Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit
Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg
Patches12 Dec 2025 | 2
Security
New React vulns leak secrets, invite DoS attacks
And the earlier React2Shell patch is vulnerable
Patches12 Dec 2025 | 3
Microsoft promises more bug payouts, with or without a bounty program
Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move
Security12 Dec 2025 | 3
Uncle Sam sues ex-Accenture manager over Army cloud security claims
Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements
Off-Prem12 Dec 2025 | 7
UK watchdog urged to probe GDPR failures in Home Office eVisa rollout
Rights groups say digital-only record is leaking data and courting trouble
Public Sector12 Dec 2025 | 20
Half of exposed React servers remain unpatched amid active exploitation
Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews
Cyber-crime12 Dec 2025 | 9
Crypto-crasher Do Kwon jailed for 15 years over $40bn UST bust
Judge said his fraud was on 'epic, generational scale'
Legal12 Dec 2025 | 20
Russian hackers debut simple ransomware service, but store keys in plain text
Operators accidentally left a way for you to get your data back
Cyber-crime11 Dec 2025 | 5
Google fixes super-secret 8th Chrome 0-day
No details, no CVE, update your browser now
Patches11 Dec 2025 | 8
LastPass hammered with £1.2M fine for 2022 breach fiasco
UK data regulator says failures were unacceptable for a company managing the world's passwords
Cyber-crime11 Dec 2025 | 33
Researcher claims Salt Typhoon spies attended Cisco training scheme
Skills gained later fed Beijing's cyber operations, according to SentinelLabs expert
Security11 Dec 2025 | 12
10K Docker images spray live cloud creds across the internet
Flare warns devs are unwittingly publishing production-level secrets
Research11 Dec 2025 | 12
Users report chaos as Legal Aid Agency stumbles back online after cyberattack
Exclusive Workers frustrated with security-first changes to workflows and teething issues
Cyber-crime11 Dec 2025 | 3
700+ self-hosted Gits battered in 0-day attacks with no fix imminent
More than half of internet-exposed instances already compromised
Cyber-crime10 Dec 2025 | 14
US extradites Ukrainian woman accused of hacking meat processing plant for Russia
The digital intrusion allegedly caused thousands of pounds of meat to spoil and triggered an ammonia leak in the facility
Cyber-crime10 Dec 2025 | 21
Microsoft won't fix .NET RCE bug affecting slew of enterprise apps, researchers say
Updated Devs and users should know better, Microsoft tells watchTowr
Security10 Dec 2025 | 48
Protecting value at risk - the role of a risk operations center
Why should Keith Richards’ fingers inform your approach to risk?
Partner Content
Crisis in Icebergen: How NATO crafts stories to sharpen cyber skills
feature 1,500 military digital defenders spent the past week cleaning up a series of cyberattacks on fictional island
Security10 Dec 2025 | 6
Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday
Updated Plus critical critical Notepad++, Ivanti, and Fortinet updates, and one of these patches an under-attack security hole
Security09 Dec 2025 | 19
How to answer the door when the AI agents come knocking
Identity management vendors like Okta see an opening to calm CISOs worried about agents running amok
AI + ML09 Dec 2025 | 12
Popular
Russian hackers debut simple ransomware service, but store keys in plain text
Operators accidentally left a way for you to get your data back
VMware kills vSphere Foundation in parts of EMEA
Exclusive Broadcom told The Register that EMEA customers need to check with their local dealer to see if VVF remains on the menu
User insisted their screen was blank, until admitting it wasn't
On Call Getting that confession took hours, during which L1 and L2 support gave up
Google fixes super-secret 8th Chrome 0-day
No details, no CVE, update your browser now
Researcher claims Salt Typhoon spies attended Cisco training scheme
Skills gained later fed Beijing's cyber operations, according to SentinelLabs expert
LastPass hammered with £1.2M fine for 2022 breach fiasco
UK data regulator says failures were unacceptable for a company managing the world's passwords
Legacy Update expands archive of vanished Microsoft downloads
Preserving not just updates, but also lots of the now-deleted optional extras
Silicon photonics won’t matter ‘anytime soon’ says Broadcom CEO
Chips ’n’ code giant sitting on $50bn of custom AI accelerator orders, sees more to come
Microsoft research shows chatbots seeping into everyday life
Copilot – your cuddly companion for nighttime introspection
Taikonauts inspect cracked Shenzhou-20 window during Tiangong spacewalk
Eight-hour EVA was also first outing for new spacesuits
STORIES
Porsche panic in Russia as pricey status symbols forget how to car
Satellite silence trips immobilizers, leaving owners stuck
Security09 Dec 2025 | 121
As humanoid robots enter the mainstream, security pros flag the risk of botnets on legs
Interview Have we learned nothing from sci-fi films and TV shows?
