Trending Articles

article thumbnail

Welcoming the Malaysian Government to Have I Been Pwned

Troy Hunt

Today, we welcome the 40th government onboarded to Have I Been Pwned's free gov service, Malaysia. The NC4 NACSA (National Cyber Coordination and Command Centre of the National Cyber Security Agency) in Malaysia now has full access to query all their government domains via API, and monitor them against future breaches. Malaysia is the first Asian nation to make use of this service, and we look forward to seeing many more from this corner of the world in the future.

article thumbnail

AI-Generated Law

Schneier on Security

On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of legislation by up to 70%.” AI would create a “comprehensive legislative plan” spanning local and federal law and would be connected to public adminis

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Patch Tuesday, May 2025 Edition

Krebs on Security

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available.

article thumbnail

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

After joining Vanessa Feltz on Channel 5 to talk all things scams, I wanted to follow up with a clear guide for anyone whos ever been targeted or worries they might be next. Scams today arent just dodgy emails or shady phone calls. Fraudsters use AI, social engineering, and emotional manipulation to steal not just money, but also trust, time, and peace of mind.

Scams 130
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

The Last Watchdog

The cybersecurity landscape has never moved faster and the people tasked with defending it have never felt more exposed. Related: How real people are really using GenAI Todays Chief Information Security Officers (CISOs) operate in a pressure cooker: responsible for protecting critical assets, expected to show up in the boardroom with fluency, yet rarely granted the authority, resources or organizational alignment to succeed.

CISO 130
article thumbnail

Weekly Update 452

Troy Hunt

Funny how excited people can get about something as simple as a sticker. They're always in hot demand and occupy an increasingly large portion of my luggage as we travel around. Charlotte reckoned it would be the same for other merch too, so, while I've been beavering away playing code monkey on the rebranded HIBP website, she built a merch store.

LifeWorks

More Trending

article thumbnail

Breachforums Boss to Pay $700k in Healthcare Breach

Krebs on Security

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick , a.k.a. “ Pompompurin ,” is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).

article thumbnail

CFPB Quietly Kills Rule to Shield Americans From Data Brokers

WIRED Threat Level

Russell Vought, acting director of the Consumer Financial Protection Bureau, has canceled plans to more tightly regulate the sale of Americans sensitive personal data.

144
144
article thumbnail

Linux Foundation Shares Framework for Building Effective Cybersecurity Teams

Security Boulevard

The Linux Foundation this week made available a customizable reference guide intended to help organizations identify critical cybersecurity skills requirements. The post Linux Foundation Shares Framework for Building Effective Cybersecurity Teams appeared first on Security Boulevard.

article thumbnail

Noodlophile Malware Distributed Through Bogus AI Video Generators: Who Are the Targets?

Tech Republic Security

By downloading what they believe is an AI-generated video, victims have installed malware that can steal their data or offer attackers remote access to infected devices.

Malware 132
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Florida Backdoor Bill Fails

Schneier on Security

A Florida bill requiring encryption backdoors failed to pass.

article thumbnail

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

The Hacker News

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Bykkaya said in an analysis published today.

120
120
article thumbnail

News Alert: INE Security outlines top 5 training priorities emerging from RSAC 2025

The Last Watchdog

Cary, NC, May 13, 2025, CyberNewswire –Fresh from a high-impact presence at RSAC 2025, where INE Security welcomed thousands of visitors to its interactive booth at San Franciscos Moscone Center, the global cybersecurity training and certification provider is addressing some of the top cybersecurity priorities emerging from the industry-leading event.

article thumbnail

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Security Affairs

Interlock Ransomware ‘s attack on a defense contractor exposed global defense supply chain details, risking operations of top contractors and their clients. Resecurity envisions the cascading effects on the defense supply chain due to ransomware activity. In the recent incident, by attacking a defense contractor, Interlock Ransomware uncovered details about the supply chains and operations of many other top defense contractors globally who use their products, including their end customers.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook

eSecurity Planet

IT executive updating AI systems using green screen laptop, writing intricate binary code scripts. Technical support consultant using programming to upgrade artificial intelligence simulation model As AI tools boom in popularity, cyberthieves are exploiting the excitement with fake AI video editing platforms that lure users into downloading malware.

