UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies
Fancy Bear can't keep its claws out of Outlook inboxes
Cyber-crime20 Jul 2025 | 10
Security
Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days
Interview Keep It Simple, Stupid
Cyber-crime19 Jul 2025 | 5
As companies race to add AI, terms of service changes are going to freak a lot of people out
Analysis WeTransfer added the magic words 'machine learning' to its ToS and users reacted predictably
SaaS18 Jul 2025 | 65
Google sues 25 alleged BadBox 2.0 botnet operators, all of whom are in China
Ads giant complains of damage to its reputation and finances ... and crime, too
Cyber-crime17 Jul 2025 | 8
Watch out, another max-severity, make-me-root Cisco bug on the loose
Updated Three perfect 10s in the last month - ISE, ISE, baby
Patches17 Jul 2025 | 16
Quantum code breaking? You'd get further with an 8-bit computer, an abacus, and a dog
Computer scientist Peter Gutmann tells The Reg why it's 'bollocks'
Research17 Jul 2025 | 91
Microsoft offers vintage Exchange and Skype server users six more months of security updates
It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing
Patches17 Jul 2025 | 11
Ukrainian hackers claim to have destroyed major Russian drone maker's entire network
'Deeply penetrated' Gaskar 'to the very tonsils of demilitarization'
Security16 Jul 2025 | 106
Operation Eastwood shutters 100+ servers used to DDoS websites supporting Ukraine
Two Russian suspects in cuffs, seven warrants out
Cyber-crime16 Jul 2025 | 13
Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit
Updated Someone's OVERSTEPing the mark
Research16 Jul 2025 | 3
Retailer Co-op: Attackers snatched all 6.5M member records
Supermarket announces white hat education scheme as four suspects released on bail
Cyber-crime16 Jul 2025 | 28
Turbulence at Air Serbia, the latest airline under cyber siege
Exclusive Attack enters day 11 and still no public disclosure of what insider claims to be 'deep breach' of Active Directory
Cyber-crime16 Jul 2025 |
Security shop Adarma ceases trading, confirms it will enter administration
Former staffers of struggling UK biz say they don’t expect to be paid for July
Security16 Jul 2025 | 1
Curl creator mulls nixing bug bounty awards to stop AI slop
Maintainers struggle to handle growing flow of low-quality bug reports written by bots
AI + ML15 Jul 2025 | 21
Ex-US soldier who Googled 'can hacking be treason' pleads guilty to extortion
File this one under what not to search if you've committed a crime
Cyber-crime15 Jul 2025 | 17
Britain's billion-pound F-35s not quite ready for, well, anything
Stealth jets can't fight, can't fly much, and can't shoot UK missiles, says NAO
Security15 Jul 2025 | 182
Someone hijacked Elmo's X account to post antisemitic rants
Anyone investigated Grok? Just sayin'…
Cyber-crime14 Jul 2025 | 21
Nvidia A6000 GPUs flip memory bits if beaten by GPUHammer
Rowhammer returns for more memory-meddling fun
Research14 Jul 2025 | 4
A software-defined radio can derail a US train by slamming the brakes on remotely
Updated Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there
Security14 Jul 2025 | 74
GPS on the fritz? Britain and France plot a backup plan
Cross-Channel pact aims to bolster navigation and timing tech as satellite signals face growing jamming threats
Networks14 Jul 2025 | 70
Popular
Google’s Gemini refuses to play Chess against the mighty Atari 2600 after realizing it can't match ancient console
Warned that ChatGPT and Copilot had already lost, it stopped boasting and packed up its pawns
PUTTY.ORG nothing to do with PuTTY – and now it's spouting pandemic piffle
Linking can be helpful – but not always… while disinformation can spread like a virus
Open, free, and completely ignored: The strange afterlife of Symbian
It did get sourced, but nobody cared
VMware reboots its partner program again – and it looks like smaller players are out
Exclusive Second major change in 18 months will be most unwelcome for many - as will critical flaws announced today
Nearly 3 out of 4 Oracle Java users say they've been audited in the past 3 years
Big Red’s changes to Java licensing also inspire exodus to open source
Quantum code breaking? You'd get further with an 8-bit computer, an abacus, and a dog
Computer scientist Peter Gutmann tells The Reg why it's 'bollocks'
A software-defined radio can derail a US train by slamming the brakes on remotely
Updated Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there
Britain's billion-pound F-35s not quite ready for, well, anything
Stealth jets can't fight, can't fly much, and can't shoot UK missiles, says NAO
Junior developer's code worked in tests, destroyed data in production
Who, Me? For the lack of a little documentation, two techies did a lot of accidental damage
Ukrainian hackers claim to have destroyed major Russian drone maker's entire network
'Deeply penetrated' Gaskar 'to the very tonsils of demilitarization'
STORIES
UK's NCA disputes claim it's nearly three times less efficient than the FBI
Report on serious organized crime fails to account for differences, agency says
Cyber-crime14 Jul 2025 | 28
