UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies Fancy Bear can't keep its claws out of Outlook inboxes Cyber-crime20 Jul 2025 | 10
Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days Interview Keep It Simple, Stupid Cyber-crime19 Jul 2025 | 5
As companies race to add AI, terms of service changes are going to freak a lot of people out Analysis WeTransfer added the magic words 'machine learning' to its ToS and users reacted predictably SaaS18 Jul 2025 | 65
Google sues 25 alleged BadBox 2.0 botnet operators, all of whom are in China Ads giant complains of damage to its reputation and finances ... and crime, too Cyber-crime17 Jul 2025 | 8
Watch out, another max-severity, make-me-root Cisco bug on the loose Updated Three perfect 10s in the last month - ISE, ISE, baby Patches17 Jul 2025 | 16
Quantum code breaking? You'd get further with an 8-bit computer, an abacus, and a dog Computer scientist Peter Gutmann tells The Reg why it's 'bollocks' Research17 Jul 2025 | 91
Microsoft offers vintage Exchange and Skype server users six more months of security updates It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing Patches17 Jul 2025 | 11
Ukrainian hackers claim to have destroyed major Russian drone maker's entire network 'Deeply penetrated' Gaskar 'to the very tonsils of demilitarization' Security16 Jul 2025 | 106
Operation Eastwood shutters 100+ servers used to DDoS websites supporting Ukraine Two Russian suspects in cuffs, seven warrants out Cyber-crime16 Jul 2025 | 13
Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit Updated Someone's OVERSTEPing the mark Research16 Jul 2025 | 3
Retailer Co-op: Attackers snatched all 6.5M member records Supermarket announces white hat education scheme as four suspects released on bail Cyber-crime16 Jul 2025 | 28
Turbulence at Air Serbia, the latest airline under cyber siege Exclusive Attack enters day 11 and still no public disclosure of what insider claims to be 'deep breach' of Active Directory Cyber-crime16 Jul 2025 |
Security shop Adarma ceases trading, confirms it will enter administration Former staffers of struggling UK biz say they don’t expect to be paid for July Security16 Jul 2025 | 1
Curl creator mulls nixing bug bounty awards to stop AI slop Maintainers struggle to handle growing flow of low-quality bug reports written by bots AI + ML15 Jul 2025 | 21
Ex-US soldier who Googled 'can hacking be treason' pleads guilty to extortion File this one under what not to search if you've committed a crime Cyber-crime15 Jul 2025 | 17
Britain's billion-pound F-35s not quite ready for, well, anything Stealth jets can't fight, can't fly much, and can't shoot UK missiles, says NAO Security15 Jul 2025 | 182
Someone hijacked Elmo's X account to post antisemitic rants Anyone investigated Grok? Just sayin'… Cyber-crime14 Jul 2025 | 21
Nvidia A6000 GPUs flip memory bits if beaten by GPUHammer Rowhammer returns for more memory-meddling fun Research14 Jul 2025 | 4
A software-defined radio can derail a US train by slamming the brakes on remotely Updated Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there Security14 Jul 2025 | 74
GPS on the fritz? Britain and France plot a backup plan Cross-Channel pact aims to bolster navigation and timing tech as satellite signals face growing jamming threats Networks14 Jul 2025 | 70
Google’s Gemini refuses to play Chess against the mighty Atari 2600 after realizing it can't match ancient console Warned that ChatGPT and Copilot had already lost, it stopped boasting and packed up its pawns
PUTTY.ORG nothing to do with PuTTY – and now it's spouting pandemic piffle Linking can be helpful – but not always… while disinformation can spread like a virus
Open, free, and completely ignored: The strange afterlife of Symbian It did get sourced, but nobody cared
VMware reboots its partner program again – and it looks like smaller players are out Exclusive Second major change in 18 months will be most unwelcome for many - as will critical flaws announced today
Nearly 3 out of 4 Oracle Java users say they've been audited in the past 3 years Big Red’s changes to Java licensing also inspire exodus to open source
Quantum code breaking? You'd get further with an 8-bit computer, an abacus, and a dog Computer scientist Peter Gutmann tells The Reg why it's 'bollocks'
A software-defined radio can derail a US train by slamming the brakes on remotely Updated Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there
Britain's billion-pound F-35s not quite ready for, well, anything Stealth jets can't fight, can't fly much, and can't shoot UK missiles, says NAO