Malware 98
article thumbnail

Court Rules Against NSO Group

Schneier on Security

The case is over : A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I’m sure it’ll be appealed. Everything always is.

Software 205
article thumbnail

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails

The Hacker News

Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement.

article thumbnail

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

The Last Watchdog

Small businesses make up 90% of all companies worldwide and account for half of global GDP. Yet despite their importance, many lack the cybersecurity expertise and resources to fend off a rising tide of digital threats. Related: Protecting lateral networks in SMBs Rich in sensitive data and often connected to larger supply chains, small businesses have become prime targets for attackers.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

AI in the Cloud: The Rising Tide of Security and Privacy Risks

Security Affairs

Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise growing concerns over data security and privacy risks. As enterprises embrace artificial intelligence (AI) to streamline operations and accelerate decision-making, a growing number are turning to cloud-based platforms like Azure OpenAI, AWS Bedrock, and Google Bard. In 2024 alone, over half of organizations adopted AI to build custom applications.

Risk 106
article thumbnail

Meta Scores $168M Legal Victory Over NSO Group for Spyware Abuse

SecureWorld News

In a landmark ruling that reverberates across the cybersecurity and tech policy landscape, Meta has won a $ 167.7 million judgment against NSO Group, the Israeli company behind the Pegasus spyware. The United States federal jury awarded $ 444,719 in compensatory damages and $ 167.25 million in punitive damages, marking the first time a U. S. company has successfully held a commercial spyware vendor accountable in a court of law, Reuters reports.

Spyware 102
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking (remotely) at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025. The list is maintained on this page.

209
209
article thumbnail

Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit

The Hacker News

Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

News alert: INE Security highlights monthly CVE Labs aimed at sharpening real-world defense

The Last Watchdog

Cary, NC, May 14, 2025, CyberNewswire — INE Security , a global leader in hands-on cybersecurity training and certifications, today highlighted how ongoing real-world practice with the latest CVEs (Common Vulnerabilities and Exposures) is essential for transforming security teams from reactive to proactive defenders. With over 26,000 new CVEs documented in the past year, security teams are drowning in vulnerability alerts while facing exploit windows that have compressed to hours in many c

article thumbnail

Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies

Security Affairs

A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks on Dutch companies in 2021. Moldovan police arrested a 45-year-old foreign man as a result of a joint international operation involving Moldovan and Dutch authorities. He is internationally wanted for multiple cybercrime, including ransomware attacks, blackmail, and money laundering, targeting Dutch companies.

article thumbnail

CAPTCHA Trap: Fake Verification Unleashes Lumma Stealer on Unsuspecting Users

Penetration Testing

Sophos X-Ops has uncovered a cunning cybercrime campaign using fake CAPTCHA pages to trick users into running PowerShell The post CAPTCHA Trap: Fake Verification Unleashes Lumma Stealer on Unsuspecting Users appeared first on Daily CyberSecurity.

article thumbnail

Google’s Advanced Protection Now on Android

Schneier on Security

Google has extended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users. Wired article , behind a paywall.

Risk 151
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

The Hacker News

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity.

Software 119
article thumbnail

SHARED INTEL Q&A: AI in the SOC isn’t all about speed — it’s more so about smoothing process

The Last Watchdog

The SOC has long been the enterprises first line of defense. But despite years of investment in threat feeds and automation platforms, the same question persists: why does intelligence still struggle to translate into timely action? Related: IBM makes the AI speed argument for SOCs The 2023 disclosure of Volt Typhoon was a case in point. Despite a 47-page CISA advisory, breaches linked to the actor continued for months.

article thumbnail

Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days

Security Affairs

Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flawsacross multiple products, including five zero-day flaws. Microsoft Patch Tuesday security updates addressed 75 security vulnerabilities in Windows and Windows Components, Office and Office Components,NET and Visual Studio, Azure, Nuance PowerScribe, Remote Desktop Gateway Service, and Microsoft Defender.

article thumbnail

Steelmaker Nucor Faces Breach, Temporarily Halts Production

SecureWorld News

On May 14, 2025, Nucor Corporation, the largest steel producer in the United States, disclosed a cybersecurity incident involving unauthorized access to certain IT systems. In response, the Charlotte-based company proactively took affected systems offline and temporarily halted production at various locations as a precautionary measure. In its 8-K filing with the U.S.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!