Iran seeks at least three cloud providers to power its government
Despite loathing the USA, Iran wants providers who match NIST’s definition of cloud computing
Public Sector14 Jul 2025 | 9
Nvidia warns its GPUs – even Blackwells – need protection against Rowhammer attacks
Infosec In Brief PLUS: Bluetooth mess leaves cars exposed; Bitcoin ATMs attacked; Deepfakers imitate US secretary of state Marco Rubio; and more
Security13 Jul 2025 | 7
You have a fake North Korean IT worker problem – here's how to stop it
Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another
Cyber-crime13 Jul 2025 | 114
CVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warn
Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal
Patches11 Jul 2025 | 12
UK Online Safety Act 'not up to scratch' on misinformation, warn MPs
Last summer's riots show how some content can be harmful but not illegal
Cyber-crime11 Jul 2025 | 77
Security company hired a used car salesman to build a website, and it didn't end well
On Call First came the dodgy lawyer, then the explosively angry HR person, leaving a whistleblower techie to save his career
Security11 Jul 2025 | 93
French cops cuff Russian pro basketball player on ransomware charges
'He's useless with computers and can't even install an application' says lawyer
Cyber-crime11 Jul 2025 | 15
Chinese censorship-busters claim Tencent is trying to kill its WeChat archive
UPDATED Alleges Singaporean infosec outfit sent feeble legal demands to hosting company, which caved
Security11 Jul 2025 | 5
Lovestruck US Air Force worker admits leaking secrets on dating app
Oh my sweet secret informant lover, what happened in that NATO meeting today?
Security10 Jul 2025 | 34
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
Updated Add CISA to the list
Patches10 Jul 2025 | 3
Ex-ASML engineer who stole chip tech for Russia gets three years in Dutch prison
'Whether those files were allowed to go to Russia? I didn't ask'
Cyber-crime10 Jul 2025 | 5
Russia, hotbed of cybercrime, says nyet to ethical hacking bill
Politicians uneasy over potential impact on national security, local reports say
Security10 Jul 2025 | 4
NCA arrests four in connection with UK retail ransomware attacks
Crime-fighting agency cagey on details, probes into intrusions at M&S, Harrods, and Co-op continue
Cyber-crime10 Jul 2025 | 16
Sovereign-ish: Google Cloud keeps AI data in UK, but not the support
Processing and storage for Gemini 2.5 Flash to stay in Blighty
AI + ML10 Jul 2025 | 6
Review: How Passwork 7 helps tame business passwords
A simple interface and new roles-based capabilities make this venerable password manager an attractive proposition
Sponsored feature
At last, a use case for AI agents with sky-high ROI: Stealing crypto
Boffins outsmart smart contracts with evil automation
AI + ML10 Jul 2025 | 14
How to trick ChatGPT into revealing Windows keys? I give up
No, really, those are the magic words
Research09 Jul 2025 | 101
US sanctions alleged North Korean IT sweatshop leader
Turns out outsourcing coders to bankroll Kim’s nukes doesn’t jibe with Uncle Sam
Cyber-crime09 Jul 2025 | 4
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs
Low-severity bugs but infosec pros claim they are a 'critical' overall threat – patch accordingly
Security09 Jul 2025 | 27
The cloud-native imperative for effective cyber resilience
Modern threats demand modern defenses. Cloud-native is the new baseline
Partner content
Reframing investments in security as investments in the business
A little skill in business communication can help get the board on board
Partner content
Qantas begins telling some customers that mystery attackers have their home address
Plus: Confirms less serious data points like meal preferences also leaked
Cyber-crime09 Jul 2025 | 13
Ingram Micro restarts orders – for some – following ransomware attack
Customers say things are still far from perfect as lengthy support queues hamper business dealings
Cyber-crime09 Jul 2025 | 1
Privacy campaigners pour cold water on London cops' 1,000 facial recognition arrests
Activists argue the resources spent on tech aren't leading to worthwhile numbers
Security09 Jul 2025 | 32
Iranian ransomware crew reemerges, promises big bucks for attacks on US or Israel
Tells would-be affiliates they don't need to worry because cyberattacks don't violate a cease fire
Security09 Jul 2025 | 7
Microsoft enjoys first Patch Tuesday of 2025 with no active exploits
Sure, 130 fixes were sent out, but bask in the security goodness
Patches08 Jul 2025 | 15
Massive browser hijacking campaign infects 2.3M Chrome, Edge users
updated These extensions weren't malware-laced from the start, researcher says
Research08 Jul 2025 | 39
The cloud-native imperative for effective cyber resilience
Archive deleted
Archive deleted
SUSE launching region-locked support for the sovereignty-conscious
Move targets European orgs wary of cross-border data exposure
Software08 Jul 2025 | 13
Suspected Chinese cybersnoop grounded in Italy after US tipoff
Zewei Xu's family reportedly bemused at arrest as extradition tabled
Security08 Jul 2025 | 10
Is your password ecosystem ready for the regulators?
