Category: The Register – Security

Regulator disappointed as soon-to-be-scrapped algo’s problems remained a secret despite consistent engagement The UK’s data protection watchdog has criticized the Home Office for failing to disclose significant biases in police facial recognition technology, despite regular engagement between the organizations.… This…

Read more →

Body confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop’s mass-exploitation of Oracle’s E-Business Suite (EBS), and says…

Read more →

Analysts worry lazy users could have agents complete mandatory infosec training, and attackers could do far nastier things Agentic browsers are too risky for most organizations to use, according to analyst firm Gartner.… This article has been indexed from The…

Read more →

PLUS: South Korea to strengthen security standards; Canon closes Chinese printer plant; APAC datacenter capacity to triple by 2029; And more Asia In Brief  Chinese rocketry outfit LandSpace last week flew what it hoped would be the country’s first reusable…

Read more →

PLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more! Infosec in Brief  The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit.… This article has been…

Read more →

Wanna know a secret? Whether you’re logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to enter a second or third proof of…

Read more →

Proof of life? Or an active social media presence? Criminals are altering social media and other publicly available images of people to use as fake proof of life photos in “virtual kidnapping” and extortion scams, the FBI warned on Friday. ……

Read more →

Security community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare’s technology chief said his company took down its own network,…

Read more →

Who needs JavaScript? Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS).… This article has been indexed from The Register – Security Read the original article: Novel…

Read more →

Laptop maker says a vendor breach exposed some phone camera code, but not its own systems Asus has admitted that a third-party supplier was popped by cybercrims after the Everest ransomware gang claimed it had rifled through the tech titan’s…

Read more →

State-backed attackers started poking flaw as soon as it dropped – anyone still unpatched is on borrowed time Amazon has warned that China-nexus hacking crews began hammering the critical React “React2Shell” vulnerability within hours of disclosure, turning a theoretical CVSS-10…

Read more →

Plan would create statutory powers for police use of biometrics, prompting warnings of mass surveillance The UK government has kicked off plans to ramp up police use of facial recognition, undeterred by a mounting civil liberties backlash and fresh warnings…

Read more →

You can improve the odds by combining skepticism, verification habits, and a few technical checks Opinion  Liars, cranks, and con artists have always been with us. It’s just that nowadays their reach has gone from the local pub to the…

Read more →

Automated software keeps getting better at pilfering cryptocurrency Anthropic could have scored an easy $4.6 million by using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts.… This article has been indexed from The Register –…

Read more →

‘Dozens’ of US orgs infected Chinese cyberspies maintained long-term access to critical networks – sometimes for years – and used this access to infect computers with malware and steal data, according to Thursday warnings from government agencies and private security…

Read more →

He’s not alone: DoD inspector general says the whole Defense Department has a messaging security problem US Defense Secretary Pete Hegseth definitely broke the rules when he sent sensitive information to a Signal chat group, say Pentagon auditors, but he’s…

Read more →

And then they asked an AI to help cover their tracks Vetting staff who handle sensitive government systems is wise, and so is cutting off their access the moment they’re fired. Prosecutors say a federal contractor learned this the hard…

Read more →

Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks.… This article has been indexed from The Register –…

Read more →

Cloudflare data shows 29.7 Tbps record-breaker landed amid 87% surge in network-layer attacks The internet has spent the past three months ducking for cover as the Aisuru botnet hurled record-shattering DDoS barrages from an army of up to 4 million…

Read more →

Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear Systems Approach  As we neared the finish line for our network security book, I received a piece of feedback…

Read more →