Research09 Dec 2025 | 43
UK to Europe: The time to counter Russia's information war machine is now
Foreign secretary set to address senior diplomats later today
Security09 Dec 2025 | 109
UK finally vows to look at 35-year-old Computer Misuse Act
As Portugal gives researchers a pass under cybersecurity law
Security09 Dec 2025 | 54
Whitehall rejects £1.8B digital ID price tag – but won't say what it will cost
Officials insist OBR relied on 'early estimate' and real figure won't emerge until next year
Public Sector09 Dec 2025 | 50
Researchers spot 700 percent increase in hypervisor ransomware attacks
Get your Hyper-V and VMware ESXi setups in order, people
Virtualization09 Dec 2025 | 10
193 cybercrims arrested, accused of plotting 'violence-as-a-service'
Minors groomed to kill and intimidate victims
Cyber-crime08 Dec 2025 | 5
UK moves to strengthen undersea cable defenses as Russian snooping ramps up
Atlantic Bastion combines AI systems with warships to counter increased surveillance
Networks08 Dec 2025 | 21
Home Office kept police facial recognition flaws to itself, UK data watchdog fumes
Regulator disappointed as soon-to-be-scrapped algo's problems remained a secret despite consistent engagement
Security08 Dec 2025 | 24
Barts Health seeks High Court block after Clop pillages NHS trust data
Body confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul
Cyber-crime08 Dec 2025 | 23
Block all AI browsers for the foreseeable future: Gartner
Analysts worry lazy users could have agents complete mandatory infosec training, and attackers could do far nastier things
AI + ML08 Dec 2025 | 55
China’s first reusable rocket explodes, but its onboard Ethernet network flew
Asia In Brief PLUS: South Korea to strengthen security standards; Canon closes Chinese printer plant; APAC datacenter capacity to triple by 2029; And more
Networks08 Dec 2025 | 19
Apache warns of 10.0-rated flaw in Tika metadata ingestion tool
Infosec in Brief PLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more!
Security08 Dec 2025 | 7
Death to one-time text codes: Passkeys are the new hotness in MFA
Wanna know a secret?
Security06 Dec 2025 | 100
Crims using social media images, videos in 'virtual kidnapping' scams
Proof of life? Or an active social media presence?
Cyber-crime05 Dec 2025 | 8
Novel clickjacking attack relies on CSS and SVG
Who needs JavaScript?
Research05 Dec 2025 | 12
Cloudflare blames Friday outage on borked fix for React2shell vuln
Security community needs to rally and share more info faster, one researcher says
Security05 Dec 2025 | 15
Asus supplier hit by ransomware attack as gang flaunts alleged 1 TB haul
Laptop maker says a vendor breach exposed some phone camera code, but not its own systems
Cyber-crime05 Dec 2025 | 3
Beijing-linked hackers are hammering max-severity React bug, AWS warns
State-backed attackers started poking flaw as soon as it dropped – anyone still unpatched is on borrowed time
Cyber-crime05 Dec 2025 | 4
UK pushes ahead with facial recognition expansion despite civil liberties backlash
Plan would create statutory powers for police use of biometrics, prompting warnings of mass surveillance
Security05 Dec 2025 | 49
Bots, bias, and bunk: How can you tell what's real on the net?
Opinion You can improve the odds by combining skepticism, verification habits, and a few technical checks
AI + ML05 Dec 2025 | 58
An AI for an AI: Anthropic says AI agents require AI defense
Automated software keeps getting better at pilfering cryptocurrency
Security05 Dec 2025 | 10
PRC spies Brickstormed their way into critical US networks and remained hidden for years
'Dozens' of US orgs infected
Cyber-crime04 Dec 2025 | 3
Hegseth needs to go to secure messaging school, report says
He's not alone: DoD inspector general says the whole Defense Department has a messaging security problem
Security04 Dec 2025 | 41
Twins who hacked State Dept hired to work for gov again, now charged with deleting databases
And then they asked an AI to help cover their tracks
Cyber-crime04 Dec 2025 | 18
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files
Patches04 Dec 2025 | 17
Aisuru botnet turns Q3 into a terabit-scale stress test for the entire internet
Cloudflare data shows 29.7 Tbps record-breaker landed amid 87% surge in network-layer attacks
Cyber-crime04 Dec 2025 | 21
TLS 1.3 includes welcome improvements, but still allows long-lived secrets
Systems Approach Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear
Networks04 Dec 2025 | 1
Rust core library partly polished for industrial safety spec
Ferrous Systems achieves IEC 61508 (SIL 2) certification for systems that demand reliability
Software04 Dec 2025 | 5
'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole
Finish reading this, then patch
Security03 Dec 2025 | 33
Here’s your worst nightmare: E-tailer can only resume partial sales 45 days after ransomware attack
Japan’s Askul still can’t run all its sites, but at least the fax line held up OK
Security03 Dec 2025 | 9
Indian government reveals GPS spoofing at eight major airports
Extra infosec investments are taxiing towards the runway
Security03 Dec 2025 | 23
Two Android 0-day bugs disclosed and fixed, plus 105 more to patch
Christmas comes early for attackers this year
Patches02 Dec 2025 | 13
University of Pennsylvania joins list of victims from Clop's Oracle EBS raid
Ivy League school warns more than 1,400 people after attackers siphon data via zero-day
Cyber-crime02 Dec 2025 | 1
Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin
Operation Olympia pulls Swiss servers offline and scoops up 12TB of data in latest crime infrastructure crackdown
Cyber-crime02 Dec 2025 | 8
Kensington and Chelsea confirms IT outage was a data breach after all
Borough says attackers copied 'historical' info as three-council cyber woes drag on
Cyber-crime02 Dec 2025 | 6
FTC schools edtech outfit after intruder walked off with 10M student records
Regulator says Illuminate ignored years of warnings, stored kids' data in plain text, and kept districts in the dark
Cyber-crime02 Dec 2025 | 13
India demands smartphone makers install a government app on every handset
'Sanchar Saathi' shares data to help fight fraud and protect carrier security
Public Sector02 Dec 2025 | 30
Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spyware
And some are still active in the Microsoft Edge store
Cyber-crime01 Dec 2025 | 41
Four arrested in South Korea over massive IP camera snooping spree
Plus: Aussie Wi-Fi phisher and Brit dark web dealer nailed
Cyber-crime01 Dec 2025 | 6
Dutch study finds teen cybercrime is mostly just a phase
Only a select few continue into later life, mainly for the love of the game
Cyber-crime01 Dec 2025 | 9
South Korea's answer to Amazon admits breach exposed 33.7M customers
Coupang confirms internationally routed intrusion compromised more than half of the country's population
Cyber-crime01 Dec 2025 |
French Football Federation faces own-goal after club software data breach
Zut alors! Cybercrooks scored names, numbers, and license IDs
Cyber-crime01 Dec 2025 | 2
Google and Apple ordered to stop fake government TXTs
Asia in Brief PLUS: India wants to build big airliners; Half of South Koreans caught in data leak; Minimum wage for gig workers in Oz; And more!
Public Sector01 Dec 2025 | 13
Swiss government says give M365, and all SaaS, a miss as it lacks end-to-end encryption
Infosec In Brief PLUS: Exercise app tells spies to stop mapping; GitLab scan reveals 17,000 secrets; Leak exposes Iran’s Charming Kitten; And more!
Security01 Dec 2025 | 27
PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm
Devops28 Nov 2025 | 8
Brit telco Brsk confirms breach as bidding begins for 230K+ customer records
Crims claim to know which customers are marked 'vulnerable'
Networks28 Nov 2025 | 15
GrapheneOS bails on OVHcloud over France's privacy stance
Project cites fears of state access as cloud sovereignty row deepens
Security28 Nov 2025 | 52
TryHackMe races to add women to Christmas cyber challenge roster after backlash
Training outfit scrambles to fix all-male lineup before December kickoff
Security28 Nov 2025 | 31
OBR drags in cyber bigwig after Budget leak blunder
Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule
Offbeat28 Nov 2025 | 37
UK digital ID plan gets a price tag at last – £1.8B
OBR says the scheme will cost £600M a year with no identified savings
Public Sector28 Nov 2025 | 143
Korean web giant Naver acquired crypto exchange Upbit, which reported a $30m heist a day later
Talk about buyer’s remorse
Cyber-crime28 Nov 2025 | 6
Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites
ReliaQuest finds fresh crop of phishing domains and toxic tickets
Research27 Nov 2025 | 1
OpenAI cuts off Mixpanel after analytics leak exposes API users
ChatGPT maker places other vendors under review following breach
AI + ML27 Nov 2025 | 4
FCC sounds alarm after emergency tones turned into potty-mouthed radio takeover
Agency flags hijacks of insecure studio-to-transmitter gear after attackers pipe in fake alerts and vulgar audio
Cyber-crime27 Nov 2025 | 36
Asahi admits ransomware gang may have spilled almost 2M people's data
Brewer finally tallies fallout from September attack as it pushes earnings into 2026
Cyber-crime27 Nov 2025 | 5
Scottish council still rebuilding systems two years after ransomware attack
Audit sympathetic toward Comhairle nan Eilean Siar as staff stretched to capacity trying to recover
Cyber-crime27 Nov 2025 | 23
Gainsight CEO downplays breach, says only a 'handful' of customers had data stolen
Maybe if your hand has 200+ fingers...
