A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'
And it's 'not unique to AWS,' researcher tells The Reg
Research15 Jan 2026 | 10
Research
'Imagination the limit': DeadLock ransomware gang using smart contracts to hide their work
New crooks on the block get crafty with blockchain to evade defenses
Research14 Jan 2026 | 1
Popular Python libraries used in Hugging Face models subject to poisoned metadata attack
The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group
Patches13 Jan 2026 | 1
Mandiant open sources tool to prevent leaky Salesforce misconfigs
AuraInspector automates the most common abuses and generates fixes for customers
SaaS13 Jan 2026 |
OpenAI putting bandaids on bandaids as prompt injection problems keep festering
Happy Groundhog Day!
Research08 Jan 2026 | 21
Fake Windows BSODs check in at Europe's hotels to con staff into running malware
Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls
Research06 Jan 2026 | 15
Your car’s web browser may be on the road to cyber ruin
Study finds built-in browsers across gadgets often ship years out of date
Research18 Dec 2025 | 75
China's Ink Dragon hides out in European government networks
Misconfigured servers are in, 0-days out
Research16 Dec 2025 | 13
Browser 'privacy' extensions have eye on your AI, log all your chats
More than 8 million people have installed extensions that eavesdrop on chatbot interactions
AI + ML16 Dec 2025 | 28
Honeypots can help defenders, or damn them if implemented badly
Infosec In Brief PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more
Security14 Dec 2025 | 3
10K Docker images spray live cloud creds across the internet
Flare warns devs are unwittingly publishing production-level secrets
Research11 Dec 2025 | 12
As humanoid robots enter the mainstream, security pros flag the risk of botnets on legs
Interview Have we learned nothing from sci-fi films and TV shows?
Research09 Dec 2025 | 45
Apache warns of 10.0-rated flaw in Tika metadata ingestion tool
Infosec in Brief PLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more!
Security08 Dec 2025 | 7
Novel clickjacking attack relies on CSS and SVG
Who needs JavaScript?
Research05 Dec 2025 | 12
'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole
Finish reading this, then patch
Security03 Dec 2025 | 33
Swiss government says give M365, and all SaaS, a miss as it lacks end-to-end encryption
Infosec In Brief PLUS: Exercise app tells spies to stop mapping; GitLab scan reveals 17,000 secrets; Leak exposes Iran’s Charming Kitten; And more!
Security01 Dec 2025 | 28
Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites
ReliaQuest finds fresh crop of phishing domains and toxic tickets
Research27 Nov 2025 | 1
HashJack attack shows AI browsers can be fooled with a simple ‘#’
Hashtag-do-whatever-I-tell-you
AI + ML25 Nov 2025 | 27
Fresh ClickFix attacks use Windows Update trick-pics to steal credentials
Poisoned PNGs contain malicious code
Security24 Nov 2025 | 4
LLM-generated malware is improving, but don't expect autonomous attacks tomorrow
Researchers tried to get ChatGPT to do evil, but it didn't do a good job
Research20 Nov 2025 | 2
Popular
AWS flips switch on Euro cloud as customers fret about digital sovereignty
EU-only ops, German subsidiaries, and a pinky promise your data won't end up in Uncle Sam's hands
Dell wants £10m+ from VMware if Tesco case goes against it
Exclusive Retail giant's disty, reseller, and vendor all say they can't and won't sell
Wine 11 runs Windows apps in Linux and macOS better than ever
Transparently runs 16, 32, and 64-bit Windows apps, but still doesn't use the Microsoft store.
