Anthropic: All your zero-days are belong to Mythos
Hasn't released it to the public, because it would break the internet - in a bad way
Security07 Apr 2026 | 10
Research
Don't open that WhatsApp message, Microsoft warns
How to avoid social engineering attacks? Employee training tops the list
Research31 Mar 2026 | 32
Security boffins scoured the web and found hundreds of valid API keys
Global bank's devs have some cleaning up to do after cloud creds found in website code
Research27 Mar 2026 | 8
Scammers have virtual smartphones on speed dial for fraud
They cleverly mimic most traits of a real phone
Cyber-crime25 Mar 2026 | 14
1K+ cloud environments infected following Trivy supply chain attack
RSAC 2026 Crims 'creating a snowball effect' across open source projects
RSA24 Mar 2026 | 5
Claude attacks were 'Rorschach test' for infosec community, scaring former NSA boss
RSAC 2026 'It freakin' worked' says Rob Joyce - and shows how relentless AI agents can find holes humans miss
RSA23 Mar 2026 | 2
Lightning-fast exploits make it essential to patch fast, ask questions later
Here's where you ought to spend your security billable hours budget this year
CSO23 Mar 2026 | 6
Smooth criminals talking their way into cloud environments, Google says
RSAC 2026 Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins
RSA23 Mar 2026 | 1
State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns
Darksword is the second iOS exploit chain in a month
Research18 Mar 2026 | 25
Cybercrime has skyrocketed 245% since the start of the Iran war
Hacktivists use proxy services from Russia, China for 'billions of designed-for-abuse connection attempts'
Cyber-crime16 Mar 2026 | 1
Rogue AI agents can work together to hack systems and steal secrets
Prompt like a hard-ass boss who won't tolerate failure and bots will find ways to breach policy
Research12 Mar 2026 | 7
Fake job applications pack malware that kills endpoint detection before stealing data
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses
Research10 Mar 2026 | 39
AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours
David and Goliath…but with AI agents
Security09 Mar 2026 | 24
Kaspersky dismisses claims Coruna iPhone exploit kit is connected to NSA-linked operation
Follows suggestions iPhone-pwning toolset bears hallmarks of zero-days that targeted Russian diplomats
Security04 Mar 2026 | 8
Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite
AI browsing agent left local files open for the taking
Research03 Mar 2026 | 4
Denizens of DEF CON are 'fed up with government'
Interview Jake Braun thinks hackers need to create a 'Digital arsenal of democracy' to defend us all
Research28 Feb 2026 | 65
Ransomware payments cratered in 2025, but attacks surged to record highs
Smaller crews piled in as old names splintered and rebranded
Research27 Feb 2026 | 5
Claude collaboration tools left the door wide open to remote code execution
Anthropic fixed the flaws – but the AI-enabled attack surfaces remain
Research26 Feb 2026 | 4
Fake 'interview' repos lure Next.js devs into running secret-stealing malware
Come for the coding test, stay for the C2 traffic
Security25 Feb 2026 | 4
Threat intelligence supply chain is full of weak links, researchers find
And they're being stressed by geopolitical concerns that threaten to slow important data-sharing efforts
Research25 Feb 2026 | 3
Popular
AMD's AI director slams Claude Code for becoming dumber and lazier since last update
'Claude cannot be trusted to perform complex engineering tasks' according to GitHub ticket
The developer who came in from the cold and melted a mainframe
Who, Me? It's not just machines that need proper HVAC
Windows asks a networking question on a Stratford billboard
Bork!Bork!Bork! Glue and paper wouldn't have cared about discoverability
Patch to end i486 support hits Linux kernel merge queue
After a year of patchwork, maintainers look ready to start retiring 486-class CPUs
AI agents found vulns in this popular Linux and Unix print server
CUPS server shown spilling out remote code execution and root access
Attackers exploited this critical FortiClient EMS bug as a 0-day
CISA added the flaw to KEV after Fortinet confirmed exploitation in the wild
Anthropic closes door on subscription use of OpenClaw
