Security Cyberattack threatens utterly critical infrastructure in Japan: KFC The Colonel stops taking online orders and may close stores after logistics partner’s systems go down
Security Huntress CEO says threat hunter used 'poor judgment' in alerting ransomware crim about law enforcement probe Ex-employee claims this 'meets the definition of an insider threat'
Security Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs Carmaker points finger at an 'unknown' flaw as customer fallout continues
security Canadian utility fesses up to data breach, but key details remain off-grid London Hydro says names, addresses, account details may have been exposed, but much about the intrusion is unknown
security VRChat says somebody faked a breach notice with the Maine AG's office 'We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed.'
cyber-crime Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files Affected factories back up and running, we're told
AI + ML Google says criminals used AI-built zero-day in planned mass hack spree GTIG says AI-powered hacking has moved well beyond phishing emails and chatbot tricks
Security Hackers ate my homework: Educational SaaS Canvas down after cyberattack ShinyHunters takes the credit and gives developer an F for security
Cyber-crime Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats
Cyber-crime ShinyHunters claims dump puts 119K Vimeo emails in the wild Vimeo points finger at analytics supplier Anodot, says no logins or card data were touched
Security Romance scammers turn sweet talk into £102M payday Victims losing £280K a day to fake profiles and sob stories
Security The never-ending supply chain attacks worm into SAP npm packages, other dev tools Mini Shai-Hulud caught spreading credential-stealing malware
Security FBI cyber boss: China's hacker-for-hire ecosystem 'out of control' One alleged cyber contractor was extradited to the US over the weekend
Cyber-crime French prosecutors link 15-year-old to mega-breach at state’s secure document agency Two computer crime allegations follow up to 18M lines of data surfacing online
Cyber-crime What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Just in time for the Trump-Xi summit
Patches Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack Second try's a charm?
Cyber-crime Don't pay Vect a ransom - your data's likely already wiped out 'Full recovery is impossible for anyone, including the attacker'
Cyber-crime Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump
Cyber-crime Ongoing supply-chain attack 'explicitly targeting' security, dev tools Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump
Cyber-crime Medical and utility tech companies admit digital breakins Itron, Medtronic disclose breaches in Friday filings
Cyber-crime Crime crew impersonates help desk, abuses Microsoft Teams to steal your data Coming in cold with custom Snow malware
Security Dev targeted by sophisticated job scam: 'I let my guard down, and ran the freaking code' Legit-looking website, camera-on interviews, jokes about backdoors ... it worked
Security Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn All the Typhoons, everywhere, all at once
Cyber-crime Another npm supply chain worm is tearing through dev environments Plus, the payload references 'TeamPCP/LiteLLM method'
Security Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide Lawmakers decry CISA cuts: 'We are shooting ourselves in the foot'
Cyber-crime macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up
Cyber-crime AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account CEO suspects silicon sidekick behind 'surprising velocity' breach - cyber crims shop stolen data for $2M
Cyber-crime Crook claims to leak 'video surveillance footage' of companies Mexican IT services firm admits it was hacked, but says client operations weren't affected
Cyber-crime Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Fake emails already doing the rounds as ransomware crew boasts about what it allegedly stole
Cyber-crime Scot becomes second Scattered Spider-linked crook to plead guilty in US Tyler Buchanan admits role in scheme that stole at least $8 million in virtual currency
Cyber-crime North Korea targets macOS users in latest heist Social engineering: 'low-cost, hard to patch, and scales well'
Security French cops free mother and son after 20-hour crypto kidnap ordeal Latest in a string of cases that have earned France an unfortunate title
Patches Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum One was patched almost 14 years ago
Cyber-crime Fake Linux leader using Slack to con devs into giving up their secrets Google Sites lure leads to bogus root certificate
Cyber-crime Booking.com warns reservation data may have checked out with intruders Travel giant says names, contact details, dates, and hotel messages potentially exposed
OSes Adobe finally patches PDF pest after months of abuse Reader and Acrobat flaw let booby-trapped documents profile targets and hijack machines
Cyber-crime Gym giant Basic-Fit confirms data on a million members stolen in cyberattack Names, addresses, dates of birth, and bank details accessed, though not passwords
Cyber-crime Rockstar Games gets a taste of grand theft data ShinyHunters claims it accessed Snowflake metrics via third-party tool
Cyber-crime Crypto? Huh. Good gawd y'all, what is it good for? $45M in this case Cops bust latest scam, return $12m to bilked victims
Cyber-crime 'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree Possible link to Mr. Raccoon's claimed Adobe break-in
Cyber-crime Months-old Adobe Reader zero-day uses PDFs to size up targets Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload
Cyber-crime Zephyr Energy loses £700K in cyber hit that rerouted contractor payment Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash
Security Iran cyber actors disrupting US water, energy facilities, FBI warns Your PLCs aren't internet-connected, right? Right?!