Cyber-crime26 Nov 2025 | 7
Botnet takes advantage of AWS outage to smack 28 countries
Even worse, it might have been a 'test run' for future attacks
Cyber-crime26 Nov 2025 | 4
Mobile industry warns patchwork cyber regs are driving up costs
GSMA says fragmented, poorly designed laws add burdens without making networks any safer
Security26 Nov 2025 | 8
CodeRED emergency alert system CodeDEAD after INC ransomware attack
Regions across US affected, and one tore up its contract for the product
Cyber-crime26 Nov 2025 | 15
US Navy scuttles Constellation frigate program for being too slow for tomorrow's threats
Service limits 20-ship line to two hulls after redesigns and delays torpedo schedule
Offbeat26 Nov 2025 | 74
London councils probe cyber incident as shared IT systems knocked offline
Three boroughs confirm investigation amid service outages, disrupted phone lines, and limited online access
Cyber-crime26 Nov 2025 | 21
Top five cybersecurity Black Friday deals for businesses 2025
Smart cybersecurity investments during Black Friday 2025. The best enterprise security deals with up to 60 percent off
Partner Content
Lifetime access to AI-for-evil WormGPT 4 costs just $220
'Ah, I see you're ready to escalate. Let's make digital destruction simple and effective.'
Security25 Nov 2025 | 7
Corporate predators get more than they bargain for when their prey runs SonicWall firewalls
Acquirers inherit more than staff and systems
Cyber-crime25 Nov 2025 | 1
HashJack attack shows AI browsers can be fooled with a simple ‘#’
Hashtag-do-whatever-I-tell-you
AI + ML25 Nov 2025 | 25
Get ready for 2026, the year of AI-aided ransomware
State-backed crews are already poking at autonomous tools, Trend Micro warns
Cyber-crime25 Nov 2025 | 4
Clop's Oracle EBS rampage reaches Dartmouth College
Uni notifies 1,400-plus Maine residents as zero-day fallout continues
Cyber-crime25 Nov 2025 |
CISA warns spyware crews are breaking into Signal and WhatsApp accounts
Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users
Cyber-crime25 Nov 2025 | 34
Russian spy ship theories sink after Orkney blackout traced to wind farm fault
Timing of Yantar's visit sparked gossip, but engineers point to a misbehaving protection system
Offbeat25 Nov 2025 | 20
ZTE, China Unicom Liaoning and Dalian Changhai Airport launch 5G-A ISAC private network to elevate low-altitude security and airport safety
Millimeter-wave ISAC and edge AI create unified sensing-communication capabilities for next-generation low-altitude security
Partner Content
Fresh ClickFix attacks use Windows Update trick-pics to steal credentials
Poisoned PNGs contain malicious code
Security24 Nov 2025 | 4
Praise Amazon for raising this service from the dead
Opinion The hardest part is admitting you were wrong, which AWS did.
SaaS24 Nov 2025 | 17
Ex-CISA officials, CISOs dispel 'hacklore,' spread cybersecurity truths
Don't believe everything you read
Security24 Nov 2025 | 19
Years-old bugs in open source tool left every major cloud open to disruption
Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs
Security24 Nov 2025 | 10
Intrusion at real estate finance biz sparks concern for big banks
SitusAMC rules out ransomware, but accounting records for major institutions potentially affected
Cyber-crime24 Nov 2025 | 2
Shai-Hulud worm returns, belches secrets to 25K GitHub repos
Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days
Cyber-crime24 Nov 2025 | 5
FCC guts post-Salt Typhoon telco rules despite ongoing espionage risk
Months after China-linked spies burrowed into US networks, regulator tears up its own response
CSO24 Nov 2025 | 10
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix
CSO24 Nov 2025 |
Biting the hand that feeds IT
