systems.According to Roytman, EPSS has been incorporated into more than 120 security vendors’ products, including CrowdStrike, Cisco, Palo Alto Networks, Qualys, and Tenable platforms.”I do not think other CISOs realize how broadly EPSS has been adopted, but that adoption is…
-
March 2026 Cyber Threat Landscape Fueled by Ransomware, Breaches, and Access Markets
Tags: access, attack, breach, cyber, cybersecurity, data, data-breach, intelligence, ransomware, threatThe 2026 threat landscape continued to intensify in March, with ransomware attacks, expanding data breach activity, and a growing underground market for compromised access shaping the global cybersecurity environment. According to analysis from CRIL (Cyble Research & Intelligence Labs), organizations worldwide faced a highly active and coordinated threat ecosystem throughout the month. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/march-2026-threat-landscape/
-
Auraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via Open C2 Panel
A fully exposed command-and-control (C2) panel for a previously undocumented remote access trojan (RAT) framework dubbed Auraboros, supporting live audio streaming, intensive keylogging, browser credential theft, and multi-cookie hijacking all accessible over the internet with zero authentication. Further inspection revealed “Auraboros C2 Station,” a polished single-page dashboard that immediately loads victim data and live controls without…
-
Anthropic investigates report of rogue access to hack-enabling Mythos AI
‘Handful’ of people allegedly gain unauthorised access to model adept at detecting cybersecurity vulnerabilities<ul><li><a href=”https://www.theguardian.com/business/live/2026/apr/22/uk-inflation-increase-fuel-prices-oil-falls-trump-ceasefire-extended-business-live-news-updates”>Business live latest updates</li></ul>The AI developer Anthropic has confirmed it is investigating a report that unauthorised users have gained access to its Mythos model, which it has warned <a href=”https://www.theguardian.com/technology/2026/apr/08/anthropic-ai-cybersecurity-software”>poses risks to cybersecurity.The US startup made the statement after Bloomberg reported…
-
DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
DinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker”‘controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tooling gives threat actors a flexible way to deploy fileless or low”‘footprint malware into enterprise environments. Instead of shipping a conventional compiled…