Cybersecurity
General cybersecurity news and analysis

Inside Europe’s Crash Effort to Build a Drone Wall
Europe is racing to build a continent-wide drone wall — a web of sensors, shooters and networks meant to stop cheap, weaponized UAVs before they rewrite war and everyday life. But stitching together tech, laws and privacy across borders while adversaries adapt has turned it into a high-stakes, make-or-break experiment.

A-PNT: Essential for USV Maritime Mission Success
When GPS goes dark or is spoofed, USVs can’t rely on lookouts — they need Assured PNT. By fusing multi‑GNSS, inertial navigation and real‑time anomaly detection, A‑PNT keeps unmanned vessels safe and mission‑capable in contested seas.

Upcoming Speaking Engagements: Schedule and Key Takeaways
How do you change a system that amplifies its own noise? Join Bruce Schneier and Nathan E. Sanders on Oct 22–23, 2025 as they turn insights from Rewiring Democracy into practical prescriptions across three public events — a policy talk at Harvard’s Ash Center, a community conversation and book signing at Cambridge Public Library, and a wide-ranging virtual session with Data & Society.

Trump Administration Expands Social Media Surveillance
Heads up: the Trump administration is using AI to scan public social media posts by noncitizens and feed algorithmic flags into visa‑revocation decisions. What began as quiet open‑source monitoring has become a high‑stakes tool that can cost people their legal status.

Report: Staff Burnout Now Top Organizational Threat
A new Security Magazine–backed report finds burnout—not malware or tech gaps—is now the top security threat, because exhausted teams mean slower detection, more mistakes, and fragile defenses. Leaders must treat workforce resilience as a core security control, not an HR afterthought.

Aisuru Botnet Blankets US ISPs in Record DDoS
Imagine a DDoS so huge it’s powered by the smart gadgets in your own living room — the Aisuru botnet corralled compromised IoT devices across AT&T, Comcast and Verizon to unleash nearly 30 trillion bits per second. That surge forced ISPs into an impossible choice—risk network collapse or sever millions of customers—so defenders had to rely on slow, surgical fixes instead of blunt blocks.

Securing Critical Infrastructure With Limited Funding
Budget shortfalls don’t have to mean crippling risk — prioritize high-impact, low-cost defenses like accurate asset inventories, basic OT/IT segmentation, strong access controls, and practiced incident plans to get the biggest security gains per dollar.

Unified IT, Continuity & Security Make or Break Crisis Response
When an alarm sounds, fragmented teams and competing playbooks can turn a single incident into a drawn-out crisis — and with fast-moving adversaries and complex cloud and supply chains, partial visibility just won’t cut it. The solution isn’t only better tools; it’s aligning people, processes and decision authority with shared metrics and rehearsed runbooks so responses are fast, coordinated and accountable.

145,000 Healthcare Records Exposed in Cyberattack
About 145,000 patient records — including names, contacts and treatment notes — were left accessible online after a misconfigured cloud database, showing how a small error can expose intimate health details and invite fraud, embarrassment and legal trouble. This isn’t a cinematic hack; it’s a blunt reminder that secure-by-default cloud settings, strong access controls and encryption are essential to protect patient privacy.

3 Steps to Tighten Security for Cybersecurity Month
This Cybersecurity Awareness Month, forget flashy purchases and run a short, disciplined campaign to fix the basics: tighten identity and access controls, prioritize vulnerability management and attack‑surface reduction, and rehearse detection and response — small, focused moves that stop most breaches. Start now and turn playbooks into muscle memory before the next incident.

5M Auto Insurance Records Exposed, Customers at Risk
What if your car insurance records were sitting unprotected online? For more than 5 million policyholders, that’s exactly what happened when a password-free auto-insurance database exposed names, policy numbers, VINs and claims details — creating prime targets for fraud, identity theft and social-engineering attacks.

