Flaws in how 17 models of headphones and speakers use Google’s one-tap Fast Pair Bluetooth protocol have left devices open to eavesdroppers and stalkers.
Redmond says cheap virtual desktops powered a global wave of phishing and fraud Microsoft has taken its cybercrime fight to the UK in its first major civil action outside the US, moving to shut...
Cold milk poured over 'spicy mode,' but it might not be enough to escape a huge fine Ofcom is continuing with its investigation into X, despite the social media platform saying it will block Grok...
Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.
EU-only ops, German subsidiaries, and a pinky promise your data won't end up in Uncle Sam's hands Amid continued trade and geopolitical volatility between Europe and the US, Amazon Web Services is...
The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025....
January 15, 2026 Overview In 2025, Android device users were most likely to encounter ad-displaying trojans and fake apps used for fraudulent purposes. As in the previous year, the most common...
January 15, 2026 In 2025, trojans designed to display ads were one of the most active threats. Users also encountered various malicious scripts and trojan programs that launch other malware in...
Investors didn't present a valid claim, says judge, but they're welcome to try again A group of CrowdStrike shareholders who sued the company over losses sustained following its 2024 global outage...
Cloud-native, 37 plugins … an attacker's dream A brand-new Linux malware named VoidLink targets victims' cloud infrastructure with more than 30 plugins that allow attackers to perform a range of...
AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like...
ANCHOR will restart conversations between government and industry around critical infrastructure security, with some changes around liability and other areas. The post Sources: DHS finalizing...
The botnet took an unusual path by abusing residential proxy networks, allowing it to control an untapped collection of unofficial Android TV devices. The post Kimwolf botnet’s swift rise to 2M...
Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to...
Researchers have demonstrated remotely controlling a wheelchair over Bluetooth. CISA has issued an advisory. CISA said the WHILL wheelchairs did not enforce authentication for Bluetooth...
A major Verizon outage appeared to impact customers across the United States starting around noon ET on Wednesday. Calls to Verizon customers from other carriers may also be impacted.
Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI. The post Community-powered security with AI: an open source framework for...
Whether you’re new to Wiz or early in your cloud security journey, start the year strong by turning cloud security resolutions into real impact in your first 90 days with Wiz.
Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating...
This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada on January 27, 2026, at 1:30 PM ET....
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious...
The healthcare sector experienced twice as many breaches in 2025 as it did in 2024, but the number of exposed patient records dropped precipitously, according to a new report from Fortified Health...
In a triple-barreled barrage on Monday evening, the Pentagon released three major policy memos from Secretary Pete Hegseth, aiming to overhaul and accelerate the department’s technology efforts....
The United Kingdom’s National Cyber Security Centre (NCSC) has published new guidance setting out new secure connectivity principles for operational technology (OT). These principles are intended...
Hundreds of records obtained by WIRED show thin intelligence on the Venezuelan gang in the United States, describing fragmented, low-level crime rather than a coordinated terrorist threat.
President Donald Trump has renominated Sean Plankey to be the next director of the Cybersecurity and Infrastructure Security Agency — a move that largely puts to rest any speculation that the...
Three major GDPR violations, including a lack of basic security controls, lead to hefty dent in profits The French data protection regulator, CNIL, today issued a collective €42 million ($48.9...
Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS)...
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114...
Every now and then, LevelBlue SpiderLabs diverts a bit from its normal course of discussing vulnerabilities, ransomware attacks, and malware, and generates a public service blog to help those in...