82 matches found
AI as Cyberattacker
From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree--using AI not just as an advisor, but to execute the cyberattacks...
Big Tech’s Mixed Response to U.S. Treasury Sanctions
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies ...
Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe
The Irish Data Protection Commission DPC has announced that it has commenced a "Cross-Border statutory inquiry" into Google's foundational artificial intelligence AI model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal dat...
The US Government Is Asking Big Tech to Promise Better Cybersecurity
The Biden administration is asking tech companies to sign a pledge, obtained by WIRED, to improve their digital security, including reduced default password use and improved vulnerability disclosures...
Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases
European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption E2EE. They called on the industry and governments to take urgent action to ensure public safety across social media platforms. "Priva...
Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, ai...
Teenage members of Lapsus$ ransomware gang convicted
A wave of video game developer compromises has come to a court-based conclusion for those responsible, with several convictions the end result. Arion Kurtaj, and a second teen who cannot be named due to their age, are finding themselves to be in quite a lot of trouble after repeated and sustained...
On the Need for an AI Public Option
Artificial intelligence will bring great benefits to all of humanity. But do we really want to entrust this revolutionary technology solely to a small group of US tech companies? Silicon Valley has produced no small number of moral disappointments. Google retired its "dont be evil" pledge before...
Why High Tech Companies Struggle with SaaS Security
It's easy to think high-tech companies have a security advantage over other older, more mature industries. Most are unburdened by 40 years of legacy systems and software. They draw some of the world's youngest, brightest digital natives to their ranks, all of whom consider cybersecurity issues...
Building Trustworthy AI
We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives, and capabilities behind them, too. Imagine youre using an AI chatbot to plan a vacation. Did it suggest a particular resort because i...
Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe
Welcome to this weeks edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the momen...
France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent
France's privacy watchdog has imposed a €60 million $63.88 million fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique...
Uber hacked
Uber informed the public on Thursday it was responding to a cybersecurity incident after somebody breached its network. From what we have been able to find out so far, the attacker managed to compromise an employees access to the chat app Slack. The intruder may also have gained access to the...
North Korean IT Workers Are Infiltrating Tech Companies
Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news...
E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse
The European Commission on Wednesday proposed new regulation that would require tech companies to scan for child sexual abuse material CSAM and grooming behavior, raising worries that it could undermine end-to-end encryption E2EE. To that end, online service providers, including hosting services...
DEA Investigating Breach of Law Enforcement Data Portal
The U.S. Drug Enforcement Administration DEA says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment...
China-linked APT Caught Pilfering Treasure Trove of IP
Researchers from Cybereason’s Nocturnus Team have uncovered a massive, highly successful, three-year-long campaign of intellectual property theft. The perpetrators were likely able to siphon hundreds of gigabytes worth of “sensitive proprietary information from technology and manufacturing...
A week in security (April 25 – May 1)
Last week on Malwarebytes Labs: Why MITRE matters to SMBs Apple’s child safety features are coming to a Messages app near you Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09 Watch out for this SMS phish promising a tax refund Rogue ads phishing for cryptocurrency:...
Hackers fool major tech companies into handing over data of women and minors to abuse
Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had...
Fighting Fake EDRs With ‘Credit Ratings’ for Police
When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests EDRs from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But do...