The clipboard warriors are coming. Time to check on your password management
Sponsored feature
Suspected Scattered Spider domains target everyone from manufacturers to Chipotle
Plus: Qantas makes contact with 'potential cyber criminal'
Security08 Jul 2025 | 3
CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands
NetScaler vendor issued a patch but otherwise, stony silence
Patches07 Jul 2025 | 6
Phishing platforms, infostealers blamed as identity attacks soar
Get your creds in order or risk BEC, ransomware attacks, orgs warned
CSO07 Jul 2025 |
Stalkerware firm gets scooped by SQL-slinging security snoop
Infosec In Brief Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more
Security06 Jul 2025 | 1
Ingram Micro confirms ransomware behind multi-day outage
Updated SafePay crew claims responsibility for intrusion at one of world's largest tech distributors
Cyber-crime06 Jul 2025 | 18
Massive spike in use of .es domains for phishing abuse
¡Cuidado! Time to double-check before entering your Microsoft creds
Security05 Jul 2025 | 18
Microsoft Windows Firewall complains about Microsoft code
Just ignore the warnings. Nothing to see here. Move along
Security03 Jul 2025 | 22
Young Consulting finds even more folks affected in breach mess – now over 1 million
The insurance SaaS slinger may trade under a different name, but past continues to haunt it
Cyber-crime03 Jul 2025 | 1
Meta calls €200M EU fine over pay-or-consent ad model 'unlawful'
'Deserves fair compensation for the valuable and innovative services'? Which ones are those then?
Personal Tech03 Jul 2025 | 65
Ransomware crew Hunters International shuts down, hands out keys to victims
Don't let their kind words sway you – leaders are still up to no good
Cyber-crime03 Jul 2025 | 5
Let's Encrypt rolls out free security certs for IP addresses
You probably don't need one, but it's nice to have the option
Security03 Jul 2025 | 55
ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies
Crims have cottoned on to a new way to lead you astray
Research03 Jul 2025 | 24
Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform
The second max score this week for Netzilla - not a good look
Patches02 Jul 2025 | 14
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now
Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors'
Patches02 Jul 2025 | 7
23andMe's new owner says your DNA is safe this time
Nonprofit TTAM assures everything is BAU. Whether that makes customers feel better is another matter
Cyber-crime02 Jul 2025 | 18
US imposes sanctions on second Russian bulletproof hosting vehicle this year
Aeza Group accused of assisting data bandits and BianLian ransomware crooks
Cyber-crime02 Jul 2025 | 10
Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks
Experts say they don't expect the MOVEit menace to do much about it
Research02 Jul 2025 | 3
UK eyes new laws as cable sabotage blurs line between war and peace
It might be time to update the Submarine Telegraph Act of 1885
Networks02 Jul 2025 | 82
Australian airline Qantas reveals data theft impacting six million customers
Frequent flyers’ info takes flight
Security02 Jul 2025 | 17
Microsoft admits to Intune forgetfulness
Customizations not saved with security baseline policy update
Patches01 Jul 2025 | 8
International Criminal Court swats away 'sophisticated and targeted' cyberattack
Body stays coy on details but alludes to similarities with 2023 espionage campaign
Cyber-crime01 Jul 2025 | 4
Terrible tales of opsec oversights: How cybercrooks get themselves caught
The silly mistakes to the flagrant failures
Security01 Jul 2025 | 14
Proton bashes Apple and joins antitrust suit that seeks to throw the App Store wide open
Makes the usual complaints about control and cost, adds argument Apple's practices harm privacy
Legal01 Jul 2025 | 18
US shuts down a string of North Korean IT worker scams
Resulting in two indictments, one arrest, and 137 laptops seized
Cyber-crime30 Jun 2025 | 1
British IT worker sentenced to seven months after trashing company network
Don't leave the door open to disgruntled workers
Cyber-crime30 Jun 2025 | 91
Scattered Spider crime spree takes flight as focus turns to aviation sector
Time ticking for defenders as social engineering pros weave wider web
Cyber-crime30 Jun 2025 | 2
Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants
Device compromises and deep-seated access to critical infrastructure exposed surveillance vulnerabilities in agency's work
Security30 Jun 2025 | 11
Your browser has ad tech's fingerprints all over it, but there's a clean-up squad in town
Opinion Like being hard to spot? They’d much rather you didn’t
Security30 Jun 2025 | 53
Canada orders Chinese CCTV biz Hikvision to quit the country ASAP
Asia In Brief PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more!
