Latest stories — Page 2

Security Debt Is Growing Faster Than Companies Can Fix It. Here Is What That Means.
Eight in ten organisations are sitting on a backlog of unresolved security flaws that stretch back more than a year. A practical framework, first outlined in CSO Online, explains how to turn that problem into a board-level conversation.

Microsoft Exposes GigaWiper, a New Malware That Spies on Victims Before Destroying Them
A newly discovered backdoor called GigaWiper quietly watches infected computers for months, then wipes or encrypts everything on command, with no way to recover the data.

HalluSquatting: How AI Hallucinations Are Being Turned Into a Doorway for Malware
Security researchers have found a way to turn a known quirk of AI chatbots into a method for delivering malicious software directly to developers' computers, without hacking the AI itself.

Ransomware Negotiator Turned Attacker Gets Nearly Six Years for BlackCat Extortion Scheme
Angelo Martino, a former DigitalMint employee, was paid to help victims recover from ransomware. Instead he ran the attacks himself, leaking insurance details to squeeze bigger payouts.

Over 200 Fake GitHub Repositories Caught Secretly Installing Windows Malware
A criminal operation called Muck and Load built a web of 222 phoney code repositories to trick software developers into downloading password-stealing programs, spyware, and cryptominers.

AI Is a Force Multiplier for Defenders and Attackers Both, Says Check Point CTO
Jonathan Zanger says every AI platform his team examined over the past year had serious security flaws. The fix is not to avoid AI. It is to build security in from the start.

Storage Wars Star Darrell Sheets Died by Suicide After Leaving Note About Cyberbully, Police Report Says
A police incident report from Lake Havasu City names cyberbullying as a factor in the death of the reality TV star, raising questions about how online harassment translates into real-world harm.

Ghanaian Influencer Extradited to US Over $8 Million Romance Scam Targeting Elderly Americans
Frederick Kumi, known online as Abu Trica, allegedly used AI-generated fake identities to defraud older Americans out of more than $8 million. His extradition is now the subject of a constitutional dispute in Ghana.

Scammers Sent AI Fake Photos of a Missing Man to His Parents and Demanded $6,000
Criminals used a social media plea about a missing autistic man to generate a fake image of him and threaten his family. It is a preview of where AI-powered extortion is heading.

GhostApproval: Six AI Coding Tools Were Tricking Developers Into Approving Dangerous Actions
A new attack pattern shows that the 'human approval' step built into AI coding assistants can be fed false information by the very tool it is supposed to oversee.

OpenMandriva Linux Says Angry Contributor Wiped Years of Work
A developer with admin keys deleted repositories and pushed a package that could have broken user systems, after a dispute over the project's direction.

Your AI Coding Bots Are Running Unsupervised and Nobody Knows What They Did Last Night
AI agents inside software development teams can write, test, and deploy code on their own, often with no human checking what they did. Most companies have no way to answer a simple question: who authorised that change?

Your Business Is Not Too Small to Be an Iranian Hacker's Next Target
Groups linked to Iran's intelligence services are not hand-picking victims. They are scanning the internet for any door left unlocked, and a GPS company and a medical-device maker have already paid the price.

Poisoned Injective SDK on npm quietly stole crypto wallet keys for hours
A hijacked contributor account on GitHub pushed a booby-trapped version of a popular blockchain toolkit, siphoning seed phrases from any developer who ran the wrong function.

Microsoft Pulls Apart 'GigaWiper', a Windows Backdoor That's Really Three Old Wreckers in a Trench Coat
The malware lets its operator pick how to trash a machine: wipe the disk, kill the Windows drive, or fake a ransomware attack with a key that's thrown away.

Old, Silent GitHub Accounts Are Being Used to Quietly Map Companies
Datadog Security Labs says several overlapping scraping campaigns are cataloguing corporate GitHub organisations using dormant 'ghost' accounts and stolen tokens.

Helix: the new extortion crew phoning staff to raid SharePoint files
Researchers at ReliaQuest say the group impersonates managers on the phone, tricks staff into a login trap, then hoovers up company documents from Microsoft SharePoint.

Microsoft says AI is finding so many Windows bugs, expect bigger Patch Tuesdays
The company is using multiple AI models to hunt vulnerabilities in Windows code, and warns customers will see more fixes each month as a result.

npm 12 Turns Off Auto-Run Install Scripts to Blunt Supply Chain Attacks
GitHub's package manager for JavaScript now ships with a safer default, and it retires a token type that let developers skip two-factor login.

The Boring Breaches: How Small Config Mistakes Keep Owning Big Companies
This week's roundup of incidents has a common thread: not clever attacks, just loose settings, reused names, and untouched defaults doing enormous damage.

Your Business Is Already a Wartime Target. Here Is What to Do About It.
Nation-states attacking private companies is not a future risk. It happened at scale in 2017 and the conditions that made it possible have only grown more complicated since.