Security News

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
2025-04-26 10:38

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like...

Signalgate lessons learned: If creating a culture of security is the goal, America is screwed
2025-04-25 23:58

Infosec is a team sport … unless you're in the White House Opinion Just when it seems they couldn't be that careless, US officials tasked with defending the nation go and do something else that...

Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member
2025-04-25 22:19

What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE)...

Windows 11's Recall AI is now rolling out on Copilot+ PCs
2025-04-25 21:08

Microsoft has confirmed that Windows Recall is rolling out to everyone with Windows 11 KB5055627 on Copilot+ PCs. [...]

Friday Squid Blogging: Squid Facts on Your Phone
2025-04-25 21:08

Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Windows 11 KB5055627 update released with 30 new changes, fixes
2025-04-25 20:18

​​Microsoft has released the KB5055627 preview cumulative update for Windows 11 24H2 with many new features gradually rolling out, and some new bug fixes for everyone. [...]

Craft CMS RCE exploit chain used in zero-day attacks to steal data
2025-04-25 19:44

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]

More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans
2025-04-25 19:00

GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor's Connect Secure and Pulse Secure...

Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions
2025-04-25 18:00

Where have we heard this before? Feb security update needs its own fix More than one month after complaints starting flying, Microsoft has fixed a Windows bug that caused some Remote Desktop...

M&S stops online orders as 'cyber incident' issues worsen
2025-04-25 16:13

One step forward and one step back as earlier hopes of progress dashed by latest update Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues...