Skip to main content

Cybersecurity

General cybersecurity news and analysis

Inside Europe’s Crash Effort to Build a Drone Wall

Inside Europe’s Crash Effort to Build a Drone Wall

Europe is racing to build a continent-wide drone wall — a web of sensors, shooters and networks meant to stop cheap, weaponized UAVs before they rewrite war and everyday life. But stitching together tech, laws and privacy across borders while adversaries adapt has turned it into a high-stakes, make-or-break experiment.

Analyst 207
A-PNT: Essential for USV Maritime Mission Success

A-PNT: Essential for USV Maritime Mission Success

When GPS goes dark or is spoofed, USVs can’t rely on lookouts — they need Assured PNT. By fusing multi‑GNSS, inertial navigation and real‑time anomaly detection, A‑PNT keeps unmanned vessels safe and mission‑capable in contested seas.

Analyst 207
Spotlight shines on minimalist podium with glowing laptop in empty auditorium.

Upcoming Speaking Engagements: Schedule and Key Takeaways

How do you change a system that amplifies its own noise? Join Bruce Schneier and Nathan E. Sanders on Oct 22–23, 2025 as they turn insights from Rewiring Democracy into practical prescriptions across three public events — a policy talk at Harvard’s Ash Center, a community conversation and book signing at Cambridge Public Library, and a wide-ranging virtual session with Data & Society.

Analyst 207
Trump Administration Expands Social Media Surveillance

Trump Administration Expands Social Media Surveillance

Heads up: the Trump administration is using AI to scan public social media posts by noncitizens and feed algorithmic flags into visa‑revocation decisions. What began as quiet open‑source monitoring has become a high‑stakes tool that can cost people their legal status.

Analyst 207
Report: Staff Burnout Now Top Organizational Threat

Report: Staff Burnout Now Top Organizational Threat

A new Security Magazine–backed report finds burnout—not malware or tech gaps—is now the top security threat, because exhausted teams mean slower detection, more mistakes, and fragile defenses. Leaders must treat workforce resilience as a core security control, not an HR afterthought.

Analyst 207
Dark cityscape with glowing laptop and shattered screens, overlaid with a vast network of interconnected lines resembling a…

Aisuru Botnet Blankets US ISPs in Record DDoS

Imagine a DDoS so huge it’s powered by the smart gadgets in your own living room — the Aisuru botnet corralled compromised IoT devices across AT&T, Comcast and Verizon to unleash nearly 30 trillion bits per second. That surge forced ISPs into an impossible choice—risk network collapse or sever millions of customers—so defenders had to rely on slow, surgical fixes instead of blunt blocks.

Analyst 207
Securing Critical Infrastructure With Limited Funding

Securing Critical Infrastructure With Limited Funding

Budget shortfalls don’t have to mean crippling risk — prioritize high-impact, low-cost defenses like accurate asset inventories, basic OT/IT segmentation, strong access controls, and practiced incident plans to get the biggest security gains per dollar.

Analyst 207
Unified IT, Continuity & Security Make or Break Crisis Response

Unified IT, Continuity & Security Make or Break Crisis Response

When an alarm sounds, fragmented teams and competing playbooks can turn a single incident into a drawn-out crisis — and with fast-moving adversaries and complex cloud and supply chains, partial visibility just won’t cut it. The solution isn’t only better tools; it’s aligning people, processes and decision authority with shared metrics and rehearsed runbooks so responses are fast, coordinated and accountable.

Analyst 207
145,000 Healthcare Records Exposed in Cyberattack

145,000 Healthcare Records Exposed in Cyberattack

About 145,000 patient records — including names, contacts and treatment notes — were left accessible online after a misconfigured cloud database, showing how a small error can expose intimate health details and invite fraud, embarrassment and legal trouble. This isn’t a cinematic hack; it’s a blunt reminder that secure-by-default cloud settings, strong access controls and encryption are essential to protect patient privacy.

Analyst 207
3 Steps to Tighten Security for Cybersecurity Month

3 Steps to Tighten Security for Cybersecurity Month

This Cybersecurity Awareness Month, forget flashy purchases and run a short, disciplined campaign to fix the basics: tighten identity and access controls, prioritize vulnerability management and attack‑surface reduction, and rehearse detection and response — small, focused moves that stop most breaches. Start now and turn playbooks into muscle memory before the next incident.

Analyst 207
5M Auto Insurance Records Exposed, Customers at Risk

5M Auto Insurance Records Exposed, Customers at Risk

What if your car insurance records were sitting unprotected online? For more than 5 million policyholders, that’s exactly what happened when a password-free auto-insurance database exposed names, policy numbers, VINs and claims details — creating prime targets for fraud, identity theft and social-engineering attacks.