The company is having trouble meeting user demand
Anthropic reveals $30bn run rate and plans to use 3.5GW of new Google AI chips
Broadcom's building the silicon and is chuffed about that, but also notes Anthropic remains a risk
AI slop got better, so now maintainers have more work
Once AI bug reports become plausible, someone still has to verify them
Apple's chips are the core of a new landscape, but its biggest win is Windows
Opinion Walled gardens make more sense when it's an AI-lligator infested swamp outside
STORIES
AI agents abound, unbound by rules or safety disclosures
MIT CSAIL's 2025 AI Agent Index puts opaque automated systems under the microscope
AI + ML20 Feb 2026 | 11
Crims create fake remote management vendor that actually sells a RAT
$300 a month buys you a backdoor that looks like legit software
Cyber-crime19 Feb 2026 | 13
Android malware taps Gemini to navigate infected devices
For now, it might not function outside of a lab
Research19 Feb 2026 | 7
Posting AI-generated caricatures on social media is risky, infosec killjoys warn
The more you share online, the more you open yourself to social engineering
Research11 Feb 2026 | 11
Payroll pirates are conning help desks to steal workers' identities and redirect paychecks
Exclusive Attackers using social engineering to exploit business processes, rather than tunnelling in via tech
Cyber-crime11 Feb 2026 | 19
For the price of Netflix, crooks can now rent AI to run cybercrime
Group-IB says crims forking out for Dark LLMs, deepfakes, and more at subscription prices
Research20 Jan 2026 | 4
Fast Pair, loose security: Bluetooth accessories open to silent hijack
Sloppy implementation of Google spec leaves 'hundreds of millions' of devices vulnerable
Research17 Jan 2026 | 35
A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'
And it's 'not unique to AWS,' researcher tells The Reg
Research15 Jan 2026 | 12
'Imagination the limit': DeadLock ransomware gang using smart contracts to hide their work
New crooks on the block get crafty with blockchain to evade defenses
Research14 Jan 2026 | 2
Popular Python libraries used in Hugging Face models subject to poisoned metadata attack
The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group
Patches13 Jan 2026 | 1
Mandiant open sources tool to prevent leaky Salesforce misconfigs
AuraInspector automates the most common abuses and generates fixes for customers
SaaS13 Jan 2026 |
OpenAI putting bandaids on bandaids as prompt injection problems keep festering
Happy Groundhog Day!
Research08 Jan 2026 | 21
Fake Windows BSODs check in at Europe's hotels to con staff into running malware
Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls
Research06 Jan 2026 | 15
Your car’s web browser may be on the road to cyber ruin
Study finds built-in browsers across gadgets often ship years out of date
Research18 Dec 2025 | 75
China's Ink Dragon hides out in European government networks
Misconfigured servers are in, 0-days out
Research16 Dec 2025 | 13
Browser 'privacy' extensions have eye on your AI, log all your chats
More than 8 million people have installed extensions that eavesdrop on chatbot interactions
AI + ML16 Dec 2025 | 28
Honeypots can help defenders, or damn them if implemented badly
Infosec In Brief PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more
Security14 Dec 2025 | 3
10K Docker images spray live cloud creds across the internet
Flare warns devs are unwittingly publishing production-level secrets
Research11 Dec 2025 | 12
As humanoid robots enter the mainstream, security pros flag the risk of botnets on legs
Interview Have we learned nothing from sci-fi films and TV shows?
Research09 Dec 2025 | 45
Apache warns of 10.0-rated flaw in Tika metadata ingestion tool
Infosec in Brief PLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more!
Security08 Dec 2025 | 7
Novel clickjacking attack relies on CSS and SVG
Who needs JavaScript?
Research05 Dec 2025 | 12
'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole
Finish reading this, then patch
Security03 Dec 2025 | 33
Swiss government says give M365, and all SaaS, a miss as it lacks end-to-end encryption
Infosec In Brief PLUS: Exercise app tells spies to stop mapping; GitLab scan reveals 17,000 secrets; Leak exposes Iran’s Charming Kitten; And more!
Security01 Dec 2025 | 28
Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites
ReliaQuest finds fresh crop of phishing domains and toxic tickets
Research27 Nov 2025 | 1
HashJack attack shows AI browsers can be fooled with a simple ‘#’
Hashtag-do-whatever-I-tell-you
AI + ML25 Nov 2025 | 27
Fresh ClickFix attacks use Windows Update trick-pics to steal credentials
Poisoned PNGs contain malicious code
Security24 Nov 2025 | 4
LLM-generated malware is improving, but don't expect autonomous attacks tomorrow
Researchers tried to get ChatGPT to do evil, but it didn't do a good job
Research20 Nov 2025 | 2
Researchers claim 'largest leak ever' after uncovering WhatsApp enumeration flaw
Two-day exploit opened up 3.5 billion users to myriad potential harms
Research19 Nov 2025 | 67
Tens of thousands more ASUS routers pwned by suspected, evolving China operation
Researchers say attacks are laying the groundwork for stealthy espionage activity
Cyber-crime19 Nov 2025 | 37
Overconfidence is the new zero-day as teams stumble through cyber simulations
Readiness metrics have flatlined since 2023, with most sectors slipping backward as teams fumble crisis drills
Security17 Nov 2025 | 7
UK asks cyberspies to probe whether Chinese buses can be switched off remotely
Norwegian testers claim maker has remote access, while UK importer says supplier complies with the law
Security11 Nov 2025 | 74
LLM side-channel attack could allow snoops to guess what you're talking about
Updated Encryption protects content, not context
Research11 Nov 2025 | 7
Previously unknown Landfall spyware used in 0-day attacks on Samsung phones
'Precision espionage campaign' began months before the flaw was fixed
Research07 Nov 2025 | 8
MIT Sloan quietly shelves AI ransomware study after researcher calls BS
Even AI has doubts about the claim that '80% of ransomware attacks are AI-driven'
Research03 Nov 2025 | 18
Proton trains new service to expose corporate infosec cover-ups
Service will tell on compromised organizations, even if they didn't plan on doing so themselves
Security30 Oct 2025 |
Invisible npm malware pulls a disappearing act – then nicks your tokens
PhantomRaven slipped over a hundred credential-stealing packages into npm
Security30 Oct 2025 | 18
Researchers exploit OpenAI's Atlas by disguising prompts as URLs
NeuralTrust shows how agentic browser can interpret bogus links as trusted user commands
Research27 Oct 2025 | 3
How malware vaccines could stop ransomware's rampage
Feature Security pros explore whether infection-spoofing code can immunize Windows systems against attack
Security21 Oct 2025 | 24
Devs are writing VS Code extensions that blab secrets by the bucketload
Vibe coding may have played a role in what took researchers months to fix
Research15 Oct 2025 | 10
Pro-Russia hacktivist group dies of cringe after falling into researchers' trap
Forescout's phony water plant fooled TwoNet into claiming a fake cyber victory – then it quietly shut up shop
Security10 Oct 2025 | 10
Tile trackers are a stalker's dream, say Georgia Tech researchers
Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy
Research30 Sep 2025 | 15
Hunt for RedNovember: Beijing hacked critical orgs in year-long snooping campaign
Not to be confused with all the other reports of Chinese intruders on US networks that came to light this week
Research27 Sep 2025 | 14
Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects
Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses
Security26 Sep 2025 | 2
Google warns China-linked spies lurking in 'numerous' enterprises
Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'
Research24 Sep 2025 | 8
Nearly half of businesses suffered deepfaked phone calls against staff
AI attacks on the rise
Research23 Sep 2025 | 5
Kaspersky: RevengeHotels checks back in with AI-coded malware
Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk
Research23 Sep 2025 | 2
Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack
Google and ETH Zurich found problems with AMD/SK Hynix combo, will probe other hardware
Research17 Sep 2025 | 16
FileFix attacks use fake Facebook security alerts to trick victims into running infostealers
Tech evolved from PoC to global campaign in under two months
Security16 Sep 2025 | 6
HybridPetya: More proof that Secure Boot bypasses are not just an urban legend
Although it hasn't been seen in the wild yet
Research12 Sep 2025 | 23
AI-powered penetration tool, an attacker's dream, downloaded 10K times in 2 months
Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit
Research11 Sep 2025 |
Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
AMD Zen hardware and Intel Coffee Lake affected
Research11 Sep 2025 | 4
Apple slips up on ChillyHell macOS malware, lets it past security . . . for 4 years
'We do believe that this was likely the creation of a cybercrime group,' threat hunter tells The Reg
