AI blew open software security, now OpenAI wants to fix it with an agent called Aardvark
AI promises to find bugs and gaps in your apps
Cybersecurity Month31 Oct 2025 | 18
Cybersecurity Month
In Cybersecurity Month, The Register delves into the panoply of digital threats attempting to penetrate our networks and the tools and best practices to defend against them. Anticipate coverage of the latest threats, defense tactics, and the ever-evolving landscape of regulatory compliance.
Ransomware gang runs ads for Microsoft Teams to pwn victims
You click and think you're getting a download page, but get malware instead
Cybersecurity Month31 Oct 2025 | 13
Hacking LED Halloween masks is frighteningly easy
No costume idea? We've got you covered
Cybersecurity Month30 Oct 2025 | 33
Claude code will send your data to crims ... if they ask it nicely
Company tells users concerned about exfiltration to 'stop it if you see it'
Cybersecurity Month30 Oct 2025 | 16
Major telecom supplier compromised by unnamed nation-state attackers
Snoops remained undetected for nearly 10 months
Cybersecurity Month29 Oct 2025 | 5
Firewalls and VPNs are so complex now, they can actually make you less secure
A report from cyber-insurer At-Bay fingers Cisco and Citrix VPNs as most likely to lead to ransomware trouble
Cybersecurity Month28 Oct 2025 | 21
Android malware types like your gran to steal banking creds
Updated By appearing more human, it evades detection
Cybersecurity Month28 Oct 2025 | 8
Atlas vuln lets crims inject malicious prompts ChatGPT won't forget between sessions
updated It can do a lot more than just play 'Eye of the Tiger' daily
Cybersecurity Month27 Oct 2025 | 3
Everybody's warning about critical Windows Server WSUS bug exploits ... but Microsoft's mum
Critical 9.8-rated vulnerability affects Windows Server 2012 - 2025
Cybersecurity Month24 Oct 2025 | 22
Norks droning on about your dream job while pwning your PC
Social engineering? Check. Trojanized open source? Check. Lazarus’ pet RAT? Also check
Cybersecurity Month23 Oct 2025 | 4
Google nukes 3,000 YouTube videos that sowed malware disguised as cracked software
Check Point helps exorcise vast 'Ghost Network' that used fake tutorials to push infostealers
Cyber-crime23 Oct 2025 | 19
OpenAI's Atlas shrugs off inevitability of prompt injection, releases AI browser anyway
'Trust no AI' says one researcher
Cybersecurity Month22 Oct 2025 | 13
Ex-Uber CSO is gellin' like a felon with teen cyber crims, explains why they do it
interview Meanwhile Sullivan's legal battle continues
Cybersecurity Month22 Oct 2025 | 14
Salt Typhoon hit governments on three continents with SharePoint attacks
Plus spy helping spy: Typhoons teaming up
Cybersecurity Month22 Oct 2025 | 2
MCP attack abuses predictable session IDs to hijack AI agents
updated The vuln affects the Oat++ MCP implementation
Cybersecurity Month21 Oct 2025 | 2
Muji's minimalist calm shattered as ransomware takes down logistics partner
Japanese retailer halts online orders after attack cripples third-party vendor
Cyber-crime21 Oct 2025 |
Feds flag active exploitation of patched Windows SMB vuln
CISA adds high-severity flaw to KEV list, urges swift updating
Cyber-crime21 Oct 2025 | 6
Suspected Salt Typhoon snoops lurking in European telco's network
It's Typhoon season…year round
Cybersecurity Month20 Oct 2025 | 2
Xubuntu downloads section injection threatens users with crypto infection
Attempted exploit was a feeble effort to target Windows users
Cybersecurity Month20 Oct 2025 | 2
China blames US for cyber break-in, claims America is world's biggest bit burglar
'US is … the greatest source of chaos in cyberspace'
Cybersecurity Month20 Oct 2025 | 35
Popular
Uncle Sam wants to scan your iris and collect your DNA, citizen or not
DHS rule would expand biometric collection to immigrants and some citizens linked to them
Deploying to Amazon's cloud is a pain in the AWS younger devs won't tolerate
They have no need to prove their bonafides
UK agri dept spent hundreds of millions upgrading to Windows 10 – just in time for end of support
After a £312M upgrade to the retiring OS, Defra still has 24,000 devices to replace
Famed software engineer DJB tries Fil-C… and likes what he sees
A ‘three-letter person’ experiments with the new type-safe C, and is impressed
Russian spies pack custom malware into hidden VMs on Windows machines
Curly COMrades strike again
IBM cutting several thousand jobs in latest layoffs
Resource Actions expected to hit half of US Infrastructure group
Python slithers faster by adding lazy imports that load code after startup
PEP 810 approved following lengthy debate among developer community
Tesla board wants to grant Musk $1T in stock, Norway wealth fund says nope
Norges Bank Investment Management votes against excessive award, automaker's share price skids
Rust Foundation tries to stop maintainers corroding
Memory safety costs money: Maintainers Fund to directly pay developers for their work
AMD red-faced over random-number bug that kills cryptographic security
Local privileges required to exploit flaw in Ryzen and Epyc CPUs. Some patches available, more on the way
STORIES
A simple AI prompt saved a developer from this job interview scam
INFOSEC IN BRIEF Plus: Ransomware posing as Teams installer, Cisco 0-day exploit to drop rootkit, and European cops bust SIM-box service
Cybersecurity Month20 Oct 2025 | 32
American Airlines subsidiary Envoy caught in Clop's Oracle EBS raid
Not a good week for Big Red
Cybersecurity Month17 Oct 2025 | 3
Have I Been Pwned logs 17.6M victims in Prosper breach
P2P lending platform says it could not verify the claims at present
Cyber-crime17 Oct 2025 | 4
AI makes phishing 4.5x more effective, Microsoft says
And potentially 50 times more profitable
Cybersecurity Month16 Oct 2025 | 9
Nork scammers work the blockchain to steal crypto from job hunters
If someone sends you a coding test, be wary of downloading it
Cybersecurity Month16 Oct 2025 | 3
Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack
Who needs enemies when you have friends like Xi?
