Data Security News
The Hacker News
- Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fontsby info@thehackernews.com (The Hacker News)
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font […]
- Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flawby info@thehackernews.com (The Hacker News)
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory […]
- Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealerby info@thehackernews.com (The Hacker News)
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based […]
- Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentialsby info@thehackernews.com (The Hacker News)
The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign […]
- OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguardsby info@thehackernews.com (The Hacker News)
OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an […]
- FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keysby info@thehackernews.com (The Hacker News)
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they […]
- New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacksby info@thehackernews.com (The Hacker News)
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a […]
- Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaignby info@thehackernews.com (The Hacker News)
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at […]
Graham Cluley Blog
- Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cupby Graham Cluley
A polite caller from your bank says there is a problem with your account. Don't worry - they'll send someone round to help. They'll even take your […]
- Hacker hijacks Brazil’s national alert system, sending “misanthropy” to millions of phonesby Graham Cluley
Emergency alert systems work because people believe them. Every time one of these systems issues a false alert - whether through negligence or a […]
- Apple’s Hide My Email tweak leaves privacy fans fumingby Graham Cluley
Apple has long marketed itself as the privacy-first tech giant. So why is it making a change to Hide My Email that will make it easier for websites […]
- Imposter scams cost Americans $3.5 billion in 2025 – and it’s getting worseby Graham Cluley
Someone is pretending to be your bank, your government, or your local planning office. And according to the FTC, they're making billions doing it. […]
- Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassedby Graham Cluley
What if your AI coding assistant could be tricked into stealing your own company's secrets - by reading a single booby-trapped bug report? No […]
- Maine forced to take down data breach portal after fake notices filed with authoritiesby Graham Cluley
The US state of Maine has taken its public data breach notification portal offline after someone submitted fraudulent breach disclosures […]
- Privacy own-goal: World Cup blunder leaks Lionel Messi’s passport detailsby Graham Cluley
Argentina's World Cup squad had their passport numbers leaked before a ball was kicked - not by hackers, but by someone who failed to redact a […]
- Silent Ransom Group: what you need to knowby Graham Cluley
Most extortion gangs hide behind a keyboard. Silent Ransom Group will phone your staff pretending to be IT support - and if that fails, send someone […]
Infosecurity Magazine
- Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure […]
- FBI Sounds Alarm Over Russian Intelligence Signal Phishing
The FBI claims Russian spies are targeting Signal backup keys
- China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor
A China-linked threat group has been targeting critical infrastructure in Southeast Asia with a new custom backdoor called TinyRCT
- CMC Releases Analysis and Guidance for Education Sector After Canvas Data Breach
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber […]
- Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
- Twenty Million US IP Connections Used by Proxy Services
Digital Citizens Alliance report claims that millions of Americans may have unwittingly had IP connections used by cybercriminals
- Trust in Automated AI Vulnerability Scanning Collapses to 9%, New Study Finds
Cobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testing
- New CISA Guide Helps Agencies Adopt SASE For Zero Trust
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
Dark Reading News
- Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Riskby Bree Fowler
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
- AI Decline? Confidence in Autonomous Penetration Testing Fallsby Robert Lemos
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
- Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitionsby Jeffrey Schwartz
Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into the […]
- New Initiative Tackles Security for End-of-Life Open Source Softwareby Arielle Waldman
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory […]
- AI Won't Wipe-Out Entry-Level Cybersecurity Jobsby Jon France
Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills.
- Meeting Trump's 2030 Quantum Deadline Will be Expensive, Complexby Alexander Culafi
Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and […]
- Thanks for Crushing the Submissions Inbox. We're Trying to Keep Upby Becky Bracken
It might be taking a bit longer than usual to respond to your submissions — here's why.
- Robinhood Cuts Access Approval Time to Support High-Velocity Developmentby Ericka Chickowski
The fintech company's engineering-first application security team reengineered the process for granting system access, making it easier and more […]