News

  • Friday Squid Blogging: Squid Facts on Your Phone

    Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read More

    Read More

  • Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

    Increased law enforcement pressure has forced ransomware groups like DragonForce and Anubis to move away from traditional affiliate models Read More

    Read More

  • SAP Fixes Critical Vulnerability After Evidence of Exploitation

    A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors Read More

    Read More

  • M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

    British retailer M&S continues to tackle a cyber incident with online orders now paused for customers Read More

    Read More

  • Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

    Researchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration protocol Read More

    Read More

  • Cryptocurrency Thefts Get Physical

    Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping. Read More

    Read More

  • US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

    Panaseer’s latest cybersecurity study revealed that US companies have paid $155M in data breach lawsuit settlements over just six months Read More

    Read More

  • Popular LLMs Found to Produce Vulnerable Code by Default

    Backslash Security found that naïve prompts resulted in code vulnerable to at least four of the of the 10 most common vulnerabilities across popular LLMs Read More

    Read More

  • Hackers access sensitive SIM card data at South Korea’s largest telecoms company

    Mobile network operator SK Telecom, which serves approximately 34 million subscribers in South Korea, has confirmed that it suffered a cyber attack earlier this month that saw malware infiltrate its internal systems, and access data related to customers’ SIM cards. Read more in my article on the Hot for Security blog. Read More

    Read More

  • New Linux Rootkit

    Interesting: The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become…

    Read More