Cyber-crime16 Oct 2025 | 9
Senator presses Cisco over firewall flaws that burned US agency
Bill Cassidy letter asks if Switchzilla sat on critical flaws before feds were forced into emergency patching
Public Sector16 Oct 2025 | 6
Auction house Sotheby's finds its data on the block after cyberattack
Alert says financial account information lifted from systems
Cyber-crime16 Oct 2025 | 8
CISA exec blames nation-state hackers and Democrats for putting America's critical systems at risk
Federal agencies have seven days to patch F5 products
Cybersecurity Month15 Oct 2025 | 19
'Highly sophisticated' government goons hacked F5, stole source code and undisclosed bug details
And they swiped a limited amount of customers' config data
Cybersecurity Month15 Oct 2025 | 25
Devs are writing VS Code extensions that blab secrets by the bucketload
Vibe coding may have played a role in what took researchers months to fix
Research15 Oct 2025 | 10
Capita fined £14M after 58-hour delay exposed 6.6M records
ICO makes example of outsourcing giant over sluggish cyber response
Cybersecurity Month15 Oct 2025 | 30
Frightful Patch Tuesday gives admins a scare with 175+ Microsoft CVEs, 3 under attack
Plus: Adobe, SAP, Ivanti offer treats, not tricks
Cybersecurity Month14 Oct 2025 | 21
Chinese gang used ArcGIS as a backdoor for a year – and no one noticed
Crims turned trusted mapping software into a hideout - no traditional malware required
Cybersecurity Month14 Oct 2025 | 34
Researchers intercept unencrypted satellite traffic from space blabbermouths
Updated University team picks up voice calls, texts, and corporate data from orbit with off-the-shelf kit
Cybersecurity Month14 Oct 2025 | 62
Asahi breach leaves bitter taste as brewer fears personal data slurped
Japan's beer behemoth still mopping up after ransomware spill that disrupted deliveries and delayed results
Cyber-crime14 Oct 2025 |
Oracle rushes out another emergency E-Business Suite patch as Clop fallout widens
Latest in a long line of EBS flaws leta miscreants remotely compromise enterprise systems to pinch sensitive data
Patches14 Oct 2025 | 1
British govt agents demand action after UK mega-cyberattacks surge 50%
Warn businesses to act now as high-severity incidents keep climbing
Cyber-crime14 Oct 2025 | 37
Scattered Lapsus$ Hunters rage-quit the internet (again), promise to return next year
'We will never stop,' say crooks, despite retiring twice in the space of a month
Cybersecurity Month13 Oct 2025 | 5
Android 'Pixnapping' attack can capture app data like 2FA codes
GPU-based timing attack inspired by decade-old iframe technique
Cybersecurity Month13 Oct 2025 | 8
Senators try to save cyber threat sharing law, sans government funding
in brief Also, DraftKings gets stuffed, Zimbra collab software exploited again, and Apple bug bounties balloon
Cybersecurity Month13 Oct 2025 | 2
Chinese phishing kit helps scammers who send fake texts impersonate TikTok, Coinbase, others
Exclusive Researchers tracking 2,158 domains hosting YYlaiyu phishing pages
Cybersecurity Month10 Oct 2025 | 3
Ransomware crims that exploited SharePoint 0-days add Velociraptor to their arsenal
And they’re likely still abusing the same SharePoint flaws for initial access
Cybersecurity Month10 Oct 2025 |
Zero-day in file-sharing software leads to RCE, and attacks are ongoing
