Security news | The Register

REG AD

SECURITY

Latest news and insight on information security and IT defenses

Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

After all that hype, AI scanner found one low-severity cURL flaw

A blue Best Western Central hotel sign mounted outdoors beside green trees.

BWH Hotels guests warned after reservation data checks out with cybercrooks

Customers urged to keep an eye out for phisherfolk

Google says criminals used AI-built zero-day in planned mass hack spree

GTIG says AI-powered hacking has moved well beyond phishing emails and chatbot tricks

A close-up of a rusted pipe valve leaking water outdoors.

Water company's leaky security earns near-£1M fine

Utility provider failed to detect Cl0p ransomware attack for nearly two years

REG AD

Software developers work at dual monitors in a glass-walled office

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Cybercrooks ruin engineers' weekends with Saturday attack

Taiwan's train cyber-trauma reveals a global system that’s coming off the tracks

That’s not a radio. THIS is a radio

Worm rubs out competitor's malware, then takes control

All your compromised credentials are belong to us now instead of the other gang

Disgraced US gov software contractor found guilty of database destruction

Twin brother still faces trial over broader cybercrime allegations

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE

Close-up of a finger touching a smartphone screen with social media app icons.

Meta U-turns on encryption push for Instagram as DMs go plaintext

After years of insisting end-to-end encryption was the future of online comms, Zuckcorp has handed itself full visibility into user chats once again

Four young people lie on green grass in colorful clothing, viewed from above, smiling and relaxing.

Hackers ate my homework: Educational SaaS Canvas down after cyberattack

ShinyHunters takes the credit and gives developer an F for security

Two clenched fists collide in a dramatic illustration with sparks and a dark background.

Meta fights Ofcom over how many billions count as billions

Social media biz says watchdog's fine formula is 'disproportionate' and should stop counting global revenue

REG AD

Mozilla boasts Mythos boosted Firefox bug cull

Yet it remains unclear if Anthropic's uber model was effective, or if better model middleware is what makes the difference

Fake IT workers rented laptops to Nork scammers, got prison time

Matthew Isaac Knoot and Erick Ntekereze Prince will each do 18 months for hosting laptops used by North Korean IT workers to remotely infiltrate US companies

A finger presses a red OK button on a white background.

Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'

Security biz Adversa AI argues users of AI tools need clearer warnings

60% of MD5 password hashes are crackable in under an hour

Happy World Password Day! Maybe it's finally time to kill this holiday in favor of World No-More-Passwords Day?

$250M crypto-robbing gang’s dirty work guy sentenced to 6.5 years behind bars

The then-teen was told to break in and steal what the keyboard warriors couldn’t

State-backed hackers hammer Palo Alto firewall zero-day before patch lands

Internet-facing PAN-OS firewalls are once again doing impressions of initial access brokers

Three armed officers in tactical gear move through smoke in a dimly lit training scene.

Hungarian cops cuff suspected swatter after two-year FBI probe

20-year-old fessed up after investigators found video of crime in progress

The network password was a key plot point in one of the most famous movies of all time

Fortunately, it was a legit contractor who guessed it

Arctic Wolf kicks 250 employees out of the pack to save money for AI

Cuts appear to hit sales, product, and marketing, accounting for under 10% of staff

1 in 8 employees totally cool with selling work credentials

13% say they’ve sold logins or know someone who has, survey suggests

Iran cybersnoops still LARPing as ransomware crooks in espionage ops

MOIS-linked cyber outfit puts on a ransomware show to disguise the wide-open backdoor behind the scenes

UK age-gating plans risk breaking the internet, privacy groups warn

Activists say ministers are targeting access rather than Big Tech's data-hungry business models

Taiwan cops say student's radio kit brought bullet trains to a standstill

Investigators spent weeks unravelling enthusiast's bedroom project

India orders infosec red alert in case Mythos sparks crime spree

Securities regulator urges market players to develop new strategies and nail cyber-basics before AI models fuel mass attacks

ServiceNow clears agents for landing with new AI control tower

ServiceNow acquisitions Veza and Traceloop join to monitor agents and AI workflows

Attackers are cashing in on fresh 'CopyFail' Linux flaw

Researchers dropped a reliable root exploit and it didn’t sit idle for long

Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking

Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats

influencer uploads video to Vimeo. image credit: Premreuthai / Shutterstock

ShinyHunters claims dump puts 119K Vimeo emails in the wild

Vimeo points finger at analytics supplier Anodot, says no logins or card data were touched

