Agregátor RSS

On Thursday, April 30 at 2:00 PM ET, BleepingComputer will host a live webinar with threat intelligence company Flare and threat intelligence researcher Tammy Harper, exploring how security teams can identify early warning signs of attacks before they escalate into incidents. [...]

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026,Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." [...]

Technologie ShadeCut umožňuje solárním panelům napodobit střešní tašky • Mikroskopické struktury vytvářejí požadované barvy a zachovávají výkon • Systém usnadní integraci fotovoltaických prvků na chráněné historické budovy

Most information security best practices are built on a single, comfortable assumption: that the "root" gate is locked and only the administrator holds the key. We assume that unless we explicitly hand over credentials, the core of the system is off-limits.

Most information security best practices are built on a single, comfortable assumption: that the "root" gate is locked and only the administrator holds the key. We assume that unless we explicitly hand over credentials, the core of the system is off-limits.

Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds. Remote tools are getting abused. Malware hides in places people trust. Same Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Space Force awards 11 firms prototype deals to build orbital interceptors

The United States Space Force (USSF) has awarded eleven companies contracts to develop space-based interceptors for President Trump's Golden Dome program, in agreements worth up to $3.2 billion.…

​22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive $230 million cryptocurrency heist. [...]

Three seconds of audio is all it takes to clone a voice for fraud. Adaptive Security shows how deepfake calls trick employees into sending real money—and why most defenses don't catch them. [...]

V Paříži a na Polymarketu bylo horko. Za poslední měsíc dvakrát. Znáte Polymarket? Je to na blockchainu založená platforma, která umožňuje uživatelům sázet na výsledek reálných událostí z oblasti politiky, sportu, vědy nebo popkultury. Nebo také na počasí. A přesně to udělal zatím neznámý sázkař ...

Greg Kroah-Hartman začal používat AI asistenta pojmenovaného gkh_clanker_t1000. V commitech se objevuje "Assisted-by: gkh_clanker_t1000". Na social.kernel.org publikoval jeho fotografii. Jedná se o Framework Desktop s AMD Ryzen AI Max a lokální LLM.

Cybersecurity professionals were the most overlooked workers in IT when it came to pay rises in 2025, according to new figures from recruiter Harvey Nash. The trend was especially stark in the UK, where 77 percent of all security staff saw no salary increase, although the pattern was observed globally too with 71 percent of infoseccers experiencing wage stagnation. For context, 45 percent of all tech workers received pay rises across the 53 countries surveyed, and even DevOps - the most generously rewarded discipline - only reached 56 percent. More than half of those working in adjacent disciplines, including infrastructure, AI/ML, and product management, received wage increases. The pay squeeze is taking a toll: security professionals now rank in the bottom three for overall workplace satisfaction alongside QA testers and infrastructure bods - despite cybersecurity being in the top-three most in-demand positions across the tech industry. Ankur Anand, CIO at Harvey Nash, the IT recruitment biz which gathered the latest data, told The Register that security salaries are stagnating because successful teams are breeding complacency at the board level. "Cybersecurity has become a victim of its own effectiveness," he said. "When teams do their job well, the absence of incidents leads to complacency at senior levels.  "At the same time, AI is expanding the threat surface and increasing the volume, speed, and complexity of what security teams have to deal with. When you layer that onto constant pressure, legacy technology, and highly distributed working models, you end up with a workforce carrying huge responsibility with limited recognition. That combination is a powerful driver of burnout and attrition." That boardroom complacency sits awkwardly alongside warnings from security authorities. The UK's National Cyber Security Centre reported a 50 percent rise in its most severe attack category less than a year ago, and data from Check Point, Fortinet, and a January World Economic Forum report all point in the same direction: threats are mounting. The salary data also comes during a period of instability in the cybersecurity job market, with full-time job opportunities starting to plummet due to global economics and technological innovations, like AI, erasing entry-level positions.  Cybersecurity, like many other industries, is now in an employer-controlled job market – a far cry from the skills-gap panic of recent years. The mood is visible in why people are staying put: 56 percent cite genuine job satisfaction, but 24 percent admit they're simply not confident they'd find anything better right now.  Anand concluded: "The data should be a wake-up call. We're asking cybersecurity teams to stand on the front line of business risk, yet too often we're not matching that responsibility with the reward, progression, and operating environment that keeps people in the profession. "When pay lags the market, workload keeps rising, and the role is seen as a blocker rather than an enabler, it's no surprise that attrition starts to look like the path of least resistance. "If organizations want to reduce exposure and respond faster when incidents happen, they need to treat cyber talent as a strategic capability: valued, visible, and supported by leadership. The organizations that get this right won't just retain their best people – they'll build trust with customers, regulators, and their own boards." ®

Global recruitment giant says 71% of human firewalls saw wages stagnate last year as threats and responsibilities grew

Cybersecurity professionals were the most overlooked workers in IT when it came to pay rises in 2025, according to new figures from recruiter Harvey Nash.…

Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent signing issues and preventing customers from accessing their mailboxes. [...]

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right [email protected]

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A home security biz getting digitally burgled is not a great look - but that's exactly where ADT finds itself. The company has confirmed a cyber intrusion following an extortion attempt by the ShinyHunters crew, which claims to have made off with more than 10 million records. US-based ADT is one of the world's largest providers of monitored home alarm systems, selling everything from burglar alarms and cameras to smart home kits, all pitched on keeping unwanted visitors out.  On Friday, the company said it detected "unauthorized access" on April 20, shut it down, and brought in outside incident responders, with law enforcement looped in.  According to ADT, the intruder made off with a "limited set" of data covering names, phone numbers, and addresses, with a smaller slice including dates of birth and the last four digits of Social Security or tax ID numbers. No payment data was accessed, it said, and the firm was keen to stress that customer security systems were not touched. That's the official version. ShinyHunters, meanwhile, is telling a rather different story. In a post on its dark web leak site, seen by The Register, the crew claims it lifted "over 10M Salesforce records containing PII and other internal corporate data" and is now airing the lot after talks with ADT went nowhere.  "The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made," the group said. "They don't care." The mention of Salesforce hints at a possible SaaS foothold rather than someone fiddling with alarm panels. While ADT has yet to confirm how the intruders gained access, it said in a separate 8-K filing [PDF] that attackers accessed "certain cloud-based environments." There is, to put it mildly, a gap between "limited set" and "10 million records." Companies tend to define incidents as tightly as possible, while crooks tend to do the opposite. The truth usually lands awkwardly in between. Have I Been Pwned has now put a number on it, listing 5.5 million unique email addresses, a number that sits far nearer "millions" than ADT's version of events. ShinyHunters recently made similar claims about cruise company Carnival Corporation, complete with talk of failed negotiations and a looming data dump. ADT has not yet responded to questions from The Register about how it was compromised, how many people were affected, whether customers outside the US are involved, or whether it has filed breach notifications with state attorneys general. For a company built on keeping intruders out, this one has already got inside the front door. Whether it also cleaned out the filing cabinets is the part still being argued over. ®