Cyber-crime Hundreds of orgs compromised daily in Microsoft device code phishing attacks Who needs MFA when you've got EvilTokens?
Cyber-crime US cybercrime losses pass $20B for first time as AI boosts online fraud Bots are now firmly in the toolbox, helping crooks scale old scams
Patches Attackers exploited this critical FortiClient EMS bug as a 0-day CISA added the flaw to KEV after Fortinet confirmed exploitation in the wild
Security Researchers didn’t want to glamorize cybercrims. So they roasted them True-crime tales of criminals making fools of themselves
Security They thought they were downloading Claude Code source. They got a nasty dose of malware instead Source code with a side of Vidar stealer and GhostSocks
Cyber-crime AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack First public downstream victim, but won't be the last
Security UK manufacturers under cyber fire with 80% reporting attacks ESET says factory outages, lost revenue, and supply chain disruption are becoming routine
Research Don't open that WhatsApp message, Microsoft warns How to avoid social engineering attacks? Employee training tops the list
Cyber-crime Iran targets M365 accounts with password-spraying attacks Researchers say some targets correlate with cities hit by Iranian missile strikes
Cyber-crime European Commission admits attackers broke into public web systems, but says little else Brussels notifying 'Union entities' whose data may've been snatched in websites breach
Cyber-crime Scammers have virtual smartphones on speed dial for fraud They cleverly mimic most traits of a real phone
RSA 1K+ cloud environments infected following Trivy supply chain attack Crims 'creating a snowball effect' across open source projects
Cyber-crime Russian initial access broker who fed ransomware crews gets 81 months in US prison Aleksei Volkov sentenced after enabling attacks that cost victims millions
RSA Claude attacks were 'Rorschach test' for infosec community, scaring former NSA boss 'It freakin' worked' says Rob Joyce - and shows how relentless AI agents can find holes humans miss
RSA RSA panelists cry out for help to missing feds Washington content to be represented by actual empty chairs
RSA Google unleashes Gemini AI agents on the dark web Claims it can analyze millions of daily events with 98 percent accuracy
RSA Smooth criminals talking their way into cloud environments, Google says Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins
Security Russians are posing as Signal support to launch phishing attacks PLUS: US takes down Iranian propaganda sites; Marketing company asks 'Why Do We Have Your Information?' And more!
Cyber-crime Feds disrupt monster IoT botnets behind record-breaking DDoS attacks Millions of hijacked devices powered traffic floods targeting defense systems and beyond
Cyber-crime Jaguar Land Rover's cyber bailout sets worrying precedent, watchdog warns Lack of clear criteria risks encouraging firms to lean on state support instead of worrying about insurance
Cyber-crime Unknown attackers exploit yet another critical SharePoint bug Last time: Beijing-backed snoops and ransomware crims. Who's next?
