Hacking group claims it breached Novo Nordisk and demanded $25m
Hacking group claims it breached Novo Nordisk and demanded $25m

A cyber-extortion group calling itself FulcrumSec said on Monday that it had stolen roughly 1.3 terabytes of data from Novo Nordisk, the Danish maker of the weight-loss drugs Wegovy and Ozempic, and had demanded $25 million to keep it private. Novo Nor…

A new Android trojan called Rokarolla targets 217 banking apps and can steal your PIN, SMS codes, and crypto wallet funds
A new Android trojan called Rokarolla targets 217 banking apps and can steal your PIN, SMS codes, and crypto wallet funds

Security researchers at Zimperium’s zLabs have documented a new Android banking trojan that targets 217 banking and cryptocurrency applications and carries 137 remote commands, giving an operator near-total control of an infected phone. The malware, wh…

Attackers hijacked over 1,500 Arch Linux packages to steal developers’ secrets, no hacking required
Attackers hijacked over 1,500 Arch Linux packages to steal developers’ secrets, no hacking required

One of the largest open-source package repositories just spent a weekend cleaning up after a malware campaign that did not break into anything. It did not need to. Attackers seized control of more than 1,500 packages in the Arch User Repository, or AUR…

SailPoint plans to buy Entro to pour non-human identities into its “Agentic Fabric”
SailPoint plans to buy Entro to pour non-human identities into its “Agentic Fabric”

The race to secure non-human identities just produced its second deal of the day. SailPoint, the Austin-based identity-security giant, said it plans to buy Entro, a Tel Aviv startup that finds and protects the credentials, keys and machine accounts tha…

1Password acquires Apono to govern what AI agents can do once they’re inside
1Password acquires Apono to govern what AI agents can do once they’re inside

1Password is buying its way into the agentic enterprise. The Toronto identity-security company said on Monday it has acquired Apono, an Israeli startup that decides, in real time, what every human, machine and AI agent is allowed to touch inside a comp…

SoftBank and OpenAI launch “Patching as a Service” to defend Japan’s critical infrastructure
SoftBank and OpenAI launch “Patching as a Service” to defend Japan’s critical infrastructure

SoftBank and OpenAI are moving into cyber defence. The two said on Tuesday they are launching “Patching as a Service,” a security product built on OpenAI’s technology, to shield the companies behind Japan’s critical infrastructure from a rising wave of…

Canada wants to stop companies from using your data to charge you more, but the details are still missing
Canada wants to stop companies from using your data to charge you more, but the details are still missing

The Canadian government introduced legislation on Monday to overhaul the country’s private-sector privacy laws, including new restrictions on businesses that use personal data to charge individual consumers higher prices. Bill C-36, the Protecting Priv…

A built-in Google Workspace feature became a Chinese espionage group’s favourite exfiltration tool
A built-in Google Workspace feature became a Chinese espionage group’s favourite exfiltration tool

A China-linked espionage group spent more than a year inside North American medical, academic, and military research networks, stealing sensitive data and defence email. The attackers got in through a backdoor on REDCap research servers. The exfiltrati…

100 cybersecurity experts say banning Fable 5 hurts defenders more than hackers
100 cybersecurity experts say banning Fable 5 hurts defenders more than hackers

Three days after the US government ordered Anthropic to shut down Fable 5 and Mythos 5, roughly 100 of the world’s most prominent cybersecurity professionals have published an open letter demanding the ban be reversed. Their argument is blunt: pulling …

Your Ryzen CPU used to encrypt your RAM. A firmware update silently turned that off.
Your Ryzen CPU used to encrypt your RAM. A firmware update silently turned that off.

AMD has silently disabled a security feature on its consumer Ryzen processors that protected users against physical attacks on their computer’s memory. The feature, Transparent Secure Memory Encryption, encrypts all data stored in RAM using a hardware-…