Research10 Sep 2025 | 18
Internet mapping and research outfit Censys reveals state-based abuse, harassment
‘Universities are being used to proxy offensive government operations, turning research access decisions political’
Research03 Sep 2025 | 19
LegalPwn: Tricking LLMs by burying badness in lawyerly fine print
Trust and believe – AI models trained to see 'legal' doc as super legit
AI + ML01 Sep 2025 | 35
Researcher who found McDonald's free-food hack turns her attention to Chinese restaurant robots
Updated The controls were left wide open on Pudu's robots
Research29 Aug 2025 | 34
ChatGPT hates LA Chargers fans
Harvard researchers find model guardrails tailor query responses to user's inferred politics and other affiliations
AI + ML27 Aug 2025 | 15
Nx NPM packages poisoned in AI-assisted supply chain attack
Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon
Devops27 Aug 2025 | 2
Who are you again? Infosec experiencing 'Identity crisis' amid rising login attacks
Vendor insists passkeys are the future, but getting workers on board is proving difficult
Research27 Aug 2025 | 39
ZipLine attack uses 'Contact Us' forms, White House butler pic to invade sensitive industries
'Many dozens' targeted in ongoing campaign, CheckPoint researcher tells The Reg
Cyber-crime26 Aug 2025 | 6
Fake CAPTCHA tests trick users into running malware
ClickFix tricks
Research22 Aug 2025 | 31
Google yet to take down 'screenshot-grabbing' Chrome VPN extension
Updated Researcher claims extension didn't start out by exfiltrating info... while dev says its actions are 'compliant'
Research21 Aug 2025 | 10
AI crawlers and fetchers are blowing up websites, with Meta and OpenAI the worst offenders
Updated One fetcher bot seen smacking a website with 39,000 requests per minute
AI + ML21 Aug 2025 | 83
Facial recognition works better in the lab than on the street, researchers show
High accuracy scores come from conditions that don't reflect real-world usage
Research18 Aug 2025 | 31
Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations
UPdated Sni5Gect research crew targets sweet spot during device / network handshake pause
Research18 Aug 2025 | 13
'MadeYouReset' HTTP/2 flaw lets attackers DoS servers
Researchers had to notify over 100 vendors of flaw that builds on 2023's Rapid Reset with neat twist past usual mitigations
Research14 Aug 2025 | 7
Poisoned telemetry can turn AIOps into AI Oops, researchers show
Sysadmins, your job is safe
Networks12 Aug 2025 | 6
Chinese biz using AI to hit US politicians, influencers with propaganda
DEF CON In misinformation, Russia might be the top dog but the Chinese are coming warns former NSA boss
Research08 Aug 2025 | 17
Infosec hounds spot prompt injection vuln in Google Gemini apps
Black hat Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed
Research08 Aug 2025 | 4
German security researchers say 'Windows Hell No' to Microsoft biometrics for biz
Black Hat Hello loophole could let a rogue admin, or a pwned one, inject new facial scans
Research07 Aug 2025 | 31
Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack
black hat Psst, wanna steal someone's biometrics?
Patches05 Aug 2025 | 20
Study finds humans not completely useless at malware detection
Some pinpointed software nasties but were suspicious of printer drivers too
Security05 Aug 2025 | 11
Cybercrooks attached Raspberry Pi to bank network and drained ATM cash
Criminals used undocumented techniques and well-placed insiders to remotely withdraw money
Research01 Aug 2025 | 26
Kremlin goons caught abusing ISPs to spy on Moscow-based diplomats, Microsoft says
Russia spying on foreign embassies? Say it ain't so
Security31 Jul 2025 | 61
Silk Typhoon spun a web of patents for offensive cyber tools, report says
US court docs reveal that infamous Chinese snoops filed IP papers like tax returns
Research31 Jul 2025 | 3
FBI: Watch out for these signs Scattered Spider is spinning its web around your org
New malware, even better social engineering chops
Cyber-crime29 Jul 2025 | 11
Security pros are drowning in threat-intel data and it's making everything more dangerous
Plus, 60% don't have enough analysts to make sense of it
CSO28 Jul 2025 | 17
Freelance dev shop Toptal caught serving malware after GitHub account break-in
updated Malicious code lurking in over 5,000 downloads, says Socket researcher
Cyber-crime25 Jul 2025 | 2
Coyote malware abuses Microsoft's UI Automation to hunt banking creds
Some coyotes hunt squirrels, this one hunts users' financial apps
Research24 Jul 2025 | 1
Quantum code breaking? You'd get further with an 8-bit computer, an abacus, and a dog
Computer scientist Peter Gutmann tells The Reg why it's 'bollocks'
Research17 Jul 2025 | 97
Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit
Updated Someone's OVERSTEPing the mark
Research16 Jul 2025 | 3