Analyst 207
Cyberattack Hits European Airports, Security Leaders Respond

Cyberattack Hits European Airports, Security Leaders Respond

When check‑in screens went dark across multiple European airports, travel suddenly became chaotic and painfully human as staff scrambled to process passengers manually while security teams fought to contain the intrusion. The episode is a wake‑up call: fixing systems is only half the job — real resilience needs preparedness, clear passenger communication and tested recovery plans.

Analyst 207
Cyberattack Hits European Airports; Security Leaders React

Cyberattack Hits European Airports; Security Leaders React

When flight screens go dark and kiosks fail, passengers face chaos and airport teams scramble — recent cyberattacks have exposed how fragile aviation’s digital backbone really is.

Analyst 207
Self-Replicating Worm Compromises 180+ Software Packages

Self-Replicating Worm Compromises 180+ Software Packages

What if the package you just installed quietly handed an attacker your API keys? Researchers found a self‑replicating worm in 187 npm packages that harvests secrets during install, posts them to a public GitHub repo, and uses each new install to spread and pivot into other projects.

Analyst 207
Microsoft Patch Tuesday: September 2025 Critical Fixes

Microsoft Patch Tuesday: September 2025 Critical Fixes

Microsoft’s September 2025 Patch Tuesday fixes over 80 vulnerabilities — including 13 critical RCE and privilege‑escalation bugs — so it’s welcome news, but not a reason to relax. If you manage systems, prioritize internet‑facing services and identity infrastructure, stage updates in test environments, and use automation with rollback plans to avoid surprises.

Analyst 207
Cyberattack Disrupts European Airports, Security Responds

Cyberattack Disrupts European Airports, Security Responds

When airport systems suddenly went dark, travelers faced long lines, missing bags and blank departure boards — a stark, personal reminder that our sprawling mix of legacy hardware and modern cloud services can be painfully fragile. The coordinated cyberattack forced staff into manual triage, sparked cross‑border incident response, and exposed how weak segmentation and uneven patching let a single compromise ripple across an entire hub.

Analyst 207
Microsoft Patch Tuesday September 2025: Critical Fixes

Microsoft Patch Tuesday September 2025: Critical Fixes

Microsofts September Patch Tuesday delivers critical security fixes—install them ASAP to shield your devices from emerging threats and avoid downtime. Read on for a quick, friendly guide to whats fixed, who’s affected, and the simple steps to update safely.

Analyst 207
Self-Replicating Worm Infiltrates 180+ Software Packages

Self-Replicating Worm Infiltrates 180+ Software Packages

The packages you trust might be betraying you: researchers found a self‑replicating worm in 187+ NPM modules that steals developer tokens, posts them publicly, and uses those leaked credentials to replicate—turning routine installs into a spreading infection.

Analyst 207
Microsoft Patch Tuesday: September 2025 Urgent Fixes

Microsoft Patch Tuesday: September 2025 Urgent Fixes

What do you do when the company that ships the operating system for billions posts fixes for more than 80 security holes — including 13 labeled “critical” — yet says…

Analyst 207
18 Popular Code Packages Rigged to Steal Crypto

18 Popular Code Packages Rigged to Steal Crypto

Think your dependencies are safe? Eighteen popular packages were secretly rigged to siphon crypto—here’s how to spot, avoid, and clean up these sneaky supply‑chain attacks.

Analyst 207
cyber risk Must-Have Strategy for Best Business Alignment

cyber risk Must-Have Strategy for Best Business Alignment

Too many security teams track patch counts while executives ask whether revenue and reputation are really protected; aligning risk operations with business priorities turns cyber efforts from checkbox exercises into measurable protection for what matters most. By mapping critical processes, quantifying financial impact, and uniting tech and leadership, organizations can prioritize controls that reduce real risk and keep operations—and customers—running.

Analyst 207
WhatsApp Web automation: Risky Must-Have Threat

WhatsApp Web automation: Risky Must-Have Threat

What looked like handy WhatsApp Web productivity add-ons were actually 131 cloned Chrome extensions hijacked to blast spam across Brazil, reaching about 20,900 users before takedown. Socket’s investigation is a wake-up call—check extension reputations, limit permissions, and treat browser add-ons with the same caution you’d give any app that touches your messages.

Analyst 207
SIM farm Stunning Takedown: Risky Fraud Network

SIM farm Stunning Takedown: Risky Fraud Network

Europol’s Operation SIMCARTEL dismantled a massive SIM farm tied to about 49 million fake accounts, arresting suspects and exposing how cheaply scammers can weaponize phone numbers to automate fraud. The takedown is a wake‑up call to ditch SMS as sole protection and push for stronger, phishing‑resistant authentication across services.

Analyst 207
EtherHiding: Exclusive Risky Crypto Heist Warning

EtherHiding: Exclusive Risky Crypto Heist Warning

What if the blockchain meant to protect your funds became a hiding place for thieves? Google warns North Korea-linked hackers are using EtherHiding—embedding malware in Ethereum transactions—to siphon crypto, forcing defenders to rethink how they detect and stop attacks.

Analyst 207