Security news | The Register

REG AD

SECURITY

Latest news and insight on information security and IT defenses

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

And then Microsoft busted them all

ICE to keep an eye on your eyes under $25M biometric scanner deal

And you thought a face recognition app was intrusive?

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

Researcher reported the vuln in March. Maintainers haven't responded to his messages since

23andMe inherits lawsuit over 'disturbing' DNA data breach

California AG claims genetics biz downplayed 2023 mega-leak while paying ransom to attacker

REG AD

Dutch cops wrest 17M devices from mystery botnet's clutches

Hosting provider pulled the plug after police traced 200 servers to the Netherlands

ChatGPT blindly trusts browser content, turning the page into a payload

You and me go ChatGPhish-ing in the dark

Russia-linked threat group put ChatGPT to work from lure to payload

Researchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government

ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak

Telco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there

Troops’ phones gave away location data to foreign adversaries

Lawmakers push DoD to tighten smartphone controls after adversaries exploited commercial tracking data

Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops

Six 0-days, three under active exploitation, more to come on July 14?

Snowflake buys Natoma to help freeze out rogue agents

It is the database titan’s sixth acquisition announcement since June 2025

Man using a desktop computer in a server room with equipment racks.

Microsoft tests the 15-character limit of Windows Server admins' patience

May security update trips over hostnames of a very specific length

REG AD

Carnival confirms ShinyHunters cruised off with 6M customer records after April breach

Travel and leisure giant was just one of many victims of the cybercrooks' crime spree this year

Company CEO flooded file share with smut, called for help after he deleted it

Also, missing school iPad resurfaced after coach’s kids uploaded video to YouTube

Malware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token

Script kiddies these days

CrowdStrike, Google shatter Glassworm botnet

Developer-targeted, supply-chain attacks all the rage these days

Bosses blinded by confidence about shadow AI use by workers

More than half of orgs in Okta survey faced an AI-related security incident or near miss last year

Extortion crews are visiting law firms pretending to be tech support, FBI warns

Cybercriminals still allowed to walk into office blocks and convince staff to let them plug in their own thumb drives

Red digital clock reading 12:00 on a black background.

India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat

CERT-In says internet-facing or critical systems should be patched, mitigated, or cut off within half a day where feasible

How to guarantee a speaker gig: Hack the system. Literally

Make your mark on the call-for-proposal platform

MyPillow must decide whether to be firm or soft as ransomware crims demand pay

Guess they could deny the alleged intrusion … like the 2020 election results

Experts pour cold borscht on Farage's Russian hack claim

Reform UK leader alleges Moscow broke into his phone and leaked £5M gift story, but security specialists await evidence

Anthropic to release Mythos-class models to the public

AI flaw-finder still under lock and key for now while company figures out guardrails, but extends access to more users including governments

Close-up of a frayed rope knot against a dark background.

AI eyes scanning for bugs create a worrisome Linux security trend

Dirty Frag, Copy Fail, and Fragesia show the new reality

A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets

Hey, Gemini, how much can we earn from one pump-and-dump cycle?

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

Will Jason Statham save us?

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

MFA? No problem, says crimeware that tricks users into handing attackers the keys to M365

Techie claims Trump Mobile website was leaking thousands of people's data

Customers' info potentially handed to anyone who could send an HTTP request

Cisco used AI to write security incident reports, with mixed results

You’ll need a lot of detailed prompts to get solid output - and even then it may have errors and typos

Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'

'Budgets are moral documents,' Rep. Delia Ramirez said

REG AD

Threat hunters find Google API keys still usable 23 minutes after deletion

Plenty of time for cyber crims to grab data or hit you with a giant bill

HackerOne takes an axe to its bug bounty rewards

Critical flaw payouts slashed by more than 75%

Minecraft-streaming gran swatted while raising cash for grandson's cancer care

Sue Jacquot said she had a great time, despite the rude awakening

REG AD

Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach

Leakage blamed on treacherous friends exposed unencrypted credentials, email addresses

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw

Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs

Microsoft storms RAMPART, adds Clarity to agentic AI safety

Redmond open sources two tools for building and maintaining safer agents

Zombie user account let hackers control the city’s water

Failing to disable a former employee’s account was a huge mistake

Even Claude agrees: hole in its sandbox was real and dangerous

Another day, another AI bug silently fixed with no CVE and no public disclosure

Red padlock lying across laptop keyboard keys.