Junior developer's code worked in tests, destroyed data in production Who, Me? For the lack of a little documentation, two techies did a lot of accidental damage
Ukrainian hackers claim to have destroyed major Russian drone maker's entire network 'Deeply penetrated' Gaskar 'to the very tonsils of demilitarization'
UK's NCA disputes claim it's nearly three times less efficient than the FBI Report on serious organized crime fails to account for differences, agency says Cyber-crime14 Jul 2025 | 28
Iran seeks at least three cloud providers to power its government Despite loathing the USA, Iran wants providers who match NIST’s definition of cloud computing Public Sector14 Jul 2025 | 9
Nvidia warns its GPUs – even Blackwells – need protection against Rowhammer attacks Infosec In Brief PLUS: Bluetooth mess leaves cars exposed; Bitcoin ATMs attacked; Deepfakers imitate US secretary of state Marco Rubio; and more Security13 Jul 2025 | 7
You have a fake North Korean IT worker problem – here's how to stop it Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another Cyber-crime13 Jul 2025 | 114
CVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warn Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal Patches11 Jul 2025 | 12
UK Online Safety Act 'not up to scratch' on misinformation, warn MPs Last summer's riots show how some content can be harmful but not illegal Cyber-crime11 Jul 2025 | 77
Security company hired a used car salesman to build a website, and it didn't end well On Call First came the dodgy lawyer, then the explosively angry HR person, leaving a whistleblower techie to save his career Security11 Jul 2025 | 93
French cops cuff Russian pro basketball player on ransomware charges 'He's useless with computers and can't even install an application' says lawyer Cyber-crime11 Jul 2025 | 15
Chinese censorship-busters claim Tencent is trying to kill its WeChat archive UPDATED Alleges Singaporean infosec outfit sent feeble legal demands to hosting company, which caved Security11 Jul 2025 | 5
Lovestruck US Air Force worker admits leaking secrets on dating app Oh my sweet secret informant lover, what happened in that NATO meeting today? Security10 Jul 2025 | 34
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit Updated Add CISA to the list Patches10 Jul 2025 | 3
Ex-ASML engineer who stole chip tech for Russia gets three years in Dutch prison 'Whether those files were allowed to go to Russia? I didn't ask' Cyber-crime10 Jul 2025 | 5
Russia, hotbed of cybercrime, says nyet to ethical hacking bill Politicians uneasy over potential impact on national security, local reports say Security10 Jul 2025 | 4
NCA arrests four in connection with UK retail ransomware attacks Crime-fighting agency cagey on details, probes into intrusions at M&S, Harrods, and Co-op continue Cyber-crime10 Jul 2025 | 16
Sovereign-ish: Google Cloud keeps AI data in UK, but not the support Processing and storage for Gemini 2.5 Flash to stay in Blighty AI + ML10 Jul 2025 | 6
Review: How Passwork 7 helps tame business passwords A simple interface and new roles-based capabilities make this venerable password manager an attractive proposition Sponsored feature
At last, a use case for AI agents with sky-high ROI: Stealing crypto Boffins outsmart smart contracts with evil automation AI + ML10 Jul 2025 | 14
How to trick ChatGPT into revealing Windows keys? I give up No, really, those are the magic words Research09 Jul 2025 | 101
US sanctions alleged North Korean IT sweatshop leader Turns out outsourcing coders to bankroll Kim’s nukes doesn’t jibe with Uncle Sam Cyber-crime09 Jul 2025 | 4
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs Low-severity bugs but infosec pros claim they are a 'critical' overall threat – patch accordingly Security09 Jul 2025 | 27
The cloud-native imperative for effective cyber resilience Modern threats demand modern defenses. Cloud-native is the new baseline Partner content
Reframing investments in security as investments in the business A little skill in business communication can help get the board on board Partner content
Qantas begins telling some customers that mystery attackers have their home address Plus: Confirms less serious data points like meal preferences also leaked Cyber-crime09 Jul 2025 | 13
Ingram Micro restarts orders – for some – following ransomware attack Customers say things are still far from perfect as lengthy support queues hamper business dealings Cyber-crime09 Jul 2025 | 1
