Security News • The Register

Security

Cyber fiends battering UK retailers now turn to US stores

Interview DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon

Cyber-crime15 May 2025 | 1

Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU

Expert tells us: 'It is the most unique breach disclosure I've ever seen'

Cyber-crime15 May 2025 | 5

Socket buys Coana to tell you which security alerts you can ignore

Sometimes, less information is more

Security15 May 2025 |

Snowflake CISO on the power of 'shared destiny' and 'yes and'

interview Lessons learned from last year's security snafu

CSO15 May 2025 | 2

Here's what we know about the DragonForce ransomware that hit Marks & Spencer

Would you believe it, this RaaS cartel says Russia is off limits

Cyber-crime15 May 2025 | 12

Metal maker meltdown: Nucor stops production after cyber-intrusion

Ransomware or critical infra hit? Top US manufacturer maintains steely silence

Cyber-crime14 May 2025 | 10

Why CVSS is failing us and what we can do about it

How Adversarial Exposure Validation is changing the way we approach vulnerability management

Partner content

Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play

Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated

Public Sector14 May 2025 | 4

Ivanti patches two zero-days under active attack as intel agency warns customers

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product

Patches14 May 2025 | 1

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation'

AI + ML14 May 2025 | 63

VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals

Admits due diligence fell short - furious users cry ‘gaslighting’

Networks14 May 2025 | 72

Go ahead and ignore Patch Tuesday – it might improve your security

No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'

Patches14 May 2025 | 26

Everyone's deploying AI, but no one's securing it – what could go wrong?

CYBERUK Crickets as senior security folk asked about risks at NCSC conference

CSO14 May 2025 | 14

Ransomware scum have put a target on the no man's land between IT and operations

Defenses are weaker, and victims are more likely to pay, SANS warns

CSO14 May 2025 | 16

Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu

Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti

Patches14 May 2025 | 2

Intel's data-leaking Spectre defenses scared off yet again

ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit

Research13 May 2025 | 5

Qatar’s $400M jet for Trump is a gold-plated security nightmare

Bootnotes13 May 2025 | 94

Commvault fixes critical Command Center issue after flaw finder alert

Pay-to-play security on CVSS 10 issue is now fixed

Patches13 May 2025 |

'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart

CYBERUK Both agencies seem unbothered despite tech world's clear concerns for US infoseccers

Security13 May 2025 | 6

Marks & Spencer admits cybercrooks made off with customer info

Market cap down by more than £1B since April 22

Cyber-crime13 May 2025 | 67

Popular

VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals

Admits due diligence fell short - furious users cry ‘gaslighting’

Ransomware scum have put a target on the no man's land between IT and operations

Defenses are weaker, and victims are more likely to pay, SANS warns

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation'

Intel's data-leaking Spectre defenses scared off yet again

ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit

Europe plots escape hatch from the enshittification of search

Plus: How to make Google less unhelpful

Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu

Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti

Everyone's deploying AI, but no one's securing it – what could go wrong?

CYBERUK Crickets as senior security folk asked about risks at NCSC conference

Go ahead and ignore Patch Tuesday – it might improve your security

No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'

US tech titans rejoice in $600B Saudi shopping spree

Prince Mohammed bin Bone Saw will take a few hundred thousand GPUs with his missiles and fighter jets

Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play

Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated

MORE
STORIES

As US vuln-tracking falters, EU enters with its own security bug database

EUVD comes into play not a moment too soon

Security13 May 2025 | 26

Türkiye-linked spy crew exploited a messaging app zero-day to snoop on Kurdish army in Iraq

'MarbledDust' gang has honed the skills it uses to assist Ankara

Security13 May 2025 | 3

M365 apps on Windows 10 to get security fixes into 2028

Support for the underlying OS is another story

Applications12 May 2025 | 10

CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email

Updated Cripes, we were only joking when we called Elon's social network the new state media

Security12 May 2025 | 53

Why aggregating your asset inventory leads to better security

Today’s complex IT environments demand a new approach

Partner content

Attackers pwn charter airline helping Trump's deportation campaign

Intruders claim they stole GlobalX's flight records and manifests

Cyber-crime12 May 2025 | 48

Britain's cyber agents and industry clash over how to tackle shoddy software

CYBERUK Providers argue that if end users prioritized security, they'd get it

CSO12 May 2025 | 74

Unending ransomware attacks are a symptom, not the sickness

Opinion We need to make taking IT systems 'off the books' a problem for corporate types

Cyber-crime12 May 2025 | 63

DOGE worker's old creds found exposed in infostealer malware dumps

Infosec in brief PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you're never safe; and more

Security12 May 2025 | 19

You think ransomware is bad now? Wait until it infects CPUs

RSAC Rapid7 threat hunter wrote a PoC. No, he's not releasing it

Research11 May 2025 | 64

Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants

The FBI also issued a list of end-of-life routers you need to replace

Cyber-crime10 May 2025 | 10

UK Ministry of Defence is spending less with US biz, and more with Europeans

France's share of MOD cash is growing while the US's shrinks

Offbeat10 May 2025 | 76

VC behemoth Insight Partners fears top-secret financial info swiped by cyber-miscreants

