Mathew Schwartz

Thai police have arrested four suspected members of the 8Base ransomware-wielding gang, which authorities say has extorted $16 million in ransom payments through

Ransomware may still be raking in massive cryptocurrency profits for practitioners, but 2024 turned out to be less of a banner year than predicted, with blockchain

The slice of organizations opting to pay extortion after being hit by ransomware dropped to an all-time low of 25%. Underpinning the drip is a combination of better defenses, improved business resilience as well as organizations simply deciding to not pay criminals.

The total amount of annual fines imposed by European privacy regulators fell in 2024 for the first time since the EU's pioneering data protection law came into

With the pace of global change so often creating a sense of accelerating chaos, it's easy to view cyber defenders as firefighters constantly on call. But Black Hat

It's an old story: Criminals rake in profits by using digital "e-skimming" software, running scam e-commerce sites and selling stolen payment card data.

Educational software-maker PowerSchool faces over 20 lawsuits seeking class-action status, filed in the wake of a massive data breach involving current and former

While ransomware groups' data-leak sites regularly lie, if taken at face value, in December 2024 they collectively listed the largest number of victims ever seen in

Banning ransom payments by public sector and critical infrastructure entities, notifying the government of any intent to pay a ransom, and reporting incidents to authorities comprise three counter-ransomware initiatives proposed by the British government. Which ones will pass muster?

Banning ransom payments by public sector and critical infrastructure entities, notifying the government of any intent to pay a ransom, and reporting incidents to authorities comprise three counter-ransomware initiatives proposed by the British government. Which ones will pass muster?

Microsoft filed a lawsuit targeting a cybercrime service used to generate "thousands of harmful images" by subverting the guardrails built into its Azure

How many servers are infected by web shells designed to give attackers remote access to systems, but now "phone home" to malicious infrastructure that's now abandoned or expired? Security researchers who posed that question have counted 4,000 such systems, including in government and education.

The nine known victims of a "broad and significant cyberespionage campaign" the White House has tied to China reportedly include Charter Communications,

A supply chain attack that subverted legitimate Google Chrome browser extensions to inject data-stealing malware is more widespread than security researchers first

What a year 2024 has been on the cybersecurity front, showing that data breaches aren't in decline, and how attackers will exploit built-in backdoors, when they

Substance abuse treatment company American Addiction Centers is warning nearly half a million patients that ransomware-wielding attackers stole their personal

Multiple Chrome browser extensions have been hacked, allowing attackers to steal the data they handle, security experts have warned. Subverted extensions include a

Hackers tied to North Korea's cash-strapped totalitarian dictatorship this year stole a record amount of cryptocurrency, totaling $1.34 billion across 47 incidents,

As the end of the year approaches, it's out with the old and in with the new as researchers report that Rockstar 2FA, which once facilitated prolific

More than 1,000 Cleo managed file-transfer hosts remain internet-exposed and unpatched, despite warnings of a mass attack targeting critical vulnerabilities in the