惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
量子位
M
MIT News - Artificial intelligence
Y
Y Combinator Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
雷峰网
雷峰网
I
InfoQ
罗磊的独立博客
博客园 - 聂微东
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
D
Docker
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
博客园 - 三生石上(FineUI控件)
The GitHub Blog
The GitHub Blog
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
S
SegmentFault 最新的问题
T
Threat Research - Cisco Blogs
H
Help Net Security
小众软件
小众软件
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
WordPress大学
WordPress大学
T
Tenable Blog
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - Franky
A
Arctic Wolf
T
Threatpost
Scott Helme
Scott Helme
C
Cybersecurity and Infrastructure Security Agency CISA
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
Security Latest
Security Latest
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
S
Schneier on Security
Latest news
Latest news
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com

The Register - Security

India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat Are we human? MyPillow must decide whether to be firm or soft as ransomware crims demand pay Experts pour cold borscht on Farage's Russian hack claim AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets Techie claims Trump Mobile website was leaking thousands of people's data Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Microsoft open-sources agentic AI safety tools Are we human? America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shai-Hulud copycat worm infects yet another npm package MPs want social media treated more like unsafe toys than harmless apps Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data To gain root access, intruder just had to ask AWS patched Quick auth bypass, says customers weren't using control Disgruntled researcher releases two more Microsoft zero-days Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files US bank reports itself after slinging customer data at 'unauthorized AI app' Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator Best Western Hotels confirms web app data breach Arctic Wolf cuts 250 jobs in AI push 1 in 8 workers say selling company logins is justifiable Iran cyberspies LARPing as ransomware crims in espionage ops UK age-gating plans risk breaking the internet, privacy groups warn India orders infosec red alert in case Mythos sparks crime 'CopyFail' attackers start cashing in on Linux flaw ShinyHunters claims dump puts 119K Vimeo emails in the wild ShinyHunters claims 119K Vimeo emails in the wild Singapore boffins get diverse SIEMs singing in harmony Shadow IT has given way to shadow AI. Enter AI-BOMs AI-BOMs replace SBOMs as way to track AI agents and bots Home Office adds £216M to travel doc contract before bids FBI: China's hacker-for-hire ecosystem 'out of control' UK business breach rate stuck at 43%... blame the phishing What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Chinese spy group caught lurking in Poland, Asia networks Critical cPanel, WHM flaw probs exploited as 0-day, pros say ORNL builds more sensitive GPS interference detector Microsoft patch fell short. New Windows flaw exploited Fooling large language models just keeps getting simpler Wiz hands GitHub AI-aided bug report that isn Don’t pay VECT a ransom - your big files are likely gone Pitney Bowes the latest victim of ShinyHunters’ breach-spree Ongoing supply-chain attack targets security, dev tools Medical and utility tech companies admit digital breakins Cybersecurity professional getting more work and less pay Crime crew impersonates help desk, abuses Teams chats ShinyHunters claim they have cruise giant Carnival’s booty CISA, NCSC issue Firestarter backdoor warning Intel expects AI inference to drive demand for its CPUs Open source models can find bugs as well as Mythos Researchers find sabotage malware that may predate Stuxnet Attackers could disable all of a city's public EV chargers Age checks could turn internet into an ID checkpoint, complains Proton CEO If malware via monitor cables is a matter of national security, this might be the gadget for you France's 'Secure' ID agency probes breach as crooks claim 19M records Scotland Yard can keep using live facial recognition on Londoners, say judges Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Panasonic creates device-locked QR codes to speed facial biometric capture Iran claims US used backdoors to knock out networking equipment during war Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Scot becomes second Scattered Spider-linked crook to plead guilty in US Just like phishing for gullible humans, prompt injecting AIs is here to stay Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Git identity spoof fools Claude into giving bad code the nod McGraw Hill linked to 13.5M-record data leak Microsoft announces product it doesn't want anyone to buy Server-room lock was nothing but a crock Nobody knows how many CVEs Anthropic's Project Glasswing has actually found Autovista blames ransomware for service disruption French cops free mother and son after crypto kidnapping UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents No honor among thieves as 0APT threatens rival ransomware gang Krybit Fake Linux leader using Slack to con devs into giving up their secrets Booking.com warns of possible reservation data exposure NHS pays £46K to prep next Microsoft licensing round China wants AI to prepare school lessons and mark homework Anthropic's Mythos has The Kettle crew curious, skeptical Two different attackers poisoned popular open source tools Hungary officials used weak passwords exposed in breach dump CPUID hijacked to serve malware as HWMonitor downloads Unpacking AI security 2026 from experimentation agentic era Microsoft locks out top open source devs, blames process NHS Scotland-linked domains push pr0n and illegal streams Iran cyber actors disrupting US water, energy facilities, FBI warns Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns AI agents found vulns in this Linux and Unix print server Don't glamorize cybercrims, roast them instead Trump wants to take a battle axe to CISA again and slash $707M from budget
Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide
Jessica Lyon · 2026-04-22 · via The Register - Security

If a cyberattack leads to a death, that's murder. A former FBI cyber division chief urged the US Justice Department to consider felony homicide charges against ransomware actors when attacks on hospitals lead to patient deaths.

