Unknown attackers are abusing Microsoft SharePoint file-sharing services to target multiple energy-sector organizations, harvest user credentials, take over corporate inboxes, and then send hundreds of

FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who’ve figured out how to sidestep SSO protections and grab sensitive settings right out

GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe’s regulators were deluged with more than 400 data breach notifications a day,

Concerned about the orgs that safeguard your money? The UK’s annual cybersecurity review for 2025 suggests you should be. Despite years of regulation, financial organizations

A recently disclosed critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is “trivial” to exploit, experts say. The bug, which had gone unnoticed for

Cisco has finally shipped a fix for a critical-rated zero-day in its Unified Communications gear, a flaw that’s already being weaponized in the wild, and

Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead Phil Muncaster 22 Jan

AI agents arrived in Davos this week with the question of how to secure them – and prevent agents from becoming the ultimate insider threat

Password managers make great targets for attackers because they can hold many of the keys to your kingdom. Now, LastPass has warned customers about phishing

Have I Been Pwned (HIBP) says 72.7 million accounts registered with Under Armour were affected by an alleged ransomware attack in November. The data breach

The European Commission (EC) wants a revised Cybersecurity Act to address any threats posed by IT and telecoms kit from third-country sources, potentially forcing member

The Irish government is planning to bolster its police’s ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use. The

Britain’s digital economy minister has sent forth a raft of companies as “ambassadors” to help organizations across the land embrace the UK’s Software Security Code

The maintainer of popular open-source data transfer tool cURL has ended the project’s bug bounty program after maintainers struggled to assess a flood of AI-generated

Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could

VoidLink, the newly spotted Linux malware that targets victims’ clouds with 37 evil plugins, was generated “almost entirely by artificial intelligence” and likely developed by

Two “easy-to-exploit” vulnerabilities in the popular open-source AI framework Chainlit put major enterprises’ cloud environments at risk of leaking data or even full takeover, according

Anthropic has fixed three bugs in its official Git MCP server that researchers say can be chained with other MCP tools to remotely execute malicious