AI may be everywhere, but it's nowhere in recent productivity statistics
Interview Forrester principal analyst JP Gownder says jobs eaten by bots don't come back
A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'
And it's 'not unique to AWS,' researcher tells The Reg
New Linux malware targets the cloud, steals creds, and then vanishes
Cloud-native, 37 plugins … an attacker's dream
Maker fight! SparkFun cuts ties with Adafruit in harassment dispute
Adafruit claims SparkFun aims to shoot the messenger for criticizing corporate tolerance of intolerance
Engineer used welding shop air hose to 'clean' PCs – hilarity did not ensue
On Call How not to maintain computers
Windows App forgets how to log in with first security update of the year
January patch trips up Azure Virtual Desktop and Windows 365 authentication
Flipping one bit leaves AMD CPUs open to VM vuln
Fix landed in July, but OEM firmware updates are required
STORIES
Researchers claim 'largest leak ever' after uncovering WhatsApp enumeration flaw
Two-day exploit opened up 3.5 billion users to myriad potential harms
Research19 Nov 2025 | 67
Tens of thousands more ASUS routers pwned by suspected, evolving China operation
Researchers say attacks are laying the groundwork for stealthy espionage activity
Cyber-crime19 Nov 2025 | 37
Overconfidence is the new zero-day as teams stumble through cyber simulations
Readiness metrics have flatlined since 2023, with most sectors slipping backward as teams fumble crisis drills
Security17 Nov 2025 | 7
UK asks cyberspies to probe whether Chinese buses can be switched off remotely
Norwegian testers claim maker has remote access, while UK importer says supplier complies with the law
Security11 Nov 2025 | 74
LLM side-channel attack could allow snoops to guess what you're talking about
Updated Encryption protects content, not context
Research11 Nov 2025 | 7
Previously unknown Landfall spyware used in 0-day attacks on Samsung phones
'Precision espionage campaign' began months before the flaw was fixed
Research07 Nov 2025 | 8
MIT Sloan quietly shelves AI ransomware study after researcher calls BS
Even AI has doubts about the claim that '80% of ransomware attacks are AI-driven'
Research03 Nov 2025 | 18
Proton trains new service to expose corporate infosec cover-ups
Service will tell on compromised organizations, even if they didn't plan on doing so themselves
Security30 Oct 2025 |
Invisible npm malware pulls a disappearing act – then nicks your tokens
PhantomRaven slipped over a hundred credential-stealing packages into npm
Security30 Oct 2025 | 18
Researchers exploit OpenAI's Atlas by disguising prompts as URLs
NeuralTrust shows how agentic browser can interpret bogus links as trusted user commands
Research27 Oct 2025 | 3
How malware vaccines could stop ransomware's rampage
Feature Security pros explore whether infection-spoofing code can immunize Windows systems against attack
Security21 Oct 2025 | 24
Devs are writing VS Code extensions that blab secrets by the bucketload
Vibe coding may have played a role in what took researchers months to fix
Research15 Oct 2025 | 10
Pro-Russia hacktivist group dies of cringe after falling into researchers' trap
Forescout's phony water plant fooled TwoNet into claiming a fake cyber victory – then it quietly shut up shop
Security10 Oct 2025 | 10
Tile trackers are a stalker's dream, say Georgia Tech researchers
Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy
Research30 Sep 2025 | 15
Hunt for RedNovember: Beijing hacked critical orgs in year-long snooping campaign
Not to be confused with all the other reports of Chinese intruders on US networks that came to light this week
Research27 Sep 2025 | 14
Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects
Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses
Security26 Sep 2025 | 2
Google warns China-linked spies lurking in 'numerous' enterprises
Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'
Research24 Sep 2025 | 8
Nearly half of businesses suffered deepfaked phone calls against staff
AI attacks on the rise
Research23 Sep 2025 | 5
Kaspersky: RevengeHotels checks back in with AI-coded malware
Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk
Research23 Sep 2025 | 2
Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack
Google and ETH Zurich found problems with AMD/SK Hynix combo, will probe other hardware
Research17 Sep 2025 | 16
FileFix attacks use fake Facebook security alerts to trick victims into running infostealers
Tech evolved from PoC to global campaign in under two months
Security16 Sep 2025 | 6
HybridPetya: More proof that Secure Boot bypasses are not just an urban legend
Although it hasn't been seen in the wild yet
Research12 Sep 2025 | 23
