Feed aggregator

Chris Krebs has resigned from SentinelOne after security clearance withdrawn and an order to review CISA’s conduct under his leadership.

The post Krebs Exits SentinelOne After Security Clearance Pulled appeared first on SecurityWeek.

Housing experts are bracing for another spike in mortgage interest rates.

If you sometimes feel that the internet isn’t the same vibrant place it used to be, you’re not alone. New research suggests that most of the traffic traversing the network isn’t human at all.

Bots (software programs that interact with web sites) have been ubiquitous for years. But in its 2025 Bad Bot Report, application security company Imperva claimed this is the first time traffic from bots became more prevalent than human traffic.

The rise in bots is down to generative artificial intelligence (AI), Imperva said. This is the same technology that now flirts with people online for you and automatically writes heartfelt consolatory emails on behalf of heartless administrators. This tech has made it easier to create bots that do your bidding online. While some of those bots are benign, not all have your best interests at heart.

The rise of bad bots

Traffic from “bad bots”—those created with malicious intent—first surpassed good bot traffic in 2016, Imperva’s research said, and it’s been getting worse. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic.

Bad bots do all kinds of unpleasant things. An increasing number try to hijack peoples’ online accounts, which they often do by “credential stuffing.” This is where a bot takes a password and email address that has been stolen and leaked online, and then tries those credentials across a myriad of services in the hope that its owner will have reused the password elsewhere.

These account takeover attacks have skyrocketed lately. December 2024 saw around 330,000 such incidents, up from around 190,000 in December 2023. That could be down to a flood of data breaches that flooded the market with more stolen credentials to try, Imperva said.

Other attacks include scraping data from websites, which is a problem for businesses that don’t want their intellectual property stolen, and also for the individuals who own that data.

Cyber criminals use bots to commit payment fraud by exploiting vulnerabilities in checkout systems. There’s also a thriving business in scalping bots that buy everything from event tickets to new sneakers for high-value resale, denying legitimate customers the opportunity to buy these items for themselves.

The report also found bots targeting specific sectors. The travel industry accounted for 27% of bad bot traffic (the highest by industry) in 2024, up from 21% in 2023. These bots pull tricks such as pretending to book airline seats online and abandoning the purchase at the last minute, which skews seat pricing.

Retail was the second hardest-hit industry in 2024, accounting for 15% of bot traffic, followed by education at 11%.

Stealthy bots stay hidden

Bots are also getting better at evading detection. Faking a browser identity (effectively wearing a digital mask that makes them look like Chrome or Firefox) has been a common tactic for years, but now bots are also using other techniques. These include using IP addresses owned by residential users, which are difficult for web site administrators to spot. Bots are also using virtual private networks to cloak their origin.

AI-enabled bots are also getting far better at cracking CAPTCHAs—the tests that help you to pass as a human when accessing a web site. And malicious software developers are now coding bots that learn about the environment they’re up against and change how they approach it to fly under the radar.

Another change is in the method that these bots use to communicate with their targets. Traditionally, bots would often browse a web page directly, interacting with it in the same way that a human would. That’s changing as newer bots communicate directly with the servers running the web application behind the scenes in their own language. They do this using application programming interfaces (APIs), which are communication channels that programs can use to retrieve information from a web application.

As the bots get smarter and more ubiquitous, what can you do? Sadly, fighting bad bots is largely the job of the companies operating the web applications that serve you and use your data. However, there are a couple of things you can do as an individual to protect yourself and the community at large.

• Don’t reuse passwords. Use a different password for every service you use to stop the credential stuffing bots, and make those passwords complex to avoid brute-force attacks. Use a trusted password manager to keep those passwords safe and easily accessible.
• Protect your PC. Install anti-malware software and follow basic cyber hygiene measures. This will help to prevent attackers from compromising your machine and using it for their own online purposes.
• Don’t become a proxy. Attackers might be able to use your IP address as a proxy for their bots if you don’t protect it. Avoid using untrusted VPNs from suspicious sources, as these have been known to sell your IP address on for others to use. Similarly, take a minute to update the hardware on your home router, or ensure that your telecommunications provider does it if the router came from them. Attackers will often compromise vulnerable routers and use them for bot attacks.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Throw a little love your grandmother's way on Mother's Day with these thoughtful gifts.

Apple said these vulnerabilities may've been exploited in sophisticated attacks.

The vulnerabilities are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms.

The post Apple Quashes Two Zero-Days With iOS, MacOS Patches appeared first on SecurityWeek.

Skullcandy and Bose have teamed up to create an affordable pair of impressive sounding earbuds. Here are my early hands-on impressions of the Method 360 ANC after using them for a day.

I'm bracing for a much higher monthly payment. If you're enrolled in SAVE, here's what you should do.

The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.

Movie nights could get a lot more mobile with this compact projector.

Here are hints and the answer for today's Wordle No. 1,398 for April 17.

Hints and answers for the NYT Connections: Sports Edition puzzle, No. 206, for April 17.

Here are hints and answers for the New York Times Strands puzzle No. 410 for April 17.

Hints and answers for Connections for April 17, #676.

Expired US government funding nearly disrupted this global security system. How can we prevent this from happening again in 11 months?

Video chat and meeting platform Zoom has been experiencing outages for many users today.

The fallout from President Donald Trump's sky-high tariffs on China have consumers looking deeper into Chinese shopping platforms, but they still might not be a way around import taxes.