Category: The Register – Security

Ex-CISA official tells The Reg: ‘this would weaken the system for managing cyber risk’ The US Cybersecurity and Infrastructure Security Agency’s budget will see yet another deep cut if Congress approves President Trump’s proposal to slash CISA’s spending by $707…

Read more →

A practical look at securing identities, devices and applications wherever work happens Webinar Promo  The shift to hybrid work has reshaped the enterprise perimeter. Users are logging in from home networks, shared spaces and unmanaged devices, while applications span on-prem…

Read more →

Source code with a side of Vidar stealer and GhostSocks Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.… This article has…

Read more →

Connected devices can leave an otherwise secure network vulnerable Pwned  Welcome to Pwned, The Register’s new column, where we highlight the worst infosec own goals so you can, hopefully, protect against them. Caffeine is an essential tool for most IT…

Read more →

First public downstream victim, but won’t be the last AI hiring startup Mercor confirmed it was “one of thousands of companies” affected by the LiteLLM supply-chain attack as the fallout from the Trivy compromise continues to spread.… This article has…

Read more →

Plus: how to train your human AI interview  Amazon has seen a 40 percent efficiency gain by using AI tools to pentest its products before and after launch, according to security chief CJ Moses.… This article has been indexed from…

Read more →

We could tell you no for free The UK government will spend about £630,000 running a discussion panel on its digital identity card plans, which minister James Frith said will “consider different perspectives and debate trade-offs” alongside a formal consultation.……

Read more →

ESET says factory outages, lost revenue, and supply chain disruption are becoming routine Nearly 80 percent of British manufacturers say they’ve been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor…

Read more →

How to avoid social engineering attacks? Employee training tops the list Be careful what you click on. Miscreants are abusing WhatsApp messages in a multi-stage attack that delivers malicious Microsoft Installer (MSI) packages, allowing criminals to control victims’ machines and…

Read more →

Researchers say some targets correlate with cities hit by Iranian missile strikes Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting…

Read more →

Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios One of npm’s most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer’s account and slipped a remote-access trojan (RAT) into two…

Read more →

Check Point says outbound controls blocked web traffic but overlooked DNS OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.……

Read more →

Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more infosec in brief  The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort…

Read more →

Researchers say attackers are already looting vulnerable boxes In-the-wild exploitation of a critical Citrix NetScaler bug has begun less than a week after disclosure, with researchers warning that attackers are already poking and pillaging vulnerable boxes.… This article has been…

Read more →

Brussels notifying ‘Union entities’ whose data may’ve been snatched in websites breach The European Commission has admitted that attackers broke into its public-facing web infrastructure and siphoned off data in a bare-bones disclosure that answers the what but ducks most…

Read more →

Career-limiting stupidity and rudeness exposed, with terminal consequences Who, Me?  The week before Easter may be a short one for many in the Reg-reading world, but that won’t stop us from opening it with a fresh installment of Who, Me?…

Read more →

Public policy professor says it will make America less secure but hits Netgear’s lobbying goals The United States’ ban on foreign-made SOHO routers won’t improve security, and only makes sense as “industrial policy disguised as cybersecurity,” according to Milton Mueller,…

Read more →

Public policy professor says it will make America less secure but hits Netgear’s lobbying goals The United States’ ban on foreign-made SOHO routers won’t improve security, and only makes sense as “industrial policy disguised as cybersecurity,” according to Milton Mueller,…

Read more →

Vulns in Dutch football club’s systems didn’t just expose data – they let outsiders play with accounts, and even lift stadium bans Dutch football giant AFC Ajax has admitted to a data breach after an attacker gained access to its…

Read more →

US and UK forces seeking tech tender with an April 3 deadline The UK and US are looking for technology to counter the threat posed by underwater drones to ships, harbors and other critical maritime infrastructure, and are asking industry…

Read more →