Weapons-grade fuel for fraud

Cyber-crime09 May 2025 | 8

openSUSE deep sixes Deepin desktop over security stink

Linux giant finds Chinese environment to be perilous beneath pretty exterior

Security09 May 2025 | 21

Sudo-rs make me a sandwich, hold the buffer overflows

Ubuntu 25.10 fitted with Rust-written admin tool by default for memory safety's sake

OSes08 May 2025 | 131

PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied

Now individual school districts extorted by fiends

CSO08 May 2025 | 33

After that 2024 Windows fiasco, CrowdStrike has a plan – job cuts, leaning on AI

CEO: Neural net tech 'flattens our hiring curve, helps us innovate'

CSO07 May 2025 | 14

Delta Air Lines class action cleared for takeoff over CrowdStrike chaos

Judge allows aspects of passenger lawsuit to proceed

Security07 May 2025 | 2

You'll never guess which mobile browser is the worst for data collection

We were shocked – SHOCKED – by the answer

Security07 May 2025 | 58

Curl project founder snaps over deluge of time-sucking AI slop bug reports

Lead dev likens flood to 'effectively being DDoSed'

Security07 May 2025 | 63

New Zealand kind-of moves to ban social media for under-16s, require age checks for new accounts

Prime Minister bemoans bullying, addiction, and inappropriate content – but isn’t planning a rapid vote

Public Sector07 May 2025 | 30

Super spyware maker NSO must pay Meta $168M in WhatsApp court battle

Don't f&#k with Zuck

CSO06 May 2025 | 17

Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower

What was the plan, showing her his big iron?

AI Infrastructure Month06 May 2025 | 79

Pentagon declares war on 'outdated' software buying, opens fire on open source

(If only that would keep folks off unsanctioned chat app side quests)

Public Sector06 May 2025 | 74

CISA slammed for role in 'censorship industrial complex' as budget faces possible $500M cut

Because who needs cybersecurity when there’s culture wars to win

Public Sector06 May 2025 | 38

Signal chat app clone used by Signalgate's Waltz was apparently an insecure mess

Updated No, really? That's a shocking surprise

Security05 May 2025 | 38

Trump promises protection for TikTok, for which he has a ‘warm spot in my heart’

Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures

Public Sector05 May 2025 | 73

India’s chipmaking ambitions hurt by Zoho’s no-go and Adani unease

Asia in brief PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more!

Public Sector05 May 2025 | 7

Microsoft tries to knife passwords once and for all - at least for consumers

Infosec In Brief PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more!

Security04 May 2025 | 81

RSA Conf wrap: AI and China on everything, everywhere, all at once

RSAC With North Korean IT workers storming the gates, too

Spotlight on RSAC04 May 2025 | 5

Altman's eyeball-scanning biometric blockchain orbs officially come to America

El Reg checks out shop in SF

Bootnotes04 May 2025 | 52

Disney Slack attack wasn't Russian protesters, just a Cali dude with malware

25-year-old fella pleads guilty to stealing, dumping 1.1TB of data from the House of Mouse

Cyber-crime02 May 2025 | 18

Generative AI makes fraud fluent – from phishing lures to fake lovers

RSAC Real-time video deepfakes? Not convincing yet

Spotlight on RSAC02 May 2025 | 5

Three Brits charged over 'active shooter threats' swattings in US, Canada

UK starts prosecution days after FBI vowed to clamp down on the crime

Security02 May 2025 | 39

British govt agents step in as Harrods becomes third mega retailer under cyberattack

Experts suggest the obvious: There is an ongoing coordinated attack on UK retail sector

Cyber-crime02 May 2025 | 142

Dems look to close the barn door after top DOGE dog has bolted

House Oversight probes missing Musk disclosures, background checks, data mess at NLRB

Public Sector01 May 2025 | 101

Healthcare group Ascension discloses second cyberattack on patients' data

This time criminals targeted partner’s third-party software

Cyber-crime01 May 2025 | 1

How Amazon red-teamed Alexa+ to keep your kids from ordering 50 pizzas

RSAC Will the personal assistant shop for groceries? Or get hijacked by a teen?

Spotlight on RSAC01 May 2025 | 35

Chris Krebs loses Global Entry membership amid Trump feud

President's campaign continues against man he claims covered up evidence of electoral fraud in 2020

Security01 May 2025 | 36

Data watchdog will leave British Library alone – further probes 'not worth our time'

No MFA? No problem – as long as you show you’ve learned your lesson

Cyber-crime01 May 2025 | 7

Ex-NSA cyber-boss: AI will soon be a great exploit coder

RSAC For now it's a potential bug-finder and friend to defenders

Spotlight on RSAC30 Apr 2025 | 13

Ex-CISA chief decries cuts as Trump demands loyalty above all else

RSAC Cybersecurity is national security, says Jen Easterly

Spotlight on RSAC30 Apr 2025 | 10

Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China

Feds say $970K scheme defrauded 13+ companies

Cyber-crime30 Apr 2025 | 10

FBI steps in amid rash of politically charged swattings

No specific law against it yet, but that's set to change

Security30 Apr 2025 | 57

Ghost in the shell script: Boffins reckon they can catch bugs before programs run

