Free cybersecurity training can help water and wastewater utilities protect themselves against hackers, but only when paired with hands-on assistance and incentives for employees to build...
U.S. Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) published its first ever five-year Strategic Plan, a bold roadmap designed to fortify the...
Interpol disrupts cybercrime networks, DarkSword steals iOS personal data, and Interlock exploits Cisco 0-day to breach enterprise firewalls.
Lack of clear criteria risks encouraging firms to lean on state support instead of worrying about insurance The UK's cyber watchdog has warned that the government's £1.5 billion bailout of Jaguar...
Iranian hackers tied to a recent U.S. cyberattack have been running a broader intimidation campaign that involved issuing death threats and suggesting they have ties to a Mexican cartel to “commit...
The latest Bitrefill cyberattack offers a revealing look into how state-sponsored cybercrime has evolved into a strategic financial weapon. The latest development revolves around the threat actor...
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf,...
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC)...
404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It’s metadata—payment information related to a particular account—but...
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword....
Audit trails aplenty, but no price tag – and no clue how long your data sticks around Opinion Last week's UK government consultation on its plans for digital identity had quite a few things...
Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper...
Meta blamed users for not opting into the privacy-protecting feature. Experts fear the move could be the first major domino to fall for end-to-end encryption tech worldwide.
The modular backdoor AsyncRAT was deployed on targeted networks.
What you do – and how fast – after an account is compromised often matters more than it may seem
Cyble Research & Intelligence Labs (CRIL) tracked 1,641 vulnerabilities between March 04 and March 10, 2026. Of these, 175 vulnerabilities already have publicly available Proof-of-Concept (PoC)...
He would have gotten away with it too, if it weren't for a meddling security team's fear of USB On Call Each Friday The Register offers a fresh installment of On Call, the reader-contributed...
A recent Pixel firmware update released in March 2026 has sparked concern among Pixel Watch users, as reports of inaccurate Fitbit tracking, missing SpO2 readings, and inflated activity data...
North Carolina musician Michael Smith has pleaded guilty to collecting over $10 million in royalty payments through a massive streaming royalty fraud scheme on Spotify, Apple Music, Amazon Music,...
Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of...
Oracle published an out-of-band security alert for a critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager, following in-the-wild exploitation of a related flaw in the...
Microsoft says the March Windows 11 update breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. [...]
A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor. [...]
Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data from a D.C.-based tech company as his six-month contract gig came to a close. The post North Carolina tech worker...
Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to...
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 34...
The Aisuru, Kimwolf, JackSkid, and Mossad botnets had used clever techniques to worm into home networks, infecting more than 3 million devices in total, according to the US Justice Department.
Electricity demand is surging fast enough to force a rethink of what “keeping the lights on” means in 2026 — and DOE’s Alex Fitzsimmons argues the cyber side of that story is being misunderstood...
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore...
Kubernetes security advisory (AV26-260)