Security News • The Register

Security

FCC stands up Council on National Security to fight China in ways that CISA used to

Infosec In Brief PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware

Security16 Mar 2025 | 3

Apple's alleged UK encryption battle sparks political and privacy backlash

National security defense being used to keep appeal behind closed doors

Security14 Mar 2025 | 72

New kids on the ransomware block channel Lockbit to raid Fortinet firewalls

It's March already and you haven't patched?

Cyber-crime14 Mar 2025 |

Dems ask federal agencies for reassurance DOGE isn't feeding data into AI willy-nilly

Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail

AI + ML13 Mar 2025 | 29

Google says it's rolling out fix for stricken Chromecasts

It'll take a few days, give or take your situation

Personal Tech13 Mar 2025 | 20

That 'angry guest' email from Booking.com? It's a scam, not a 1-star review

Phishers check in, your credentials check out, Microsoft warns

Research13 Mar 2025 | 9

CISA: We didn't fire red teams, we just unhired a bunch of them

Agency tries to save face as it also pulls essential funding for election security initiatives

Security13 Mar 2025 | 26

DeepSeek can be gently persuaded to spit out malware code

It might need polishing, but a useful find for any budding cybercrooks out there

Research13 Mar 2025 | 12

Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand

Feds warn gang still rampant and now cracked 300+ victims around the world

Cyber-crime13 Mar 2025 | 4

Get off that old Firefox by Friday or you'll be sorry, says Moz

Root cert expiry may bring breakage or worse for add-ons, media playback, and more

Applications13 Mar 2025 | 45

Expired Juniper routers find new life – as Chinese spy hubs

Fewer than 10 known victims, but Mandiant suspects others compromised, too

Cyber-crime12 Mar 2025 | 5

This is the FBI, open up. China's Volt Typhoon is on your network

Power utility GM talks to El Reg about getting that call and what happened next

Cyber-crime12 Mar 2025 | 20

UK must pay cyber pros more than its Prime Minister, top civil servant says

Leaders call for fewer contractors and more top talent installed across government

CSO12 Mar 2025 | 65

CISA pen-tester says 100-strong red team binned after DOGE canceled contract

Updated Election infosec advisory center also shuttered

Public Sector12 Mar 2025 | 160

Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws

Patch Tuesday Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy

Patches12 Mar 2025 | 22

'Uber for nurses' exposes 86K+ medical records, PII in open S3 bucket for months

Exclusive Non-password-protected, unencrypted 108GB database … what could possibly go wrong

Security11 Mar 2025 | 14

FTC's $25.5M scam refund treats victims to $34 each

Oh wow, just look at all the scary stuff in your Windows Event Viewer

Cyber-crime11 Mar 2025 | 12

MINJA sneak attack poisons AI models for other chatbot users

Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it

AI + ML11 Mar 2025 | 15

Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it

Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands

CSO10 Mar 2025 | 10

Google begs owners of crippled Chromecasts not to hit factory reset

Updated Expired security cert kerfuffle leaves second-gen, Audio gadgets useless

Personal Tech10 Mar 2025 | 64

Popular

Google begs owners of crippled Chromecasts not to hit factory reset

Updated Expired security cert kerfuffle leaves second-gen, Audio gadgets useless

DOGE helps Veterans Affairs end IT contract run by service-disabled entrepreneurs

Project dubbed 'wasteful' – Musk's lot says under-pressure VA must do it 'in-house'

Apple has locked me in the same monopolistic cage Microsoft's built for Windows 10 users

Column Vendors just don't want machines to live double lives

Google says it's rolling out fix for stricken Chromecasts

It'll take a few days, give or take your situation

CISA pen-tester says 100-strong red team binned after DOGE canceled contract

Updated Election infosec advisory center also shuttered

Microsoft will kill Remote Desktop soon, insists you'll love replacement

Windows App the way ahead as support pulled from May 27

Get off that old Firefox by Friday or you'll be sorry, says Moz

Root cert expiry may bring breakage or worse for add-ons, media playback, and more

Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it

Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands

As Chromecast outage drags on, fix could be days to weeks away

Updated Google apologizes but won’t say what went wrong nor when it will make things right

ASML will open Beijing facility despite US sanctions on China

Updated Center will reuse and recondition systems returned from field

MORE
STORIES

Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift

Phishing and ancient vulns still do the trick for one of the most prolific groups around

Research10 Mar 2025 | 8

Rhysida pwns two US healthcare orgs, extracts over 300K patients' data

Terabytes of sensitive info remain available for download

Cyber-crime10 Mar 2025 | 3

Consumer Reports calls out slapdash AI voice-cloning safeguards

Study finds 4 out of 6 providers don't do enough to stop impersonation

AI + ML10 Mar 2025 | 7

How NOT to f-up your security incident response

Feature Experts say that the way you handle things after the criminals break in can make things better or much, much worse

CSO10 Mar 2025 | 14

The NHS security culture problem is a crisis years in the making

Analysis Insiders say board members must be held accountable and drive positive change from the top down

CSO10 Mar 2025 | 29

Strap in, get ready for more Rust drivers in Linux kernel

Likening memory safety bugs to smallpox may not soothe sensitive C coders

OSes10 Mar 2025 | 68

Microsoft admits GitHub hosted malware that infected almost a million devices

Infosec in Brief Also, phone cleaner apps are a data-sucking scam, Singapore considering the literal rod for scammers, and more

Security10 Mar 2025 | 6

India wants backdoors into clouds, email, SaaS, for tax inspectors

Asia in Brief PLUS: Malaysia teams with Arm for local chip designs; NTT warns of possible breach; Samsung strikers settle; and more

Security09 Mar 2025 | 7

We call this kernel saunters: How Apple rearranged its XNU core with exclaves

iPhone giant compartmentalizes OS for the sake of security

Research08 Mar 2025 | 18

Developer sabotaged ex-employer with kill switch activated when he was let go

IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes

Bootnotes08 Mar 2025 | 78

Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures

$96B in transactions, some even labeled 'dirty funds,' since 2019, say prosecutors

Ransomware in Focus07 Mar 2025 | 4

Alleged cyber scalpers Swiftly cuffed over $635K Taylor ticket heist

I knew you were trouble, Queens DA might have said

Cyber-crime07 Mar 2025 | 4

Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware

Interview Which is why taking down chiefs and infra behind big name brand operations isn't working

Ransomware in Focus07 Mar 2025 | 2

The Badbox botnet is back, powered by up to a million backdoored Androids

Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort

Cyber-crime07 Mar 2025 | 10

International cops seize ransomware crooks' favorite Russian crypto exchange

Updated Did US Secret Service not get the memo, or?

Ransomware in Focus06 Mar 2025 | 12

Uncle Sam mulls policing social media of all would-be citizens

President ordered immigration officials to ramp up vetting of foreigners 'to the maximum degree'

Public Sector06 Mar 2025 | 78

Toronto Zoo ransomware crooks snatch decades of visitor data

Akira really wasn't horsing around with this one

Ransomware in Focus06 Mar 2025 | 12

Up to $75M needed to fix up rural hospital cybersecurity as ransomware gangs keep scratching at the door

Attacks strike, facilities go bust, patients die. But it's preventable

Ransomware in Focus06 Mar 2025 | 8

Cybereason CEO leaves after months of boardroom blowups

Updated Complaint alleges 13 funding proposals foundered amid battle for control

Security06 Mar 2025 | 2

Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks

Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox

Cyber-crime06 Mar 2025 | 4

Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security

Video Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told

Public Sector05 Mar 2025 | 57

China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets

Updated They're good at zero-day exploits, too

Public Sector05 Mar 2025 | 17

Apple drags UK government to court over 'backdoor' order

Updated A first-of-its-kind legal challenge set to be heard this month, per reports

Security05 Mar 2025 | 119

Leeds United kick card swipers into Row Z after 5-day cyberattack

English football club offers apologies after fans' card details stolen from online retail store