Cyber-crime Lock down Microsoft Intune, feds warn after Stryker attack Iran-linked attackers wiped employees' devices using Intune
Research State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns Darksword is the second iOS exploit chain in a month
Security Ransomware crims abused Cisco 0-day weeks before disclosure, says Amazon security boss Interlock's post-exploit toolkit exposed
Security EU sanctions Iranian cyber front over election meddling, Charlie Hebdo breach State-sponsored attackers joined by Chinese snoops and hackers-for-hire in latest round of economic penalties
Cyber-crime Robotics surgical biz Intuitive discloses phishing attack Operations and hospital networks not affected, we're told
Cyber-crime Cybercrime has skyrocketed 245% since the start of the Iran war Hacktivists use proxy services from Russia, China for 'billions of designed-for-abuse connection attempts'
Cyber-crime AI finally delivers those elusive productivity gains... for cybercriminals Interpol says fraud schemes using the tech are 4.5x more profitable
Security Outsourcer Telus admits to attack – may have lost a petabyte of data to ShinyHunters PLUS: Citrix CISO urges patch blitz; Mandiant founder reveals AI red-teaming tech; Bitter privacy news for Starbucks; And more
Cyber-crime Credential-stealing crew spoofs VPN clients from Cisco, Fortinet, and others And then they send victims to the legit VPN download to hide their tracks
Cyber-crime Interpol cybercrime crackdown leads to 94 arrests, 45,000 IP takedowns Operation Synergia's third season is the most productive to date
Cyber-crime Operation Lightning takes down SocksEscort proxy network blamed for tens of millions in fraud International cops stuck down 23 servers in 7 countries
Cyber-crime Meta, international cops use handcuffs and AI to stop scammers 150k accounts nuked, 21 suspects arrested
Cyber-crime Dutch cops bust teen suspected of posing as bank staff to steal cards 17-year-old allegedly withdrew large sums of cash from ATMs
Security EU legal eagle says banks should refund cybercrime victims first, argue later Advocate General urges rethink of PSD2 to speed compensation after scams
Cyber-crime Cybercrime isn't just a cover for Iran's government goons - it's a key part of their operations Ransomware, malware-as-a-service, infostealers benefit MOIS, too
Research Fake job applications pack malware that kills endpoint detection before stealing data Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses
Cyber-crime ShinyHunters claims more high-profile victims in latest Salesforce customers data heist And they abused a Mandiant-developed open source tool in the attacks
Security Dutch cops warn 100 alleged scammers: Turn yourselves in or we tell Grandma Two-week deadline to fraudsters to fess up or have their faces plastered across every screen in the country
Security FBI is investigating breach that may have hit its wiretapping tools PLUS: Europol takes down two crime gangs; LastPass users phished (again); Crooks increase crypto hauls; And more
Security AI agents now help attackers, including North Korea, manage their drudge work Crims 'will do what gets them their objective easiest and fastest,' Microsoft threat intel boss tells The Reg
Security Son of government contractor arrested after alleged $46M crypto heist from US Marshals FBI and French GIGN swoop on Saint Martin, John Daghita in cuffs
Security Google says spyware makers and China-linked groups dominated zero-day attacks last year Of the 90 zero-days GTIG tracked in 2025, 43 hit enterprise tech
Cyber-crime Iran intelligence backdoored US bank, airport, software outfit networks MOIS-linked MuddyWater crew has a new, custom implant
Cyber-crime 'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes Attack infrastructure attributed to 'several Iran-nexus threat actors'
Cyber-crime LexisNexis confirms data breach at Legal & Professional arm, some customer records affected Crooks claim 2 GB haul from AWS instance via React2Shell exploit
Cyber-crime Turns out most cybercriminals are old enough to know better Law enforcement data shows profit-driven cybercrime is dominated by 35- to 44-year-olds, not script kiddies
Security Attacker gets into France's database listing all bank accounts, makes off with 1.2 million records
Cyber-crime Adidas investigates third-party data breach after criminals claim they pwned the sportswear giant
Cyber-crime China-linked snoops have been exploiting Dell 0-day since mid-2024, using 'ghost NICs' to avoid detection
Security 30+ Chrome extensions disguised as AI chatbots steal users' API keys, emails, other sensitive data
Cyber-crime Payroll pirates are conning help desks to steal workers' identities and redirect paychecks
Cyber-crime Someone's attacking SolarWinds WHD to steal high‑privilege credentials - but we don't know who or how
Cyber-crime AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers say
Security AI agents can't yet pull off fully autonomous cyberattacks – but they are already very helpful to crims
Security StopICE hacked to send alarming text messages, admins accuse border patrol agent of sabotage