Category: The Register – Security

Exploit hasn’t been picked up by any malware detection engines, CEO tells The Reg A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch –…

Read more →

And the earlier React2Shell patch is vulnerable If you’re running React Server Components, you just can’t catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code,…

Read more →

Critical vulnerabilities found in third-party applications eligible for award under ‘in scope by default’ move Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty…

Read more →

Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.… This article has…

Read more →

Rights groups say digital-only record is leaking data and courting trouble Civil society groups are urging the UK’s data watchdog to investigate whether the Home Office’s digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and…

Read more →

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters…

Read more →

Judge said his fraud was on ‘epic, generational scale’ Terraform Labs founder Do Kwon will spend 15 years in jail after pleading guilty to committing fraud.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Operators accidentally left a way for you to get your data back CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There’s some bad news and some good news here.… This article has…

Read more →

No details, no CVE, update your browser now Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world’s most popular browser’s eighth zero-day bug of 2025.… This article has been indexed from The Register…

Read more →

UK data regulator says failures were unacceptable for a company managing the world’s passwords The UK’s Information Commissioner’s Office (ICO) says LastPass must cough up £1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to…

Read more →

Skills gained later fed Beijing’s cyber operations, according to SentinelLabs expert A security researcher specializing in tracking China threats claims two of Salt Typhoon’s members were former attendees of a training scheme run by Cisco.… This article has been indexed…

Read more →

Workers frustrated with security-first changes to workflows and teething issues Exclusive  Seven months after a landmark cyberattack, the UK’s Legal Aid Agency (LAA) says it’s returning to pre-breach operations, although law firms are still wrestling with buggy and more laborious…

Read more →

Flare warns devs are unwittingly publishing production-level secrets Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500…

Read more →

Skills gained later fed Beijing’s cyber operations, according to SentinelLabs expert A security researcher specializing in tracking China threats claims two of Salt Typhoon’s members were former attendees of a training scheme run by Cisco.… This article has been indexed…

Read more →

More than half of internet-exposed instances already compromised Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn’t yet have a fix.… This article has been indexed from The Register…

Read more →

Devs and users should know better, Microsoft tells watchTowr Security researchers have revealed a .NET security flaw thought to affect a host of enterprise-grade products that they say Microsoft refuses to fix.… This article has been indexed from The Register…

Read more →

The digital intrusion allegedly caused thousands of pounds of meat to spoil and triggered an ammonia leak in the facility A Ukrainian woman accused of hacking US public drinking water systems and a meat processing facility on behalf of Kremlin-backed…

Read more →

Why should Keith Richards’ fingers inform your approach to risk? Partner Content  For years, celebrities have insured their body parts for vast sums of money. Mariah Carey allegedly insured her voice and legs for $70 million during a tour, according…

Read more →

1,500 military digital defenders spent past week cleaning up a series of cyberattacks on fictional island Andravia and Harbadus – two nations so often at odds with one another – were once again embroiled in conflict over the past seven…

Read more →

Plus critical critical Notepad++, Ivanti, and Fortinet updates, and one of these patches an under-attack security hole Happy December Patch Tuesday to all who celebrate. This month’s patch party includes one Microsoft flaw under exploitation, plus two others listed as…

Read more →