Cyber-crime05 Mar 2025 | 6

Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility

'No regrets' crew continues extorting victims, leaking highly sensitive data

Ransomware in Focus05 Mar 2025 | 2

How prevention is better than cure

Stop cyberattacks before they happen with preventative endpoint security

Ransomware thugs threaten Tata Technologies with leak if demands not met

Hunters International ready to off-shore 1.4 TB of info allegedly swiped from Indian giant

Ransomware in Focus05 Mar 2025 | 4

VMware splats guest-to-hypervisor escape bugs already exploited in wild

The heap overflow zero-day in the memory unsafe code by Miss Creant

Virtualization04 Mar 2025 | 8

How Google tracks Android device users before they've even opened an app

No warning, no opt-out, and critic claims ... no consent

Security04 Mar 2025 | 91

It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake

Says the biz trying to sell us stuff to catch that, admittedly

AI + ML04 Mar 2025 | 18

Plugging the holes in open banking

Enhancing API security for financial institutions

Partner Content

So … Russia no longer a cyber threat to America?

Comment Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks

Public Sector04 Mar 2025 | 217

Cybersecurity not the hiring-'em-like-hotcakes role it once was

Analysis Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts

CSO03 Mar 2025 | 15

Microsoft unveils finalized EU Data Boundary as European doubt over US grows

Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored

PaaS + IaaS03 Mar 2025 | 51

Polish space agency confirms cyberattack

Officials vow to uncover who was behind it

Ransomware in Focus03 Mar 2025 | 4

UK watchdog investigates TikTok and Reddit over child data privacy concerns

ICO looking at what data is used to serve up recommendations

Security03 Mar 2025 | 3

Governments can't seem to stop asking for secret backdoors

Opinion Cut off one head and 100 grow back? Decapitation may not be the way to go

Cyber-crime03 Mar 2025 | 125

US Cyber Command reportedly pauses cyberattacks on Russia

Infosec In Brief PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more

Security03 Mar 2025 | 97

C++ creator calls for help to defend programming language from 'serious attacks'

Bjarne Stroustrup wants standards body to respond to memory-safety push as Rust monsters lurk at the door

Software02 Mar 2025 | 213

Ransomware criminals love CISA's KEV list – and that's a bug, not a feature

1 in 3 entries are used to extort civilians, says new paper

Ransomware in Focus28 Feb 2025 | 5

Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim

AI + ML28 Feb 2025 | 3

Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’

FYI: What NOT to search after committing a crime

Cyber-crime27 Feb 2025 | 35

FBI officially fingers North Korea for $1.5B Bybit crypto-burglary

Federal agents, open up ... your browsers and see if you recognize any of these wallets

Cyber-crime27 Feb 2025 | 22

Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o

Updated Model was fine-tuned to write vulnerable software – then suggested enslaving humanity

AI + ML27 Feb 2025 | 127

Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time

Boffins poked around inside censorship engines – here's what they found

Networks27 Feb 2025 | 38

With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare

244M purloined passwords added to Have I Been Pwned thanks to govt tip-off

Cyber-crime26 Feb 2025 | 10

Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet

Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation

Cyber-crime26 Feb 2025 | 14

Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)

Starting with Snapdragon 8 Elite and 'droid 15

Personal Tech26 Feb 2025 | 5

Signal will withdraw from Sweden if encryption-busting laws take effect

Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect

Security26 Feb 2025 | 118

200-plus impressively convincing GitHub repos are serving up malware

Infosec bytes Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack

Security26 Feb 2025 | 9

Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in

Plus: New figurehead of DOGE emerges and they aren't called Elon

Public Sector26 Feb 2025 | 37

Drug-screening biz DISA took a year to disclose security breach affecting millions

If there's something nasty on your employment record, extortion scum could come calling

Cyber-crime26 Feb 2025 | 5

Xi know what you did last summer: China was all up in Republicans' email, says book

Of course, Microsoft is in the mix, isn't it

Cyber-crime25 Feb 2025 | 29

MITRE Caldera security suite scores perfect 10 for insecurity

Is a trivial remote-code execution hole in every version part of the training, or?