AI-powered penetration tool, an attacker's dream, downloaded 10K times in 2 months
Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit
Research11 Sep 2025 |
Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
AMD Zen hardware and Intel Coffee Lake affected
Research11 Sep 2025 | 4
Apple slips up on ChillyHell macOS malware, lets it past security . . . for 4 years
'We do believe that this was likely the creation of a cybercrime group,' threat hunter tells The Reg
Research10 Sep 2025 | 18
Internet mapping and research outfit Censys reveals state-based abuse, harassment
‘Universities are being used to proxy offensive government operations, turning research access decisions political’
Research03 Sep 2025 | 19
LegalPwn: Tricking LLMs by burying badness in lawyerly fine print
Trust and believe – AI models trained to see 'legal' doc as super legit
AI + ML01 Sep 2025 | 35
Researcher who found McDonald's free-food hack turns her attention to Chinese restaurant robots
Updated The controls were left wide open on Pudu's robots
Research29 Aug 2025 | 34
ChatGPT hates LA Chargers fans
Harvard researchers find model guardrails tailor query responses to user's inferred politics and other affiliations
AI + ML27 Aug 2025 | 15
Nx NPM packages poisoned in AI-assisted supply chain attack
Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon
Devops27 Aug 2025 | 2
Who are you again? Infosec experiencing 'Identity crisis' amid rising login attacks
Vendor insists passkeys are the future, but getting workers on board is proving difficult
Research27 Aug 2025 | 39
ZipLine attack uses 'Contact Us' forms, White House butler pic to invade sensitive industries
'Many dozens' targeted in ongoing campaign, CheckPoint researcher tells The Reg
Cyber-crime26 Aug 2025 | 6
Fake CAPTCHA tests trick users into running malware
ClickFix tricks
Research22 Aug 2025 | 31
Google yet to take down 'screenshot-grabbing' Chrome VPN extension
Updated Researcher claims extension didn't start out by exfiltrating info... while dev says its actions are 'compliant'
Research21 Aug 2025 | 10
AI crawlers and fetchers are blowing up websites, with Meta and OpenAI the worst offenders
Updated One fetcher bot seen smacking a website with 39,000 requests per minute
AI + ML21 Aug 2025 | 83
Facial recognition works better in the lab than on the street, researchers show
High accuracy scores come from conditions that don't reflect real-world usage
Research18 Aug 2025 | 31
Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations
UPdated Sni5Gect research crew targets sweet spot during device / network handshake pause
Research18 Aug 2025 | 13
'MadeYouReset' HTTP/2 flaw lets attackers DoS servers
Researchers had to notify over 100 vendors of flaw that builds on 2023's Rapid Reset with neat twist past usual mitigations
Research14 Aug 2025 | 7
Poisoned telemetry can turn AIOps into AI Oops, researchers show
Sysadmins, your job is safe
Networks12 Aug 2025 | 6
Chinese biz using AI to hit US politicians, influencers with propaganda
DEF CON In misinformation, Russia might be the top dog but the Chinese are coming warns former NSA boss
Research08 Aug 2025 | 17
Infosec hounds spot prompt injection vuln in Google Gemini apps
Black hat Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed
Research08 Aug 2025 | 4
German security researchers say 'Windows Hell No' to Microsoft biometrics for biz
Black Hat Hello loophole could let a rogue admin, or a pwned one, inject new facial scans
Research07 Aug 2025 | 31
Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack
black hat Psst, wanna steal someone's biometrics?
Patches05 Aug 2025 | 20
Study finds humans not completely useless at malware detection
Some pinpointed software nasties but were suspicious of printer drivers too
Security05 Aug 2025 | 11
Cybercrooks attached Raspberry Pi to bank network and drained ATM cash
Criminals used undocumented techniques and well-placed insiders to remotely withdraw money
Research01 Aug 2025 | 26
Kremlin goons caught abusing ISPs to spy on Moscow-based diplomats, Microsoft says
Russia spying on foreign embassies? Say it ain't so
Security31 Jul 2025 | 61
Silk Typhoon spun a web of patents for offensive cyber tools, report says
US court docs reveal that infamous Chinese snoops filed IP papers like tax returns
Research31 Jul 2025 | 3
FBI: Watch out for these signs Scattered Spider is spinning its web around your org
New malware, even better social engineering chops
Cyber-crime29 Jul 2025 | 11
Security pros are drowning in threat-intel data and it's making everything more dangerous
Plus, 60% don't have enough analysts to make sense of it
CSO28 Jul 2025 | 17
Freelance dev shop Toptal caught serving malware after GitHub account break-in