Privacy campaigners pour cold water on London cops' 1,000 facial recognition arrests Activists argue the resources spent on tech aren't leading to worthwhile numbers Security09 Jul 2025 | 32
Iranian ransomware crew reemerges, promises big bucks for attacks on US or Israel Tells would-be affiliates they don't need to worry because cyberattacks don't violate a cease fire Security09 Jul 2025 | 7
Microsoft enjoys first Patch Tuesday of 2025 with no active exploits Sure, 130 fixes were sent out, but bask in the security goodness Patches08 Jul 2025 | 15
Massive browser hijacking campaign infects 2.3M Chrome, Edge users updated These extensions weren't malware-laced from the start, researcher says Research08 Jul 2025 | 39
SUSE launching region-locked support for the sovereignty-conscious Move targets European orgs wary of cross-border data exposure Software08 Jul 2025 | 13
Suspected Chinese cybersnoop grounded in Italy after US tipoff Zewei Xu's family reportedly bemused at arrest as extradition tabled Security08 Jul 2025 | 10
Is your password ecosystem ready for the regulators? The clipboard warriors are coming. Time to check on your password management Sponsored feature
Suspected Scattered Spider domains target everyone from manufacturers to Chipotle Plus: Qantas makes contact with 'potential cyber criminal' Security08 Jul 2025 | 3
CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands NetScaler vendor issued a patch but otherwise, stony silence Patches07 Jul 2025 | 6
Phishing platforms, infostealers blamed as identity attacks soar Get your creds in order or risk BEC, ransomware attacks, orgs warned CSO07 Jul 2025 |
Stalkerware firm gets scooped by SQL-slinging security snoop Infosec In Brief Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more Security06 Jul 2025 | 1
Ingram Micro confirms ransomware behind multi-day outage Updated SafePay crew claims responsibility for intrusion at one of world's largest tech distributors Cyber-crime06 Jul 2025 | 18
Massive spike in use of .es domains for phishing abuse ¡Cuidado! Time to double-check before entering your Microsoft creds Security05 Jul 2025 | 18
Microsoft Windows Firewall complains about Microsoft code Just ignore the warnings. Nothing to see here. Move along Security03 Jul 2025 | 22
Young Consulting finds even more folks affected in breach mess – now over 1 million The insurance SaaS slinger may trade under a different name, but past continues to haunt it Cyber-crime03 Jul 2025 | 1
Meta calls €200M EU fine over pay-or-consent ad model 'unlawful' 'Deserves fair compensation for the valuable and innovative services'? Which ones are those then? Personal Tech03 Jul 2025 | 65
Ransomware crew Hunters International shuts down, hands out keys to victims Don't let their kind words sway you – leaders are still up to no good Cyber-crime03 Jul 2025 | 5
Let's Encrypt rolls out free security certs for IP addresses You probably don't need one, but it's nice to have the option Security03 Jul 2025 | 55
ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies Crims have cottoned on to a new way to lead you astray Research03 Jul 2025 | 24
Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform The second max score this week for Netzilla - not a good look Patches02 Jul 2025 | 14
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors' Patches02 Jul 2025 | 7
23andMe's new owner says your DNA is safe this time Nonprofit TTAM assures everything is BAU. Whether that makes customers feel better is another matter Cyber-crime02 Jul 2025 | 18
US imposes sanctions on second Russian bulletproof hosting vehicle this year Aeza Group accused of assisting data bandits and BianLian ransomware crooks Cyber-crime02 Jul 2025 | 10
Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks Experts say they don't expect the MOVEit menace to do much about it Research02 Jul 2025 | 3
UK eyes new laws as cable sabotage blurs line between war and peace It might be time to update the Submarine Telegraph Act of 1885 Networks02 Jul 2025 | 82
Australian airline Qantas reveals data theft impacting six million customers Frequent flyers’ info takes flight Security02 Jul 2025 | 17
Microsoft admits to Intune forgetfulness Customizations not saved with security baseline policy update Patches01 Jul 2025 | 8
International Criminal Court swats away 'sophisticated and targeted' cyberattack Body stays coy on details but alludes to similarities with 2023 espionage campaign Cyber-crime01 Jul 2025 | 4
Terrible tales of opsec oversights: How cybercrooks get themselves caught The silly mistakes to the flagrant failures Security01 Jul 2025 | 14