Usually we’d say patch up… not this time
Cybersecurity Month10 Oct 2025 | 6
Pro-Russia hacktivist group dies of cringe after falling into researchers' trap
Forescout's phony water plant fooled TwoNet into claiming a fake cyber victory – then it quietly shut up shop
Security10 Oct 2025 | 10
Microsoft warns of 'payroll pirate' crew looting US university salaries
Crooks phish campus staff, slip into HR systems, and quietly reroute paychecks
Cyber-crime10 Oct 2025 | 17
Cops nuke BreachForums (again) amid cybercrime supergroup extortion blitz
US and French fuzz pull the plug on Scattered Lapsus$ Hunters' latest leak shop targeting Salesforce
Cyber-crime10 Oct 2025 | 2
UK techies' union warns members after breach exposes sensitive personal details
Prospect apologizes for cyber gaffe affecting up to 160K members
Cybersecurity Month10 Oct 2025 | 21
RondoDox botnet fires 'exploit shotgun' at nearly every router and internet-connected home device
56 bugs across routers, DVRs, CCTV systems, web servers … time to run for cover
Cybersecurity Month09 Oct 2025 | 23
Crims had 3-month head start on defenders in Oracle EBS invasion
The miscreants started their attack all the way back on July 10
Cybersecurity Month09 Oct 2025 | 2
GitHub Copilot Chat turns blabbermouth with crafty prompt injection attack
AI assistant could be duped into leaking code and tokens via sneaky markdown
Cybersecurity Month09 Oct 2025 | 1
Discord says 70,000 photo IDs compromised in customer service breach
No word on why the outsourced supplier was storing this data in the first place
Cybersecurity Month09 Oct 2025 | 51
Zero-day lets nation-state spies cross-examine elite US law firm Williams & Connolly
China-linked snoops crack email at DC powerhouse that represented Bill Clinton, Elizabeth Holmes
Cybersecurity Month09 Oct 2025 | 5
Hobble your AI agents to prevent them from hurting you too badly
That's the main takeaway from the Zenity AI Agent Security Summit
Cybersecurity Month09 Oct 2025 | 11
3 more infamous cybercrime crews team up to 'maximize income' in 'challenging' ransomware biz
It's hard out there for a crim
Cybersecurity Month08 Oct 2025 | 3
Telecoms wholesaler ICUK restores services after two-day DDoS pelting
No idea who's behind it, just happy it's over
Cybersecurity Month08 Oct 2025 | 4
Teens arrested in London preschool ransomware attack
Both men, 17, taken into custody
Cybersecurity Month07 Oct 2025 | 30
Google declares AI bug hunting season open, sets a $30K max reward
Jailbreaks, direct prompt injection not allowed
Cybersecurity Month07 Oct 2025 | 1
Clop raid on Oracle E-Business Suite started months ago, researchers warn
Strap in, admins. Exploits began in August and now the code is out there
Cybersecurity Month07 Oct 2025 | 2
How your mouse could eavesdrop on you and rat you out
Mic-E-Mouse can roar by literally vibe hacking speech
Cybersecurity Month07 Oct 2025 | 46
Red Hat breach escalates as criminals collaborate on 'multi-terabyte' extortion plot
Bad guys promise not to attack customers if they get paid
Cybersecurity Month07 Oct 2025 | 6
Google DeepMind minds the patch with AI flaw-fixing scheme
CodeMender has been generating fixes for vulnerabilities in open source projects
Cybersecurity Month07 Oct 2025 | 1
Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried
You can't find anything bad if you don't look, right?