Cyberattack Hits European Airports, Security Leaders Respond
When check‑in screens went dark across multiple European airports, travel suddenly became chaotic and painfully human as staff scrambled to process passengers manually while security teams fought to contain the intrusion. The episode is a wake‑up call: fixing systems is only half the job — real resilience needs preparedness, clear passenger communication and tested recovery plans.

Cyberattack Hits European Airports; Security Leaders React
When flight screens go dark and kiosks fail, passengers face chaos and airport teams scramble — recent cyberattacks have exposed how fragile aviation’s digital backbone really is.

Self-Replicating Worm Compromises 180+ Software Packages
What if the package you just installed quietly handed an attacker your API keys? Researchers found a self‑replicating worm in 187 npm packages that harvests secrets during install, posts them to a public GitHub repo, and uses each new install to spread and pivot into other projects.

Microsoft Patch Tuesday: September 2025 Critical Fixes
Microsoft’s September 2025 Patch Tuesday fixes over 80 vulnerabilities — including 13 critical RCE and privilege‑escalation bugs — so it’s welcome news, but not a reason to relax. If you manage systems, prioritize internet‑facing services and identity infrastructure, stage updates in test environments, and use automation with rollback plans to avoid surprises.

Cyberattack Disrupts European Airports, Security Responds
When airport systems suddenly went dark, travelers faced long lines, missing bags and blank departure boards — a stark, personal reminder that our sprawling mix of legacy hardware and modern cloud services can be painfully fragile. The coordinated cyberattack forced staff into manual triage, sparked cross‑border incident response, and exposed how weak segmentation and uneven patching let a single compromise ripple across an entire hub.

Microsoft Patch Tuesday September 2025: Critical Fixes
Microsofts September Patch Tuesday delivers critical security fixes—install them ASAP to shield your devices from emerging threats and avoid downtime. Read on for a quick, friendly guide to whats fixed, who’s affected, and the simple steps to update safely.

Self-Replicating Worm Infiltrates 180+ Software Packages
The packages you trust might be betraying you: researchers found a self‑replicating worm in 187+ NPM modules that steals developer tokens, posts them publicly, and uses those leaked credentials to replicate—turning routine installs into a spreading infection.

Microsoft Patch Tuesday: September 2025 Urgent Fixes
What do you do when the company that ships the operating system for billions posts fixes for more than 80 security holes — including 13 labeled “critical” — yet says…

18 Popular Code Packages Rigged to Steal Crypto
Think your dependencies are safe? Eighteen popular packages were secretly rigged to siphon crypto—here’s how to spot, avoid, and clean up these sneaky supply‑chain attacks.

cyber risk Must-Have Strategy for Best Business Alignment
Too many security teams track patch counts while executives ask whether revenue and reputation are really protected; aligning risk operations with business priorities turns cyber efforts from checkbox exercises into measurable protection for what matters most. By mapping critical processes, quantifying financial impact, and uniting tech and leadership, organizations can prioritize controls that reduce real risk and keep operations—and customers—running.

WhatsApp Web automation: Risky Must-Have Threat
What looked like handy WhatsApp Web productivity add-ons were actually 131 cloned Chrome extensions hijacked to blast spam across Brazil, reaching about 20,900 users before takedown. Socket’s investigation is a wake-up call—check extension reputations, limit permissions, and treat browser add-ons with the same caution you’d give any app that touches your messages.

SIM farm Stunning Takedown: Risky Fraud Network
Europol’s Operation SIMCARTEL dismantled a massive SIM farm tied to about 49 million fake accounts, arresting suspects and exposing how cheaply scammers can weaponize phone numbers to automate fraud. The takedown is a wake‑up call to ditch SMS as sole protection and push for stronger, phishing‑resistant authentication across services.

EtherHiding: Exclusive Risky Crypto Heist Warning
What if the blockchain meant to protect your funds became a hiding place for thieves? Google warns North Korea-linked hackers are using EtherHiding—embedding malware in Ethereum transactions—to siphon crypto, forcing defenders to rethink how they detect and stop attacks.