VOOZH

URL: https://www.theregister.com/security

⇱ Security news | The Register

Jump to main content

Security news | The Register

REG AD

SECURITY

Latest news and insight on information security and IT defenses

Massive password-stealing attack hits 75k Fortinet firewalls

Why are you even reading this?! Rotate your passwords!!

Cisco adds another SD-WAN box to max-severity bug advisory

Updated at the time? No sweat. Check those logs, though

Homebrew 6.0 released with new security mechanism, Linux sandbox and more

Homebrew was "less vulnerable 10 years ago than npm is today," project lead tells us

Helpdesk scammers are making house calls to make their lies feel more real

15-year-old among six arrested after Dutch cops target suspected bank fraud call center

REG AD

Cyberattack sees crops kept in the ground

Bitter harvest for Australia's Mackay Sugar, attacked in peak cane crushing season

Python dev saved from disaster by intuition... and AI

I'm sorry, Dave. I can't install that repo that will totally hose your system

Three critical Fortinet sandbox bugs splattered by unknown attackers

All have patches, so make sure you upgrade to a fixed version

Crooks found a new way to collaborate using Teams – by hiding command-and-control traffic

Custom malware routed communications through legitimate Microsoft services, making malicious activity look like routine corporate collaboration

Cardiac monitor maker's security skips a beat as data thieves go for the jugular

Attackers used social engineering to access third-party business apps and steal patient information

Scammers keep scoring: Brits fleeced for £1.3B as Americans lose $3.5B to impersonators

More reasons to love social media and AI

Cisco SD-WAN make-me-root bug under attack

Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month

Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher

According to the one person who actually read the research paper

REG AD

Council of Europe hacked in ShinyHunters' PeopleSoft heist

Joins the ranks of Nottingham Uni and 100 other unnamed victims

Feds snooze as US datacenter law set to lapse with no replacement in site

Federal Data Center Enhancement Act (FDCEA) of 2023 covers standards including security and sustainability

Microsoft site throwing warnings after someone forgot to renew cert

Connectivity checker trips browser alarms thanks to lapsed security paperwork

PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data

Google says the intruders were on the hunt for everything from drone tech to pathogens

Arch Linux locks down AUR signups amid wave of malicious commits

Community repo freezes new accounts after attackers swamp it with poisoned package updates

AI is code – and can't be prompted into being smarter

From Java tests to Shai-Hulud, bots keep proving they'll swallow anything you feed them

NanoClaw now armed with JFrog for safer packages

AI agents can't be trusted, so don't give them dangerous powers

Fired IT worker jailed for 21 months after sabotaging old school district

Iowan’s scheme undone after misplacing trust in former coworker

Novo Nordisk reports cyberattack as UK gives Wegovy pill the nod

Clinical trial participant data stolen, but pharma giant says exposed records were pseudonymized

Microsoft has mostly repaired flaw in Surface hardware that allowed unprotected devices to be bricked by a single packet

And it was Microsoft Copilot that unwittingly revealed the longstanding vulnerability

Google fires sueball at alleged Chinese phishers over AI-powered fraud ops

Telegram-based 'Outsider Enterprise' accused of sending millions of scam texts and impersonating trusted brands

Plymouth council exposes hundreds in latest local government email gaffe

Authority admits mass message to home-schooling families revealed recipients' addresses, prompting ICO report and apology

UK digital ID gets brain trust to 'challenge' ministers on policy

CEO of Mumsnet among the six-member team

BOFH: For one ambitious security type, chaos is a ladder

Mission Control sends its regards

ShinyHunters hacked 100+ orgs by exploiting an Oracle PeopleSoft 0-day

University of Nottingham is first of many, Shiny tells The Reg

Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day

Another day, another Windows exploit code

VRChat says somebody faked a breach notice with the Maine AG's office

'We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed.'

