Cyber News & Articles

The UK Information Commissioner’s Office (ICO) has levied a fine of £200,000 against a sole trader who sent almost one million spam text messages to people across the country – many of whom were already struggling with debt.

Read more in my article on the Hot for Security blog.

Can data leaks do real harm? Yes, they can. And so can a failure to respond appropriately.

A severe vulnerability disclosed in Chromium’s Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds.
Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash.
“It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed,” Pino said in a

Security doesn’t fail at the point of breach. It fails at the point of impact. 
That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It’s about proof.
When a new exploit drops, scanners scour the internet in minutes. Once attackers gain a foothold,

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering.
This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers’ machines.
The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first

If you live in the UK/EU/Canada/Hong Kong, LinkedIn has given you until Monday to stop AI from training on your profile. You have to opt-out if you don’t want this to happen to your data.

Take action now, and tell your friends.

Read more in my article on the Hot for Security blog.

Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table.

Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details of Formula 1 megastars.

All this and more is discussed in episode 441 of “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Danny Palmer.

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi.
“These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks,” the Qualys Threat Research Unit (TRU) said in a report

Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks.
In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT and Perplexity. The technique has been