Latest news as of 7/18/2025, 8:10:51 PM
Graham Cluley
Mark and I took a break for the new year, but we'll be back for a new episode of "The AI Fix" podcast at the usual time next week. In the meantime, here is another chance to hear one of our favourite episodes again. The very first episode from April 2024... Graham attempts to convince Mark that AI doesn't, in fact, exist. We aren't going to spoil it for you, but we can tell you that his theory starts in a bad hotel room in San Francisco, features some Wizard of Oz style sleight of hand by Amazon, and ends with ChatGPT refusing to supply some offensive terms for Gary Barlow.
Dark Reading
The results of Dark Reading's 2024 Strategic Security survey suggest that security teams continue to grapple with the challenges that come with increased cloud adoption such as data visibility and loss of controls. Managing cloud risks will be a focus for security teams in 2025.
The Hacker News
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
The Hacker News
German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.
The Hacker News
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user
The Hacker News
Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said.
The Register
2024's Tech Fail Roll Of Dishonor Happy new year! Tradition says that this is when we boldly look forward to what may happen in the 12 months to come. Do you really want to know that? Didn’t think so.… Opinion
The Hacker News
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence
The Register
Brings the arrest count related to the Snowflake hacks to 3 A US Army soldier has been arrested in Texas after being indicted on two counts of unlawful transfer of confidential phone records information. …
Dark Reading
The fast growing region has its own unique cyber issues — and it needs its own talent to fight them.