Category: The Register – Security

One alleged cyber contractor was extradited to the US over the weekend China’s “hacker-for-hire ecosystem has gotten out of control,” according to Brett Leatherman, assistant director of the FBI’s cyber division.… This article has been indexed from The Register –…

Read more →

This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows If you use Gemini CLI, watch out: Google has patched a CVSS 10.0 vulnerability in its command-line AI tool and is warning anyone running…

Read more →

Two computer crime allegations follow up to 18M lines of data surfacing online French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from France Titres (ANTS), the agency handling secure documents.……

Read more →

Turns out the real problem is not AI but staff still clicking on dodgy emails from ‘IT support’ Nearly half of UK businesses are still getting breached, and in many cases, the attacker’s big breakthrough is an employee clicking “sure,…

Read more →

Just in time for the Trump-Xi summit Exclusive  A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, beginning in December 2024 and with activity uncovered as recently as this month.……

Read more →

Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed…

Read more →

Investigation finds no single cause for soldiers falling ill, just bad bolts, cold air, and apparently the soldiers themselves Britain’s notorious Ajax armored vehicles are being accepted back from the manufacturer after investigations found no single cause for the symptoms…

Read more →

Great idea, guys. Let’s keep all of the data in an Excel file with weak password protection PWNED  Welcome, once again, to PWNED, the weekly column where we recount the adventures of IT explorers who found their own pile of…

Read more →

Patches land for authencesn flaw enabling local privilege escalation Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw.… This article has been indexed from The Register –…

Read more →

ORNL says portable detector kit can separate real GPS signals from fake ones even at equal strength GPS spoofing, which sends fake satellite-like signals, and GPS jamming, which drowns receivers in noise, are increasingly serious problems. Researchers at Oak Ridge…

Read more →

Second try’s a charm? Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.… This article has been indexed from The Register –…

Read more →

Microsoft readies the axe once again for yesterday’s security Microsoft has warned users still clinging to legacy TLS versions that the end is nigh for TLS 1.0 and 1.1 on POP3 and IMAP4 connections to Exchange Online.… This article has…

Read more →

GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses GrassMarlin, a tool developed by the National Security Agency (NSA), about a new vulnerability that attackers…

Read more →

Claude ploughs through months of work in rapid time, helps Wiz researchers nab lucrative award Wiz researchers are set for a tidy payday thanks to their discovery of a high-severity flaw in GitHub’s git infrastructure that handed remote attackers full…

Read more →

‘Online platforms can rely on our app,’ says Commish, ‘there are no more excuses’ The European Commission has recommended EU member states adopt an age verification app designed to protect children from harmful online content.… This article has been indexed…

Read more →

32 phone calls, 17 email chains, a 5-day ordeal, and no help during the daddy of all stuffups, claim those affected GoDaddy is currently investigating claims that it handed complete control of a valid 27-year-old domain to another customer, without…

Read more →

Yet another reason not to feast on OpenClaw Thirty ClawHub skills published by a single author are silently co-opting AI agents and creating a mass cryptocurrency mining swarm – without any malware or user consent.… This article has been indexed…

Read more →

‘Full recovery is impossible for anyone, including the attacker’ Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research.…

Read more →

Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump Logistics technology company Pitney Bowes, which makes franking machines for US postage, is the latest scalp claimed by ShinyHunters and its ongoing spree of pay-or-leak attacks against…

Read more →

Linux vendor touts European independence at SUSECON as majority stakeholder quietly explores its options European-based SUSE devoted much of the annual SUSECON event to its sovereignty-focused pitch – even as reports swirl that its majority stakeholder is exploring a $6…

Read more →