Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing “cyber

SAP’s latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day. However, we

Britain’s data privacy watchdog has slapped a fine of £90k ($120k) on a business that targeted people with intrusive marketing phone calls, despite them being

Social Media Look out for AI-generated ‘TikDocs’ who exploit the public’s trust in the medical profession to drive sales of sketchy supplements 25 Apr 2025

Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin

Yale New Haven Health has notified more than 5.5 million people that their private details were likely stolen by miscreants who broke into the healthcare

Turns out Microsoft’s latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed

For anyone who’s ever been frustrated by the need to go online to play a single-player video game, the European privacy specialists at noyb have

UK high street retailer Marks & Spencer says contactless payments are still down following its “cyber incident” and order delays are likely to continue. The

The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems. That’s

Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to

Digital scammers and extortionists bilked businesses and individuals in the US out of a “staggering” $16.6 billion last year, according to the FBI — the

US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google’s advertising empire, likely

Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency. The NPM package, xrpl, is a JavaScript/TypeScript

The security industry loves its buzzwords, and this is always on full display at the annual RSA Conference event in San Francisco. Don’t believe us?

Criminals used stolen credentials more frequently than email phishing to gain access into their victims’ IT systems last year, marking the first time that compromised

AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying

The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe. Phil Muncaster 23 Apr 2025  •