Malware scare keeps schoolkids home for a second day

Great Marlow restricts network access while it investigates suspected infection

REG AD

Nottingham Uni says student records raided after ShinyHunters claims cyberattack

Crooks claim 40 GB haul as breach database pegs number of exposed email addresses at 455K

Every employee’s password was stored in a single Excel file

The CEO thought this was the best way to deal with some email issues

Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate

PRC eyes are watching you

Angry bug hunter with Microsoft beef drops new Windows 0-day

Revenge is a dish best served code

GitHub pulls pin on npm's auto-run scripts

Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors

Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9

Remote, unauthenticated RCE with root privileges is about as bad as it gets

REG AD

AI is making Patch Tuesday (kinda) fun again

Unless you're an admin or vulnerability manager – then you're totally screwed

Miasma worms its way onto GitHub as attack kit goes open source

As if there weren't enough package poisonings to worry about

Apple’s iOS 27 goes all agentic on compromised passwords, promises to change them with one tap

iBiz might not win the AI race, but analysts say it's focusing on features people may actually use

Signal says UK plan to scan devices for nude images 'endangers us all'

Encrypted messaging app warns device-level checks could be repurposed for censorship

Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year

Google paid researcher a tidy $55K bounty for its discovery

France probes compromise of gov messaging platform after account hijack

Authorities say the breach only exposed public chat rooms, but alleged attacker claims to have accessed far more data

Qilin NHS breach tally grows as Essex trust confirms stolen records

Two years on from ransomware attack, hospitals are still trying to identify and warn patients

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

When an unsolicited job offer sounds too good to be true …

Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix

Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7

Ransomware sends Illinois high school on an early summer vacation

Meanwhile, 13 schools in Wales affected by separate attack

GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections

Miasma worm shapeshifts, but cloud secret-scouting remains the goal

NSO Group back in Meta's crosshairs after alleged WhatsApp targeting

Zuckercorp says surveillance-for-hire vendor was still running phishing operations after federal court told it to knock it off

UK boffin bait lands 18 international researchers

Global Talent visa program aims to draw in dissatisfied scientists from countries including the US

Oxford Uni student data pwned yet again - this time via career platform breach

Totally different attack from the break-in last month. Oh so that's OK then

REG AD

If you don't fall for these extortionists' calls, they'll show up with USB sticks

When 'Chatty Spider' morphs into tech services cosplay spider

Yet another Cisco SD-WAN 0-day under attack, and no patch in sight

Good luck, sys admins

World Food Programme breach exposes data of 600k vulnerable Gazan families

Those receiving aid in the famine-threatened, war-torn territory told support will remain

Council in UK's City of York outs hundreds of disabled residents with a single email blunder

Blue Badge holders exposed to each other after BCC function proves too complex

Pink is the latest goon squad to use fake helpdesk calls to steal creds

A familiar tactic popularized by chaotic crime crew Lapsus$

OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds

Codex drops an HTTP/2 Bomb

Five Eyes: Watch out for odd LinkedIn connection requests, China's back on the hunt for state secrets

Cash-for-intel tradecraft continues to concern intelligence officials years after it was first spotted

Duo who sold car crash victims' data must repay £118k

Fresh penalties secured after initial prison, community service sentences for RAC double act

Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine

'Attackers can now cheaply operationalize known vulnerabilities at scale,' boffins tell The Reg

All the passwords were stored in Active Directory description fields

It was far too easy for a hacker to get the information

Commvault says it's time to rethink resiliency as AI crooks leave victims in a 'dark, dead' state

Those backup plans need backup testing

Bend the beam like Beckham to defeat anti-jamming tech

It's hard to stop a signal jammer if you can't locate the source, say Rice University researchers

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks

UK banks offered access to OpenAI’s GPT-5.5 amid exclusion from Anthropic’s Glasswing expansion

150 new organizations inducted to cyber’s Soho House, including the first outside the US

'Dumbass' criminal breaks the 'first rule of ransomware club'

You don't infect anyone in Russia or other CIS countries

Cisco sings Mythos' praises - but doesn't say how many bugs the model uncovered

Meanwhile, Anthropic adds 150 partners to Project Glasswing

Russian spy agency says foreign spies turned officials' smartphones into surveillance devices

FSB claims large-scale snoop op compromised phones of senior officials, but gives no technical evidence to back allegations

Microsoft reaches for olive branch after public dustup with 0-day researcher

Following days of criticism from the security community, Redmond dials back rhetoric, insists vulnerability hunters not in its legal crosshairs

Claude celebrates Anthropic's stock market float with blockbuster ... outage

Chatbot has no respect for timing of its maker's financial announcement

Northern Ireland cops issue PSA after official phone number spoofed by scammers

If you’re going to impersonate an officer, perhaps choose a more sophisticated way to nick cash than asking for gift cards…