Raspberry Pi has given out prizes for extracting a secret value from the one-time-programmable (OTP) memory of the Raspberry Pi RP2350 microcontroller – awarding a

A London-based private security company allegedly left more than 120,000 files available online via an unsecured server, an infoseccer told The Register. The independent security

ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in

GoDaddy has failed to protect its web-hosting platform with even basic infosec tools and practices since 2018, according to the FTC, but the internet giant

Drone maker DJI has decided to scale back its geofencing restrictions, meaning its software won’t automatically stop operators from flying into areas flagged as no-fly

Beijing’s Salt Typhoon cyberspies had been seen in US government networks before telcos discovered the same foreign intruders in their own systems, according to CISA

Researchers at cyber-defense contractor PeopleTec have found that facial recognition algorithms’ focus on specific areas of the face opens the door to subtler surveillance avoidance

Devices that have Citrix’s Session Recording software installed are having problems completing this month’s Microsoft Patch Tuesday update, which includes important fixes. Microsoft noted the

North Korean blockchain bandits stole more than half a billion dollars in cryptocurrency in 2024 alone, the US, Japan, and South Korea say. The sum

Digital Security In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other

Patch Tuesday The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that

The FBI, working with French cops, obtained nine warrants to remotely wipe PlugX malware from thousands of Windows-based computers that had been infected by Chinese

Developer security company Snyk is at the center of allegations concerning the possible targeting or testing of Cursor, an AI code editor company, using “malicious”

Analysis A little more than two months out from its first legal deadline, the UK’s Online Safety Act is causing concern among smaller online forums

A total ban on ransomware payments across the public sector might actually happen after the UK government opened a consultation on how to combat the

Kids Online Some of the state’s new child safety law can be easily circumvented. Should it have gone further? Tony Anscombe 14 Jan 2025  • 

Miscreants running a “mass exploitation campaign” against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according

“Several cloud deployments” are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say. CVE-2024-50603 leads to remote code execution (RCE)