Go ahead, please do Bash static analysis

CSO30 Apr 2025 | 39

Cloud doesn’t mean secure: How Intruder finds what others miss

A cloud security platform that manages the attack surface and security vulnerabilities in AWS

Watch out for any Linux malware sneakily evading syscall-watching antivirus

Google dumped io_uring after $1M in bug bounties

CSO29 Apr 2025 | 17

Enterprise tech dominates zero-day exploits with no signs of slowdown

As Big Tech gets used to the pain, smaller vendors urged to up their game

Research29 Apr 2025 | 1

China now America's number one cyber threat – US must get up to speed

RSAC Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable

Spotlight on RSAC29 Apr 2025 | 22

Infosec pros tell Trump to quit bullying Chris Krebs – it's undermining security

Top voices warn that political retaliation puts democracy and national defense at risk

Security29 Apr 2025 | 70

China is using AI to sharpen every link in its attack chain, FBI warns

RSAC Artificial intelligence is helping Beijing's goons break in faster and stay longer

Spotlight on RSAC29 Apr 2025 | 11

The one interview question that will protect you from North Korean fake workers

RSAC FBI and others list how to spot NK infiltrators, but AI will make it harder

Spotlight on RSAC29 Apr 2025 | 94

Swiss boffins admit to secretly posting AI-penned posts to Reddit in the name of science

They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse

AI + ML29 Apr 2025 | 22

Open source text editor poisoned with malware to target Uyghur users

Who could possibly be behind this attack on an ethnic minority China despises?

Security29 Apr 2025 | 19

Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus

Florida man altered allergen info, DoSed former colleagues

Cyber-crime29 Apr 2025 | 15

Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn

Updated Sometimes, silence is the best option

CSO28 Apr 2025 | 10

How to survive as a CISO aka 'chief scapegoat officer'

RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel

Spotlight on RSAC28 Apr 2025 | 9

Admission impossible: NSA, CISA brass absent from RSA Conf

RSAC Homeland Security boss Noem added as last-minute keynote, mind you

Spotlight on RSAC28 Apr 2025 | 11

The future of AI in cybersecurity in a word: Optimistic

Think of artificial intelligence as your embedded ally

From 112K to 4M folks' data – HR biz attack goes from bad to mega bad

It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands

Cyber-crime28 Apr 2025 | 7

Back online after 'catastrophic' attack, 4chan says it's too broke for good IT

Image board hints that rumors of a poorly maintained back end may be true

Security28 Apr 2025 | 39

Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025

Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year

OSes28 Apr 2025 | 38

Samsung admits Galaxy devices can leak passwords through clipboard wormhole

Infosec in brief PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more!

Security28 Apr 2025 | 11

Signalgate lessons learned: If creating a culture of security is the goal, America is screwed

Opinion Infosec is a team sport … unless you're in the White House

Public Sector25 Apr 2025 | 98

Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member

What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future

CSO25 Apr 2025 | 17

More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures

Security25 Apr 2025 | 8

Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions

Where have we heard this before? Feb security update needs its own fix

OSes25 Apr 2025 | 1

M&S stops online orders as 'cyber incident' issues worsen

One step forward and one step back as earlier hopes of progress dashed by latest update

Cyber-crime25 Apr 2025 | 21

Emergency patch for potential SAP zero-day that could grant full system control

German software giant paywalls details, but experts piece together the clues

Patches25 Apr 2025 | 2

Claims assistance firm fined for cold-calling people who put themselves on opt-out list

Third-party data supplier also in hot water with Brit regulator over consent issues

Security25 Apr 2025 | 33

Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry

Because coding phishing sites from scratch is a real pain in the neck

Cyber-crime25 Apr 2025 | 5

SSNs and more on 5.5M+ patients feared stolen from Yale Health

At least it wasn't Harvard

Cyber-crime24 Apr 2025 | 5

Microsoft mystery folder fix might need a fix of its own

This one weird trick can stop Windows updates dead in their tracks

Security24 Apr 2025 | 50

Assassin's Creed maker faces GDPR complaint for forcing single-player gamers online

Collecting data from solo players is a Far Cry from being necessary, says noyb

Security24 Apr 2025 | 38

M&S takes systems offline as 'cyber incident' lingers

Customers told to expect further delays as contactless payments still down

Cyber-crime24 Apr 2025 | 12

Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year

Cybercriminals are targeting software shops, accountants, lawyers

CSO24 Apr 2025 | 2

Booby-trapped Alpine Quest Android app geolocates Russian soldiers

Back of the nyet!

Research24 Apr 2025 | 37

Ransomware scum and other crims bilked victims out of a 'staggering' $16.6B last year, says FBI

Biggest threat to America's critical infrastructure? Ransomware

Cyber-crime24 Apr 2025 | 7

Blue Shield says it shared health info on up to 4.7M patients with Google Ads

Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway

CSO23 Apr 2025 | 25

Ripple NPM supply chain attack hunts for private keys

A mystery thief and a critical CVE involved in crypto cash grab

Cyber-crime23 Apr 2025 | 4

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2025