Cybersecurity Month06 Oct 2025 | 1
Level-10 vuln lurking in Redis source code for 13 years could allow remote code execution
No evidence of exploitation … yet
Cybersecurity Month06 Oct 2025 | 11
Scattered Lapsus$ Hunters offering $10 in Bitcoin to 'endlessly harass' execs
Crime group claims to have already doled out $1K to those in it 'for money and for the love of the game'
Cybersecurity Month06 Oct 2025 | 20
Radiant Group won't touch kids' data now, but apparently hospitals are fair game
Ransomware crooks utterly fail to find moral compass
Cybersecurity Month06 Oct 2025 | 3
Thieves steal IDs and payment info after data leaks from Discord support vendor
Outsourcing your helpdesk always seems like a good idea – until someone else's breach becomes your problem
Security06 Oct 2025 | 9
Jaguar Land Rover engines ready to roar again after weeks-long cyber stall
No confirmed date but workers expected to return in the coming days
Cyber-crime06 Oct 2025 | 14
Clop crew hits Oracle E-Business Suite users with fresh zero-day
Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion
Cybersecurity Month06 Oct 2025 |
Leak suggests US government is fibbing over FEMA security failings
Infosec in brief Plus, PAN under attack, IT whistleblowers get a payout, and China kills online scammers
Cybersecurity Month06 Oct 2025 | 27
Hacking contest kerfuffle over copied rules pits Wiz against ZDI
'Seems like you should at least run that through ChatGPT to reword it'
Cybersecurity Month05 Oct 2025 | 12
Hacked Ford screens put anti-RTO slogan above CEO’s face
Carmaker confirms screen hijack, says probe underway
Cybersecurity Month04 Oct 2025 | 124
No suds for you! Asahi brewery attack leaves Japanese drinkers dry
One week after the blitz, beer biz is still stymied
Cybersecurity Month03 Oct 2025 | 15
'Retired' cybercrime group demands ransom not to leak 1B Salesforce records
CRM giant insists its platform wasn’t breached
Cybersecurity Month03 Oct 2025 | 4
Red Hat fesses up to GitLab breach after attackers brag of data theft
Open source giant admits intruders broke into dedicated consulting instance, but insists core products untouched
Cybersecurity Month03 Oct 2025 | 5
Oracle tells Clop-targeted EBS users to apply July patch, problem solved
Researchers suggest internet-facing portals are exposing 'thousands' of orgs
Cybersecurity Month03 Oct 2025 |
Criminals take Renault UK customer data for a joyride
Names, numbers, and reg plates exposed in latest auto industry cyber-shunt
Cybersecurity Month03 Oct 2025 | 22
Pentagon decrees warfighters don't need 'frequent' cybersecurity training
Beards, body fat, and cyber refreshers now frowned upon
Cybersecurity Month02 Oct 2025 | 145
Ransomware scumbags say they deleted kids' info after other gangs called them out
Honor among thieves - extortion is fine, but no juveniles, please
Cybersecurity Month02 Oct 2025 | 6
Ex-US cyber boss slams politics getting in the way of preparedness
interview And don't even get him started on AI
Cybersecurity Month02 Oct 2025 | 5
Subpoena tracking platform blames outage on AWS social engineering attack
Software maker Kodex said its domain registrar fell for a fraudulent legal order
Cybersecurity Month02 Oct 2025 |
Clop-linked crims shake down Oracle execs with data theft claims
Extortion emails name-drop Big Red's E-Business Suite, though Google and Mandiant yet to find proof of any breach
Cybersecurity Month02 Oct 2025 |
EU funds are flowing into spyware companies, and politicians are demanding answers
Experts say Commission is ‘fanning the flames’ of the continent’s own Watergate
Cybersecurity Month02 Oct 2025 | 18
Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files
570GB of data claimed to be stolen by the Crimson Collective
Cybersecurity Month02 Oct 2025 | 19
US gov shutdown leaves IT projects hanging, security defenders a skeleton crew
The longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register
Cybersecurity Month01 Oct 2025 | 35
'Delightful' root-access bug in Red Hat OpenShift AI allows full cluster takeover
Who wouldn't want root access on cluster master nodes?
Cybersecurity Month01 Oct 2025 | 2
Air Force admits SharePoint privacy issue as reports trickle out of possible breach
Exclusive Uncle Sam can't quit Redmond
Cybersecurity Month01 Oct 2025 | 14
3.7M breach notification letters set to flood North America's mailboxes
Allianz Life and WestJet lead the way, along with a niche software shop
Cybersecurity Month01 Oct 2025 | 8
Schools are swotting up on security yet still flunk recovery when cyberattacks strike
Coursework 'gone forever' as 10% report critical damage
Cybersecurity Month01 Oct 2025 | 10
Beijing-backed burglars master .NET to target government web servers
‘Phantom Taurus’ created custom malware to hunt secrets across Asia, Africa, and the Middle East
Cybersecurity Month01 Oct 2025 | 8
Self-propagating worm fuels latest npm supply chain compromise
Intrusions bear the same hallmarks as recent Nx mess
Cybersecurity Month16 Sep 2025 | 15
China slaps 1-hour deadline on reporting serious cyber incidents
Cyberspace watchdog tightens reporting regime, leaving little time to hide incidents
Cybersecurity Month16 Sep 2025 | 16
Jaguar Land Rover supply chain workers must get Covid-style support, says union
As post-cyberattack layoffs begin, labor org argues UK goverment should step in
Cybersecurity Month15 Sep 2025 | 56
CISA program gave out $20k+ payments to unqualified employees, auditor says
The OIG says the Cyber Incentive program was rife with 'fraud, waste, and abuse'
Cybersecurity Month12 Sep 2025 | 1
All your vulns are belong to us! CISA wants to maintain gov control of CVE program
Get ready for a fight over who steers the global standard for vulnerability identification
Cybersecurity Month12 Sep 2025 | 9
Biting the hand that feeds IT