Research25 Feb 2025 | 9

Harassment allegations against DEF CON veteran detailed in court filing

More than a dozen women came forward with accusations

Security25 Feb 2025 | 10

Data resilience and data portability

Why organizations should protect everything, everywhere, all at once

Sponsored Feature

China's Silver Fox spoofs medical imaging apps to hijack patients' computers

Sly like a PRC cyberattack

Research25 Feb 2025 | 2

Malware variants that target operational tech systems are very rare – but 2 were found last year

Fuxnet and FrostyGoop were both used in the Russia-Ukraine war

Research25 Feb 2025 | 3

Southern Water takes the fifth over alleged $750K Black Basta ransom offer

Leaked chats and spilled secrets as AI helps decode circa 200K private talks

Ransomware in Focus25 Feb 2025 | 31

How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit

Analysis Blueprints shared for jail-breaking models that expose their chain-of-thought process

AI + ML25 Feb 2025 | 30

Google binning SMS MFA at last and replacing it with QR codes

Everyone knew texted OTPs were a dud back in 2016

CSO25 Feb 2025 | 105

US Dept of Housing screens sabotaged to show deepfake of Trump sucking Elon's toes

'Appropriate action will be taken,' we're told – as federal HR email sparks uproar, ax falls on CISA staff

Public Sector24 Feb 2025 | 133

Shifting the cybersecurity odds

Four domains to build resilience

Partner Content

The software UK techies need to protect themselves now Apple's ADP won’t

No matter how deep you are in Apple's 'ecosystem,’ there are ways to stay encrypted in Blighty

Security24 Feb 2025 | 124

Rather than add a backdoor, Apple decides to kill iCloud encryption for UK peeps

Infosec in brief Plus: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more

Security24 Feb 2025 | 89

Experts race to extract intel from Black Basta internal chat leaks

Researchers say there's dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data

Ransomware in Focus21 Feb 2025 | 3

Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws

PoC exploit code shows why this is a patch priority

Patches21 Feb 2025 |

Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar

It comes amid a major crackdown on the abusive industry that started during COVID

Security21 Feb 2025 | 4

Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable

Final update Nobody wants memory bugs. Penguinistas continue debate on how to squish 'em

OSes21 Feb 2025 | 178

Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes

Said bugs 'can have significant implications' – glad to hear that from Redmond

AI + ML20 Feb 2025 | 7

Oops, some of our customers' Power Pages-hosted sites were exploited, says Microsoft

Don't think this is SaaS and you can relax: Redmond wants a few of you to check your websites

Cyber-crime20 Feb 2025 | 4

US minerals company says crooks broke into email and helped themselves to $500K

A painful loss for young company that's yet to generate revenue

Cyber-crime20 Feb 2025 | 10

Critical flaws in Mongoose library expose MongoDB to data thieves, code execution

Bugs fixed, updating to the latest version is advisable

Research20 Feb 2025 | 2

Two arrested after pensioner scammed out of six-figure crypto nest egg

The latest in a long line of fraud stings worth billions each year

Security20 Feb 2025 | 18

Ghost ransomware crew continues to haunt IT depts with scarily bad infosec

FBI and CISA issue reminder - deep sigh - about the importance of patching and backups

Ransomware in Focus20 Feb 2025 | 7

Medusa ransomware gang demands $2M from UK private health services provider

Exclusive 2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident'

Cyber-crime20 Feb 2025 | 10

US Army soldier linked to Snowflake extortion rampage admits breaking the law

That's the way the cookie melts

Cyber-crime20 Feb 2025 |

Trump’s DoD CISO pick previously faced security clearance suspension

Hey, at least Katie Arrington brings a solid resume

Public Sector19 Feb 2025 | 13

Check out this free automated tool that hunts for exposed AWS secrets in public repos

You can find out if your GitHub codebase is leaking keys ... but so can miscreants

Security19 Feb 2025 | 2

Hundreds of Dutch medical records bought for pocket change at flea market

15GB of sensitive files traced back to former software biz

Storage19 Feb 2025 | 40

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2025