Latest stories — Page 12

This Researcher Is Designing Clothes That Break Facial Recognition Software
A security researcher plans to unveil clothing patterns that confuse the AI systems governments use to track people in public — without their knowledge or consent.

The Automation Nobody Reviewed: How AI-Built Workflows Are Quietly Leaking Enterprise Data
A developer asked an AI to speed up a document approval process. It worked perfectly — and exposed sensitive HR files to hundreds of colleagues. This is happening across businesses right now.

One Researcher, 14 Flaws, Millions of Indians at Risk
A young independent security researcher found gaping holes in Indian government portals — including an admin panel left wide open to the entire internet. The government fixed everything within three weeks.

Chinese Cyber Group Targets Southeast Asian Utilities with New Backdoor
Critical infrastructure providers in Southeast Asia are facing targeted cyber intrusions from a China-linked group using a novel backdoor tool.

Fake Guest Photos Are Handing Hackers Long-Term Access to Hotel Networks
Two separate campaigns are targeting hotel front desks and booking teams with booby-trapped zip files dressed up as guest photographs — and the goal isn't a quick smash-and-grab. It's a quiet, lasting foothold.

A Fake Error Message Hijacked AI Coding Assistants — and Security Tools Saw Nothing
Researchers planted a single bogus bug report in a popular developer service and watched AI coding agents obediently run the attackers' code. No password stolen. No alarm raised.

Before the Crowds Arrive: Why Event Security Has to Start Online
From the FIFA World Cup to America's 250th birthday celebrations, the biggest gatherings of 2025 face threats that begin weeks before the first ticket is scanned — and most of those early warning signs appear on the internet, not at the gate.

AI Assistants Are Inventing Fake Web Addresses — and Criminals Are Buying Them Up
Researchers at Palo Alto Networks found that AI tools routinely make up plausible-sounding website addresses that don't exist. Criminals are registering those addresses before anyone notices — and one already built a full fraud operation using the same AI trick.

How One HR Giant Cut Its Security Bill by $250,000 — by Deleting Data It Never Needed
Vensure Employer Solutions was drowning in its own security logs. An AI-powered clean-up cut costs, halved response times, and proved that more data isn't always safer.

ClickFix: Emerging Favorite for Cybercriminals in Malware Delivery
New research highlights how ClickFix, a social engineering tactic, is dominating the malware delivery landscape across various systems.

IBM and Red Hat Launch $5 Billion Initiative to Secure Open-Source Software
IBM and Red Hat invest heavily in Project Lightwell to address open-source software vulnerabilities revealed by Anthropic's AI.

Phishing Emails Now Study Your Phone Before They Attack You
A new wave of scam emails quietly profiles your device — your operating system, location, and screen size — then delivers malware tailored specifically to your setup.

FortiBleed's Credential Theft Linked to Ransomware Gangs
Researchers reveal FortiBleed's connections to ransomware groups, posing greater risks for affected organizations.

Fake Interpol Arrest Notices Are Delivering Ransomware to Small Businesses
Criminals are impersonating the international police agency to frighten small business owners into downloading malware. The tactic is simple. It's working.

Australians Are Safer Online Than Last Year — Unless They Run a Small Business
A new government survey found cybercrime fell across Australia in 2025, but small business owners are facing more legal and staffing fallout than ever before.

Apple Shifts Security Update Strategy Amid AI-Driven Cyber Threats
Apple now releases security patches more frequently to tackle the growing threats posed by AI-enhanced cyberattacks.

Chinese Spy Group Lures Energy Workers With Fake Australian News Site — Then Steals Everything They Type
A state-linked hacking group spent two months tricking employees at offshore energy companies into visiting a bogus news website that silently recorded their every keystroke.

CISA's New Playbook Nudges Agencies Toward Zero Trust — and Everyone Else Can Read Along
The agency's updated TIC 3.0 guidance folds Secure Access Service Edge into federal network modernisation, and the advice travels well beyond government.

Google Patches Fifth Chrome Zero-Day of 2022 as Hackers Actively Exploit the Flaw
A flaw in how Chrome handles a mobile-linking feature is being weaponised in real attacks. It's the fifth time this year Google has had to rush out an emergency fix for its browser.

US warns Russian spies are still hunting your WhatsApp and Signal accounts
CISA and the FBI say Russian intelligence officers are running fresh phishing campaigns to hijack accounts on messaging apps used by journalists, officials and activists.

CISA Flags Actively Exploited SimpleHelp Flaw, Orders Federal Agencies to Patch Fast
A newly listed authentication bypass in SimpleHelp remote-support software is being used in real attacks, and federal agencies now face a hard deadline to fix it.