In testimony before a US House of Representatives subcommittee hearing, Cynthia Kaiser, former deputy assistant director of the FBI's cyber division, implored lawmakers to "champion" the federal government to use three existing legal authorities to go after ransomware criminals who encrypt healthcare networks and systems. 

"The gap between the severity of these crimes and the consequences that follow needs to close," Kaiser, Halcyon Ransomware Research Center SVP, told lawmakers on Tuesday.

Kaiser called on the US State, Justice, and Treasury departments to evaluate terrorism designations for "ransomware actors [who] knowingly and repeatedly target hospitals."

The gap between the severity of these crimes and the consequences that follow needs to close

She also urged federal prosecutors to evaluate homicide charges when ransomware attacks against healthcare facilities cause patient deaths. "Felony murder law does not require that a defendant pull the trigger, only that they commit a dangerous felony that results in death," Kaiser said, citing a University of Minnesota study that documented at least 47 deaths attributable to hospital ransomware attacks between 2016 and 2021. "That number is almost certainly in the hundreds today," she added.

Additionally, Kaiser begged Congress to fully fund and reauthorize the State and Local Cybersecurity Grant Program, which took a hit during the first year of Trump's second term. The President's 2027 budget proposal would slash CISA spending by an additional $707 million next fiscal year.

"State and local governments are disproportionately targeted by ransomware, and they often lack the resources to defend themselves," Kaiser said in written testimony shared with The Register. "Governments and government services were the fourth most targeted sector in 2025. Cutting this funding would be a gift to ransomware criminals."

Other expert witnesses at the hearing and Democratic lawmakers on the subcommittees also advocated for increased funding for state and local governments - and, in turn CISA, which manages and supports many of the federal government's initiatives to boost state and local security posture.

The Institute for Security and Technology's Chief Strategy Officer Megan Stifel called on Congress to pass a long-term or permanent reauthorization of the information sharing authorities in the Cybersecurity Information Sharing Act of 2015, set to expire (again) on September 30. 

Stifel also told lawmakers that the national security threat posed by ransomware has decreased since IST launched the Ransomware Task Force in 2021.

"However, challenges with cuts to the federal workforce and funding, as well as organizational and people, all threatened to stall all this progress," Stifel said. "The administration's strategic approach risks leaning too heavily on disruption at the expense of shoring up our defenses at home. In fact, for the first time, we've seen material setbacks when it comes to implementing recommendations from the Ransomware Task Force. This committee should continue its bipartisan oversight of the administration to ensure that CISA is able to carry out its mission in the face of significant cuts to its workforce."

CISA lost millions in funding and about a third of its workforce (close to 1,000 people) this year. One of these employees, David Stern, who led CISA's Pre-Ransomware Notification program, resigned in December

"It's a really critical program that currently is not operating," Stifel said. "The program received indications of warning from industry, in many cases supported by the Cybersecurity Information Sharing Act … This program was run by one individual who would receive these tips, and call victims who either already had a threat actor in their networks or were known soon to be targeted by these threat actors, and gave them notice that they were about to become a victim, and work with those victims to mitigate the risk."

Ransomware is occurring today because this administration drove out the expert, the federal employee, who was helping to prevent it to the tune of $9 billion. We are shooting ourselves in the foot

Stern, in this role, sent pre-ransomware notifications to more than 4,300 organizations between late 2022 and late 2025, preventing about $9 billion in economic losses. He spent more than a decade at CISA before being pushed out late last year.

"Nine billion dollars in damages that initiative prevented, in large part because of the work - I'll use the term Director Vought likes to use - of one bureaucrat," US Rep. James R. Walkinshaw (D-VA) said. 

He's referring to the US Office of Management and Budget Director Russell Vought, who famously planned the Trump administration's scorched-earth policy on federal employees: "When they wake up in the morning, we want them to not want to go to work, because they are increasingly viewed as the villains. We want their funding to be shut down…We want to put them in trauma."

Walkinshaw said Vought's plan succeeded in making Stern (and others) "not want to go to work, because he left and that program is no longer functioning. Ransomware is occurring today because this administration drove out the expert, the federal employee, who was helping to prevent it to the tune of $9 billion. We are shooting ourselves in the foot." ®