Google says it's rolling out fix for stricken Chromecasts
It'll take a few days, give or take your situation
Personal Tech13 Mar 2025 | 20
Research
That 'angry guest' email from Booking.com? It's a scam, not a 1-star review
Phishers check in, your credentials check out, Microsoft warns
Research13 Mar 2025 | 7
DeepSeek can be gently persuaded to spit out malware code
It might need polishing, but a useful find for any budding cybercrooks out there
Research13 Mar 2025 | 12
MINJA sneak attack poisons AI models for other chatbot users
Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it
AI + ML11 Mar 2025 | 15
Google begs owners of crippled Chromecasts not to hit factory reset
Updated Expired security cert kerfuffle leaves second-gen, Audio gadgets useless
Personal Tech10 Mar 2025 | 64
Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift
Phishing and ancient vulns still do the trick for one of the most prolific groups around
Research10 Mar 2025 | 9
We call this kernel saunters: How Apple rearranged its XNU core with exclaves
iPhone giant compartmentalizes OS for the sake of security
Research08 Mar 2025 | 18
The Badbox botnet is back, powered by up to a million backdoored Androids
Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort
Cyber-crime07 Mar 2025 | 11
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets
Updated They're good at zero-day exploits, too
Public Sector05 Mar 2025 | 17
Ransomware criminals love CISA's KEV list – and that's a bug, not a feature
1 in 3 entries are used to extort civilians, says new paper
Ransomware in Focus28 Feb 2025 | 5
Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o
Updated Model was fine-tuned to write vulnerable software – then suggested enslaving humanity
AI + ML27 Feb 2025 | 128
Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time
Boffins poked around inside censorship engines – here's what they found
Networks27 Feb 2025 | 39
MITRE Caldera security suite scores perfect 10 for insecurity
Is a trivial remote-code execution hole in every version part of the training, or?
Research25 Feb 2025 | 11
China's Silver Fox spoofs medical imaging apps to hijack patients' computers
Sly like a PRC cyberattack
Research25 Feb 2025 | 2
Malware variants that target operational tech systems are very rare – but 2 were found last year
Fuxnet and FrostyGoop were both used in the Russia-Ukraine war
Research25 Feb 2025 | 4
Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes
Said bugs 'can have significant implications' – glad to hear that from Redmond
AI + ML20 Feb 2025 | 7
Critical flaws in Mongoose library expose MongoDB to data thieves, code execution
Bugs fixed, updating to the latest version is advisable
Research20 Feb 2025 | 2
Check out this free automated tool that hunts for exposed AWS secrets in public repos
You can find out if your GitHub codebase is leaking keys ... but so can miscreants
Security19 Feb 2025 | 2
Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload
Because stealing your credentials, banking info, and IP just wasn’t enough
Research18 Feb 2025 | 8
XCSSET macOS malware returns with first new version since 2022
Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert
Research17 Feb 2025 | 6
Popular
Pirate Bay financier and far-right activist Carl Lundström dies in plane crash
Mooney M20 propeller plane hit mountain in Slovenia amid bad weather
User complained his mouse wasn’t working. But he wasn’t using a mouse
On Call The same chap also caused a bomb scare in a missile factory
We did not have Brave clashing with Rupert Murdoch on our 2025 bingo card, but there it is
Indie browser maker asks judge for legal shield against copyright threats over AI summaries
IBM boss Arvind Krishna pockets 23% pay rise to $25M
CEO salary watch What about the average Big Blue worker? $48,582 up from $43,069
Apple's alleged UK encryption battle sparks political and privacy backlash
National security defense being used to keep appeal behind closed doors
AI running out of juice despite Microsoft's hard squeezing
Opinion Biz leaders still dream of obedient agents replacing workers. In the actual workplace, they're going AWOL
Dash to Panel maintainer quits after donations drive becomes dash to disaster
Tin rattling earns rebuke from GNOME extension's original developer as well as dozens of everyday users
Dems ask federal agencies for reassurance DOGE isn't feeding data into AI willy-nilly
Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail
Belgian cops raid Huawei in Euro bribery probe
Chinese giant says it's 'committed' to obeying the law as arrests made
New kids on the ransomware block channel Lockbit to raid Fortinet firewalls
It's March already and you haven't patched?
STORIES
Critical PostgreSQL bug tied to zero-day attack on US Treasury
High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further
Research14 Feb 2025 | 21
North Korea targets crypto developers via NPM supply chain attack
Yet another cash grab from Kim's cronies and an intel update from Microsoft
Research13 Feb 2025 | 8
Russia's Sandworm caught snarfing credentials, data from American and Brit orgs
'Near-global' initial access campaign active since 2021
Research12 Feb 2025 | 9
Canvassing apps used by UK political parties riddled with privacy, security issues
Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org's report
Research30 Jan 2025 | 21
SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon
It's another cousin of Spectre, here to read your email, browsing history, and more
Research29 Jan 2025 | 15
Security pros more confident about fending off ransomware, despite being battered by attacks
Data leak, shmata leak. It will all work out, right?
Cyber-crime28 Jan 2025 | 5
Hackers game out infowar against China with the US Navy
Taipei invites infosec bods to come and play on its home turf
Public Sector20 Jan 2025 | 5
Fortinet: FortiGate config leaks are genuine but misleading
Competition hots up with Ivanti over who can have the worst start to a year
Cyber-crime17 Jan 2025 | 5
Microsoft eggheads say AI can never be made secure – after testing Redmond's own products
If you want a picture of the future, imagine your infosec team stamping on software forever
AI + ML17 Jan 2025 | 85
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used
Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg
Networks14 Jan 2025 | 26
Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days
'Codefinger' crims on the hunt for compromised keys
Research13 Jan 2025 | 5
Security pros baited with fake Windows LDAP exploit traps
Tricky attackers trying yet again to deceive the good guys on home territory
Cyber-crime09 Jan 2025 | 7
DNA sequencers found running ancient BIOS, posing risk to clinical research
Updated Devices on six-year-old firmware vulnerable to takeover and destruction
Research08 Jan 2025 | 24
Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed
Here's what $20 gets you these days
Research08 Jan 2025 | 13
FireScam infostealer poses as Telegram Premium app to surveil Android devices
updated Once installed, it helps itself to your data like it's a free buffet
Research06 Jan 2025 | 5
How cops taking down LockBit, ALPHV led to RansomHub's meteoric rise
Cut off one head, two more grow back in its place
Cyber-crime28 Dec 2024 | 4
How Androxgh0st rose from Mozi's ashes to become 'most prevalent malware'
Botnet's operators 'driven by similar interests as that of the Chinese state'
Cyber-crime24 Dec 2024 | 3
UK ICO not happy with Google's plans to allow device fingerprinting
Infosec in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more
Security23 Dec 2024 | 75
Boffins trick AI model into giving up its secrets
All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days
Research18 Dec 2024 | 20
Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks
IOCONTROL targets IoT and OT devices from a ton of makers, apparently
Research13 Dec 2024 | 15
AMD secure VM tech undone by DRAM meddling
Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory
Systems10 Dec 2024 | 10
Fully patched Cleo products under renewed 'zero-day-ish' mass attack
Thousands of servers targeted while customers wait for patches
Research10 Dec 2024 |
Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket
Exclusive ShinyHunters-linked heist thought to have been ongoing since March
Research09 Dec 2024 | 9
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system
Feature 'It's a double-edged sword,' security researchers tell The Reg
Public Sector08 Dec 2024 | 52
Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday'
Redmond threat intel maven talks explains this persistent pain to The Reg
Security06 Dec 2024 | 16
Data broker leaves 600K+ sensitive files exposed online
Exclusive Researcher spotted open database before criminals … we hope
Research27 Nov 2024 | 22
First-ever UEFI bootkit for Linux in the works, experts say
Bootkitty doesn’t bite… yet
Research27 Nov 2024 | 14
The workplace has become a surveillance state
Cracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices
CxO27 Nov 2024 | 72
'Alarming' security bugs lay low in Linux's needrestart utility for 10 years
Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server
Research21 Nov 2024 | 15
Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed
OSS-Fuzz is making a strong argument for LLMs in security research
AI + ML20 Nov 2024 | 9
China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer
No word on when or if the issue will be fixed
Security19 Nov 2024 | 2
America's drinking water systems have a hard-to-swallow cybersecurity problem
More than 100M rely on gear rife with vulnerabilities, says EPA OIG
Public Sector19 Nov 2024 | 20
Rust haters, unite! Fil-C aims to Make C Great Again
It's memory-safe, with a few caveats
Software16 Nov 2024 | 104
Letting chatbots run robots ends as badly as you'd expect
LLM-controlled droids easily jailbroken to perform mayhem, researchers warn
AI + ML16 Nov 2024 | 44
Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'
Updated Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds
Research14 Nov 2024 | 5
China's Volt Typhoon crew and its botnet surge back with a vengeance
Ohm, for flux sake
Public Sector13 Nov 2024 | 4
Don't open that 'copyright infringement' email attachment – it's an infostealer
Curiosity gives crims access to wallets and passwords
Research07 Nov 2024 | 21
Cybercrooks are targeting Bengal cat lovers in Australia for some reason
In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos
Research06 Nov 2024 | 15
Criminals open DocuSign's Envelope API to make BEC special delivery
Why? Because that's where the money is
Research05 Nov 2024 | 4
Ongoing typosquatting campaign impersonates hundreds of popular npm packages
Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials
Research05 Nov 2024 | 11
Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed
You snooze, you lose, er, win
AI + ML05 Nov 2024 | 19
Gang gobbles 15K credentials from cloud and email providers' garbage Git configs
Emeraldwhale looked sharp – until it made a common S3 bucket mistake
Research31 Oct 2024 | 2
AWS Cloud Development Kit flaw exposed accounts to full takeover
Remember Bucket Monopoly? Yeah, it gets worse
Cybersecurity Month24 Oct 2024 | 13
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers
Attacks on unprotected servers reach 'critical level'
Cybersecurity Month24 Oct 2024 | 1