Proton bashes Apple and joins antitrust suit that seeks to throw the App Store wide open Makes the usual complaints about control and cost, adds argument Apple's practices harm privacy Legal01 Jul 2025 | 18
US shuts down a string of North Korean IT worker scams Resulting in two indictments, one arrest, and 137 laptops seized Cyber-crime30 Jun 2025 | 1
British IT worker sentenced to seven months after trashing company network Don't leave the door open to disgruntled workers Cyber-crime30 Jun 2025 | 91
Scattered Spider crime spree takes flight as focus turns to aviation sector Time ticking for defenders as social engineering pros weave wider web Cyber-crime30 Jun 2025 | 2
Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants Device compromises and deep-seated access to critical infrastructure exposed surveillance vulnerabilities in agency's work Security30 Jun 2025 | 11
Your browser has ad tech's fingerprints all over it, but there's a clean-up squad in town Opinion Like being hard to spot? They’d much rather you didn’t Security30 Jun 2025 | 53
Canada orders Chinese CCTV biz Hikvision to quit the country ASAP Asia In Brief PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more! Public Sector30 Jun 2025 | 30
It's 2025 and almost half of you are still paying ransomware operators Infosec in Brief PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more Security30 Jun 2025 | 2
Ex-NATO hacker: 'In the cyber world, there's no such thing as a ceasefire' interview Watch out for supply chain hacks especially Cyber-crime28 Jun 2025 | 61
Crims are posing as insurance companies to steal health records and payment info Taking advantage of the ridiculously complex US healthcare billing system Cyber-crime27 Jun 2025 | 7
Cisco punts network-security integration as key for agentic AI Getting it in might mean re-racking the entire datacenter and rebuilding the network, though Datacenter Networking Nexus27 Jun 2025 | 6
Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ update 'No impact on safety,' FAA tells The Reg Cyber-crime27 Jun 2025 |
So you CAN turn an entire car into a video game controller Pen Test Partners hijack data from Renault Clio to steer, brake, and accelerate in SuperTuxKart Offbeat27 Jun 2025 | 35
Data spill in aisle 5: Grocery giant Ahold Delhaize says 2.2M affected after cyberattack Finance, health, and national identification details compromised Cyber-crime27 Jun 2025 | 4
FBI used bitcoin wallet records to peg notorious IntelBroker as UK national Pro tip: Don't use your personal email account on BreachForums Cyber-crime26 Jun 2025 | 31
What if Microsoft just turned you off? Security pro counts the cost of dependency Comment Czech researcher lays out a business case for reducing reliance on Redmond Security26 Jun 2025 | 116
Cisco fixes two critical make-me-root bugs on Identity Services Engine components A 10.0 and a 9.8 – these aren’t patches to dwell on Datacenter Networking Nexus26 Jun 2025 | 4
Glasgow City Council online services crippled following cyberattack Nothing confirmed but authority is operating under the assumption that data has been stolen Cyber-crime26 Jun 2025 | 14
Qilin ransomware attack on NHS supplier contributed to patient fatality Pathology outage caused by Synnovis breach linked to harm across dozens of healthcare facilities Cyber-crime26 Jun 2025 | 7
UK to buy nuclear-capable F-35As that can't be refueled from RAF tankers Aircraft meant to bolster NATO deterrent will rely on allied support to stay airborne Security26 Jun 2025 | 276
Frozen foods supermarket chain deploys facial recognition tech Privacy campaigner brands Iceland's use of 'Orwellian' camera tech 'chilling,' CEO responds: 'It'll cut violent crime' Security26 Jun 2025 | 119
That WhatsApp from an Israeli infosec expert could be a Iranian phish Charming Kitten unsheathes its claws and tries to catch credentials Cyber-crime26 Jun 2025 | 2
Citrix bleeds again: This time a zero-day exploited - patch now Two emergency patches issued in two weeks Patches25 Jun 2025 | 1
Amazon's Ring can now use AI to 'learn the routines of your residence' It's meant to cut down on false positives but could be a trove for mischief-makers Security25 Jun 2025 | 75
Computer vision research feeds surveillance tech as patent links spike 5× A bottomless appetite for tracking people as 'objects' Research25 Jun 2025 | 3
Supply chain attacks surge with orgs 'flying blind' about dependencies Who is the third party that does the thing in our thing? Yep. Attacks explode over past year CSO25 Jun 2025 | 4