updated Malicious code lurking in over 5,000 downloads, says Socket researcher
Cyber-crime25 Jul 2025 | 2
Coyote malware abuses Microsoft's UI Automation to hunt banking creds
Some coyotes hunt squirrels, this one hunts users' financial apps
Research24 Jul 2025 | 1
Quantum code breaking? You'd get further with an 8-bit computer, an abacus, and a dog
Computer scientist Peter Gutmann tells The Reg why it's 'bollocks'
Research17 Jul 2025 | 97
Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit
Updated Someone's OVERSTEPing the mark
Research16 Jul 2025 | 3
Nvidia A6000 GPUs flip memory bits if beaten by GPUHammer
Rowhammer returns for more memory-meddling fun
Research14 Jul 2025 | 4
How to trick ChatGPT into revealing Windows keys? I give up
No, really, those are the magic words
Research09 Jul 2025 | 101
Massive browser hijacking campaign infects 2.3M Chrome, Edge users
updated These extensions weren't malware-laced from the start, researcher says
Research08 Jul 2025 | 39
Phishing platforms, infostealers blamed as identity attacks soar
Get your creds in order or risk BEC, ransomware attacks, orgs warned
CSO07 Jul 2025 |
ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies
Crims have cottoned on to a new way to lead you astray
Research03 Jul 2025 | 24
Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks
Experts say they don't expect the MOVEit menace to do much about it
Research02 Jul 2025 | 3
Computer vision research feeds surveillance tech as patent links spike 5×
A bottomless appetite for tracking people as 'objects'
Research25 Jun 2025 | 3
Boffins devise voice-altering tech to jam 'vishing' schemes
To stop AI scam callers, break automatic speech recognition systems
Research19 Jun 2025 | 42
Do you trust Xi with your 'private' browsing data? Apple, Google stores still offer China-based VPNs, report says
Some trace back to an outfit under US export controls for alleged PLA links
Research13 Jun 2025 | 33
Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks
The 16 other flagged issues are on customers, says CRM giant
Research11 Jun 2025 |
Critical Wazuh bug exploited in growing Mirai botnet infection
The open-source XDR/SIEM provider’s servers are in other botnets’ crosshairs too
Research10 Jun 2025 |
Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser
Majority of exposures located in the US, including datacenters, healthcare facilities, factories, and more
Research10 Jun 2025 | 59
Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
SentinelOne discovered the campaign when they tried to hit the security vendor's own servers
Research09 Jun 2025 | 17
ChatGPT used for evil: Fake IT worker resumes, misinfo, and cyber-op assist
OpenAI boots accounts linked to 10 malicious campaigns
Research06 Jun 2025 | 23
More than a hundred backdoored malware repos traced to single GitHub user
Someone went to great lengths to prey on the next generation of cybercrooks
Cyber-crime05 Jun 2025 | 12
AI kept 15-year-old zombie vuln alive, but its time is drawing near
Researchers have come up with a fix for a path traversal bug first spotted in 2010
Research05 Jun 2025 | 27
Meta pauses mobile port tracking tech on Android after researchers cry foul
Zuckercorp and Yandex used localhost loophole to tie browser data to app users, say boffins
Research03 Jun 2025 | 53
8,000+ Asus routers popped in 'advanced' mystery botnet plot
No formal attribution made but two separate probes hint at the same suspect
Research29 May 2025 | 10
Ivanti makes dedicated fans of Chinese spies who just can't resist attacking its buggy kit
If it ain't broke?
Datacenter Networking Nexus23 May 2025 | 1
'Ongoing' Ivanti hijack bug exploitation reaches clouds
Nothing like insecure code in security suites
CSO21 May 2025 | 4
Intel's data-leaking Spectre defenses scared off yet again
Updated ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit
Research13 May 2025 | 5
You think ransomware is bad now? Wait until it infects CPUs
RSAC Rapid7 threat hunter wrote a PoC. No, he's not releasing it
Research11 May 2025 | 64
Ghost in the shell script: Boffins reckon they can catch bugs before programs run
Go ahead, please do Bash static analysis
CSO30 Apr 2025 | 39
Enterprise tech dominates zero-day exploits with no signs of slowdown
As Big Tech gets used to the pain, smaller vendors urged to up their game
Research29 Apr 2025 | 1
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
Because coding phishing sites from scratch is a real pain in the neck
Cyber-crime25 Apr 2025 | 5
Booby-trapped Alpine Quest Android app geolocates Russian soldiers
Back of the nyet!
Research24 Apr 2025 | 37
Who needs phishing when your login's already in the wild?
Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get
CSO23 Apr 2025 | 11
Biting the hand that feeds IT