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

Initial assessment says customer data spared while users wonder what else may have slipped out

London's police asked Big Tech for comms data over 700,000 times last year

A Freedom of Information Act request shows the extent of the surveillance

Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware

'Thousands' of US victims, including 12+ machines owned and operated by Redmond

America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames

I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'?

Security news | The Register

SECURITY

Latest news and insight on information security and IT defenses

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

ICE to keep an eye on your eyes under $25M biometric scanner deal

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

23andMe inherits lawsuit over 'disturbing' DNA data breach

Dutch cops wrest 17M devices from mystery botnet's clutches

ChatGPT blindly trusts browser content, turning the page into a payload

Russia-linked threat group put ChatGPT to work from lure to payload

ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak

Troops’ phones gave away location data to foreign adversaries

Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops

Snowflake buys Natoma to help freeze out rogue agents

Microsoft tests the 15-character limit of Windows Server admins' patience

Carnival confirms ShinyHunters cruised off with 6M customer records after April breach

Company CEO flooded file share with smut, called for help after he deleted it

Malware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token

CrowdStrike, Google shatter Glassworm botnet

Bosses blinded by confidence about shadow AI use by workers

Extortion crews are visiting law firms pretending to be tech support, FBI warns

India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat

How to guarantee a speaker gig: Hack the system. Literally

MyPillow must decide whether to be firm or soft as ransomware crims demand pay

Experts pour cold borscht on Farage's Russian hack claim

Anthropic to release Mythos-class models to the public

AI eyes scanning for bugs create a worrisome Linux security trend

A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

Techie claims Trump Mobile website was leaking thousands of people's data

Cisco used AI to write security incident reports, with mixed results

Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'

Threat hunters find Google API keys still usable 23 minutes after deletion

HackerOne takes an axe to its bug bounty rewards

Minecraft-streaming gran swatted while raising cash for grandson's cancer care

Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw

Microsoft storms RAMPART, adds Clarity to agentic AI safety

Zombie user account let hackers control the city’s water

Even Claude agrees: hole in its sandbox was real and dangerous

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

London's police asked Big Tech for comms data over 700,000 times last year

Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware

America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames

Clear your calendar, Drupal user: You have a critically urgent patch to install

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Crook leaks 468k+ records, claims they pwned Portugal’s postal carrier

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

Shai-Hulud copycat worm infects yet another npm package

Linux kernel flaw opens root-only files to unprivileged users

Dutch cops’ shame game works wonders as most wanted scammers now turned in

TanStack weighs invitation-only pull requests after supply chain attack

NGINX Rift attackers waste no time targeting exposed servers

Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative

F-35 software delays leave UK buying time with US glide bombs

Mozilla warns UK: Breaking VPNs will not magically fix Britain's age-check mess

Grafana Labs admits all its codebase are belong to someone who popped its GitHub account

Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’

Patch time for Cisco SD-WAN admins as vendor drops yet another make-me-admin zero-day

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

MPs want social media treated more like unsafe toys than harmless apps

Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data

Cops arrest man suspected of being Dream Market kingpin

Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access

To gain root access at this company, all an intruder had to do was ask nicely

AI models are getting better at replacing cybersecurity pros on certain tasks

Cisco to fire 4,000 staff and generously give them free training – on Cisco

Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits

AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem?

Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs

Mystery Microsoft bug leaker keeps the zero-days coming

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub