Category: The Register – Security

Or, how public information and a €5 tracker exposed an avoidable opsec lapse Militaries around the world spend countless hours training, developing policies, and implementing best operational security practices, so imagine the size of the egg on the face of…

Read more →

University student says he plans to move to Android, but concedes iOS engineers acting fast Apple is finally working on a fix for a bug that has locked some users out of their iPhones for months, The Register understands.… This…

Read more →

Pause your Mythos panic because mainstream models anyone can use already pick holes in popular software Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabilities before anyone…

Read more →

Bug or feature? A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic’s official Model Context Protocol (MCP) puts as many as 200,000 servers at risk…

Read more →

Bug or feature? A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic’s official Model Context Protocol (MCP) puts as many as 200,000 servers at risk…

Read more →

Social engineering: ‘low-cost, hard to patch, and scales well’ North Korean criminals set on stealing Apple users’ credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware…

Read more →

Fortune 500 companies and one US defense contractor got taken for $5m in four-year scam Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through fraudulent IT worker schemes.… This article has…

Read more →

Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer Security boffins say Anthropic’s Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer’s identity.… This article…

Read more →

Publisher claims misconfigured Salesforce-hosted page leaked data Textbook giant McGraw Hill has landed on a ransomware crew’s leak site after an alleged Salesforce-linked misconfiguration spilled 13.5 million records into the wild.… This article has been indexed from The Register –…

Read more →

Just migrate already, would you? But if you can’t, Redmond will take your cash Microsoft will keep delivering security updates for old versions of Exchange Server and Skype for Business Server, after admitting that some customers aren’t ready to make…

Read more →

Your cybersecurity is only as good as the physical security of the servers PWNED  Welcome back to Pwned, the column where we immortalize the worst vulns that organizations opened up for themselves. If you’re the kind of person who leaves…

Read more →

Browser fingerprinting is everywhere Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against browser fingerprinting – a method of tracking people online by capturing technical details…

Read more →

Like the majority of the companies participating, it remains a mystery Last week, Anthropic surprised the world by declaring that its latest model, Mythos, is so good at finding vulns that it would create chaos if released. Now, under the…

Read more →

No reports of active exploitation (yet) Watch out for more Fortinet vulns! Two critical bugs in Fortinet’s sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems.… This article has been indexed from The Register…

Read more →

Some customer orgs tell staff to block inbound email from the provider Autovista confirms that it called in outside support to help clean up a ransomware infection currently affecting systems in Europe and Australia.… This article has been indexed from…

Read more →

Latest in a string of cases that have earned France an unfortunate title A mother and her ten-year-old son are now free after being kidnapped for around 20 hours while the father was being extorted for hundreds of thousands of…

Read more →

Command prefix will require password by default The latest version of Raspberry Pi OS now requires a password for sudo by default.… This article has been indexed from The Register – Security Read the original article: Raspberry Pi OS ends…

Read more →

Vuln old enough to drive lands on CISA’s exploited list While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit.… This…

Read more →

Open Rights Group says years of reliance on US giants have left Britain exposed Britain has spent years wiring its public sector into US Big Tech, and a new report says that dependence could quickly become a national security headache.……

Read more →

Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive  Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal…

Read more →