Millions of Android and iOS users at risk from hardcoded creds in popular apps
Azure Blob Storage, AWS, and Twilio keys all up for grabs
Cybersecurity Month23 Oct 2024 | 17
WeChat devs introduced security flaws when they modded TLS, say researchers
No attacks possible, but enough issues to cause concern
Cybersecurity Month17 Oct 2024 | 15
WhatsApp may expose the OS you use to run it – which could expose you to crooks
Updated Meta knows messaging service creates persistent user IDs that have different qualities on each device
Research16 Oct 2024 | 16
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption
With an off-the-shelf D-Wave machine, but only against very short keys
Cybersecurity Month14 Oct 2024 | 23
INC ransomware rebrands to Lynx – same code, new name, still up to no good
Researchers point to evidence that scumbags visited the strategy boutique
Cybersecurity Month11 Oct 2024 | 10
Smart TVs are spying on everyone
Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change
Cybersecurity Month09 Oct 2024 | 127
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds
'You can build this in a few days – even as a very naïve developer'
Cybersecurity Month04 Oct 2024 | 115
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant
Exclusive Crooks 'like a sysadmin, with a malicious slant'
Cybersecurity Month03 Oct 2024 | 3
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great
Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline
Cybersecurity Month02 Oct 2024 | 8
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find
Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works
Security02 Oct 2024 | 9
Cloud threats have execs the most freaked out because they're not prepared
Ransomware? More like 'we don't care' for everyone but CISOs
Research30 Sep 2024 | 3
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy'
Interview Alethe Denis exposes tricks that made you fall for that return-to-office survey
Cybersecurity Month29 Sep 2024 | 68
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud
Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda
Research27 Sep 2024 | 6
Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge
Severe incidents may be down, but Putin had to throw one in for good measure
Cyber-crime24 Sep 2024 | 9
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town
No malware crew linked to this latest red-teaming tool yet
Research23 Sep 2024 |
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom
Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals
Personal Tech19 Sep 2024 | 26
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations
Updated Better check your widgets, people
Research19 Sep 2024 | 7
Tor insists its network is safe after German cops convict CSAM dark-web admin
Outdated software blamed for cracks in the armor
Cyber-crime19 Sep 2024 | 25
Putin really wants Trump back in the White House
US govt, Microsoft report on Kremlin trolls' latest antics to Make America Grate Again
Research18 Sep 2024 | 268
Chinese spies spent months inside aerospace engineering firm's network via legacy IT
Exclusive Getting sloppy, Xi
CSO18 Sep 2024 | 32
Feeld dating app's security too open-minded as private data swings into public view
No love for months-long wait to fix this, either
Research13 Sep 2024 | 8
Mind your header! There's nothing refreshing about phishers' latest tactic
It could lead to a costly BEC situation
Research12 Sep 2024 | 2
If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM
Academically interesting technique for poking holes in paywalled tech specs
Research12 Sep 2024 | 37
How $20 and a lapsed domain allowed security pros to undermine internet integrity
What happens at Black Hat…
Research11 Sep 2024 | 19
Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade
Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials
Research04 Sep 2024 |
Novel attack on Windows spotted in phishing campaign run from and targeting China
Resources hosted at Tencent Cloud involved in Cobalt Strike campaign
Research02 Sep 2024 | 3
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers
Updated Infosec hounds say they spotted vulnerability during routine travel in the US
Research30 Aug 2024 | 28
31.5M invoices, contracts, patient consent forms, and more exposed to the internet
Exclusive Unprotected database with 12 years of biz records yanked offline
CSO26 Aug 2024 | 28
110K domains targeted in 'sophisticated' AWS cloud extortion campaign
Updated If you needed yet another reminder of what happens when security basics go awry
Research21 Aug 2024 | 4
Digital wallets can allow purchases with stolen credit cards
Researchers find it's possible to downgrade authentication checks, and shabby token refresh policies
Research20 Aug 2024 | 36
Multiple flaws in Microsoft macOS apps unpatched despite potential risks
Windows giant tells Cisco Talos it isn't fixing them
Research19 Aug 2024 | 21
Google raps Iran's APT42 for raining down spear-phishing attacks
US politicians and Israeli officials among the top targets for the IRGC’s cyber unit
Research15 Aug 2024 | 1
China-linked cyber-spies infect Russian govt, IT sector
No, no, go ahead, don't let us stop you, Xi
Research15 Aug 2024 | 17
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls
Because apps talking like pirates and creating ASCII art never gets old
AI + ML13 Aug 2024 | 17
Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction
Is that a lot? Depends on the context. GHz, no. Voltage, yes
Personal Tech09 Aug 2024 | 28
It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0
Can't reach someone's private server on localhost from outside? No problem
Research09 Aug 2024 | 39
Biting the hand that feeds IT
