Pulse of Truth

Security by Design or Be Fined, Committee SuggestsA U.K. parliamentary committee is recommending a new statute forcing software publishers to hew to secure-by-design principles or else face financial penalties. The committee called for "enforcement agencies" empowered to levy fines to monitor industry for compliance.

Tor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). [...]

While most organizations address cybersecurity issues with technology and surveillance, Emmanuel Anti's research argues that empathy may be a more effective defense. His doctoral dissertation at the University of Vaasa explores insider deviance, and how understanding the human elements related to it can lead to stronger, more sustainable cybersecurity practices.

JSON Code 'Beautifiers' Expose Sensitive Data From Banks, Government AgenciesAt what price beauty? Apparently, some developers will paste anything into "JSON beautify" sites, from researchers report recovering authentication keys, database credentials, personally identifiable information for banking customers and much more.

Months after China-linked spies burrowed into US networks, regulator tears up its own response The Federal Communications Commission (FCC) has scrapped a set of telecom cybersecurity rules introduced after the Salt Typhoon espionage campaign, reversing course on measures designed to stop state-backed snoops from slipping back into America's networks.…

Major insurers including AIG, Great American, and WR Berkley are asking U.S. regulators for permission to exclude AI-related liabilities from corporate policies. One underwriter describes the AI models’ outputs to the FT as "too much of a black box."

Security leaders depend on vulnerability data to guide decisions, but the system supplying that data is struggling. An analysis from Sonatype shows that core vulnerability indexes no longer deliver the consistency or speed needed for the current software environment. A system that no longer keeps pace The CVE program still serves as the industry’s naming backbone, and the NVD remains a primary source for severity ratings. These tools were built for an era of slower … More → The post What happens when vulnerability scores fall apart? appeared first on Help Net Security.

The hack of a technology vendor for real estate financiers left major American banks and mortgage lenders working Sunday to assess whether they were affected by the data breach.

Iberia warns customers of a supplier-related data breach as a threat actor claims to hold 77GB of stolen airline data. Iberia is warning customers about a data breach after a third-party supplier was hacked by a threat actor who claims to have stolen 77 GB of airline data. Iberia is the flag carrier airline of […]

It's Michael Clayton meets RoboCop (allegedly!)

Comments

A new Gmail update may allow Google to use your private messages and attachments for AI training. Here's how to turn it off.

Further proof has arrived that the ROI on AI is essentially non-existent.

American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with unnamed threat actors. [...]

This report examines how employment and recruitment function on the dark web, based on over 2,000 job-related posts collected from shadow forums between January 2023 and June 2025.

Samsung is under fire again for shipping phones in parts of the world with a hidden system app, AppCloud, that users can’t easily remove.

We're moving closer to digital IDs.

"I worry this is the big botnet flexing," CEO said. But outage was self-inflicted.

A global group of researchers was unable to read the vote tally, after an official lost one of three secret code keys needed to unlock a hyper-secure election system.

In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.

A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. [...]

Company 'clearly delighted' with the outcome The US Securities and Exchange Commission (SEC) has abandoned the lawsuit it pursued against SolarWinds and its chief infosec officer for misleading investors about security practices that led to the 2020 SUNBURST attack.…

A billion-dollar money laundering network active in the UK funnelled money, including the profits of ransomware attacks, into its own bank to circumvent sanctions on Russia and help fund its attacks on Ukraine