Public Sector30 Jun 2025 | 30
It's 2025 and almost half of you are still paying ransomware operators
Infosec in Brief PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more
Security30 Jun 2025 | 2
Ex-NATO hacker: 'In the cyber world, there's no such thing as a ceasefire'
interview Watch out for supply chain hacks especially
Cyber-crime28 Jun 2025 | 61
Crims are posing as insurance companies to steal health records and payment info
Taking advantage of the ridiculously complex US healthcare billing system
Cyber-crime27 Jun 2025 | 7
Cisco punts network-security integration as key for agentic AI
Getting it in might mean re-racking the entire datacenter and rebuilding the network, though
Datacenter Networking Nexus27 Jun 2025 | 6
Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’
update 'No impact on safety,' FAA tells The Reg
Cyber-crime27 Jun 2025 |
So you CAN turn an entire car into a video game controller
Pen Test Partners hijack data from Renault Clio to steer, brake, and accelerate in SuperTuxKart
Offbeat27 Jun 2025 | 35
Data spill in aisle 5: Grocery giant Ahold Delhaize says 2.2M affected after cyberattack
Finance, health, and national identification details compromised
Cyber-crime27 Jun 2025 | 4
FBI used bitcoin wallet records to peg notorious IntelBroker as UK national
Pro tip: Don't use your personal email account on BreachForums
Cyber-crime26 Jun 2025 | 31
What if Microsoft just turned you off? Security pro counts the cost of dependency
Comment Czech researcher lays out a business case for reducing reliance on Redmond
Security26 Jun 2025 | 116
Cisco fixes two critical make-me-root bugs on Identity Services Engine components
A 10.0 and a 9.8 – these aren’t patches to dwell on
Datacenter Networking Nexus26 Jun 2025 | 4
Glasgow City Council online services crippled following cyberattack
Nothing confirmed but authority is operating under the assumption that data has been stolen
Cyber-crime26 Jun 2025 | 14
Qilin ransomware attack on NHS supplier contributed to patient fatality
Pathology outage caused by Synnovis breach linked to harm across dozens of healthcare facilities
Cyber-crime26 Jun 2025 | 7
UK to buy nuclear-capable F-35As that can't be refueled from RAF tankers
Aircraft meant to bolster NATO deterrent will rely on allied support to stay airborne
Security26 Jun 2025 | 276
Frozen foods supermarket chain deploys facial recognition tech
Privacy campaigner brands Iceland's use of 'Orwellian' camera tech 'chilling,' CEO responds: 'It'll cut violent crime'
Security26 Jun 2025 | 119
That WhatsApp from an Israeli infosec expert could be a Iranian phish
Charming Kitten unsheathes its claws and tries to catch credentials
Cyber-crime26 Jun 2025 | 2
Citrix bleeds again: This time a zero-day exploited - patch now
Two emergency patches issued in two weeks
Patches25 Jun 2025 | 1
Amazon's Ring can now use AI to 'learn the routines of your residence'
It's meant to cut down on false positives but could be a trove for mischief-makers
Security25 Jun 2025 | 75
Computer vision research feeds surveillance tech as patent links spike 5×
A bottomless appetite for tracking people as 'objects'
Research25 Jun 2025 | 3
Supply chain attacks surge with orgs 'flying blind' about dependencies
Who is the third party that does the thing in our thing? Yep. Attacks explode over past year
CSO25 Jun 2025 | 4
Biting the hand that feeds IT