REG AD

Romance scammers turn sweet talk into £102M payday

Victims losing £280K a day to fake profiles and sob stories

Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation

Vendors all use different formats. This tech translates them all so you can smooth your SOC

Kids say they can beat age checks by drawing on a fake mustache

46% say age checks are easy to bypass, and nearly a third admit getting around them

REG AD

Shadow IT has given way to shadow AI. Enter AI-BOMs

'If you don't have visibility, you can't understand what to protect'

Image: YoYo7 http://www.shutterstock.com/gallery-932797p1.html

If the vote you rocked, your personal info can be grokked

Even limited voter rolls can be linked to identify people, research shows

Slow Down road sign with cloudy background

Five Eyes spook shops warn rapid rollouts of agentic AI are too risky

Prioritize resilience over productivity, say CISA, NCSC and their friends from Oz, NZ, Canada

Brace for the patch tsunami: AI is unearthing decades of buried code debt

Britain's cyber agency says the bill for years of technical shortcuts is coming due, and it's arriving all at once

First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed

Exploitation was underway before patches landed, at least one victim reports ransomware demand

People waiting behind velvet rope. pic: Altrendo Images / shutetrstock

OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that

Altman's crew now doing the same gatekeeping it recently mocked

Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down

313 Team tells Canonical: pay up or the packets keep coming

Passport to £££: Home Office adds £216M to travel doc contract before a single bid's been placed

Start date pushed back a year, annual cost up a third, and UK's now handing out eight million passports a year

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Mini Shai-Hulud caught spreading credential-stealing malware

Bot her emails: most modern phishing campaigns are AI-enabled

KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start

FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'

One alleged cyber contractor was extradited to the US over the weekend

Google's fix for critical Gemini CLI bug might break your CI/CD pipelines

This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows

French prosecutors link 15-year-old to mega-breach at state’s secure document agency

Two computer crime allegations follow up to 18M lines of data surfacing online

Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005

Turns out the real problem is not AI but staff still clicking on dodgy emails from 'IT support'

REG AD

What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia

Just in time for the Trump-Xi summit

Security news | The Register

SECURITY

Latest news and insight on information security and IT defenses

Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

BWH Hotels guests warned after reservation data checks out with cybercrooks

Google says criminals used AI-built zero-day in planned mass hack spree

Water company's leaky security earns near-£1M fine

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Taiwan's train cyber-trauma reveals a global system that’s coming off the tracks

Worm rubs out competitor's malware, then takes control

Disgraced US gov software contractor found guilty of database destruction

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

Meta U-turns on encryption push for Instagram as DMs go plaintext

Hackers ate my homework: Educational SaaS Canvas down after cyberattack

Meta fights Ofcom over how many billions count as billions

Mozilla boasts Mythos boosted Firefox bug cull

Fake IT workers rented laptops to Nork scammers, got prison time

Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'

60% of MD5 password hashes are crackable in under an hour

$250M crypto-robbing gang’s dirty work guy sentenced to 6.5 years behind bars

State-backed hackers hammer Palo Alto firewall zero-day before patch lands

Hungarian cops cuff suspected swatter after two-year FBI probe

The network password was a key plot point in one of the most famous movies of all time

Arctic Wolf kicks 250 employees out of the pack to save money for AI

1 in 8 employees totally cool with selling work credentials

Iran cybersnoops still LARPing as ransomware crooks in espionage ops

UK age-gating plans risk breaking the internet, privacy groups warn

Taiwan cops say student's radio kit brought bullet trains to a standstill

India orders infosec red alert in case Mythos sparks crime spree

ServiceNow clears agents for landing with new AI control tower

Attackers are cashing in on fresh 'CopyFail' Linux flaw

Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking

ShinyHunters claims dump puts 119K Vimeo emails in the wild

Romance scammers turn sweet talk into £102M payday

Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation

Kids say they can beat age checks by drawing on a fake mustache

Shadow IT has given way to shadow AI. Enter AI-BOMs

If the vote you rocked, your personal info can be grokked

Five Eyes spook shops warn rapid rollouts of agentic AI are too risky

Brace for the patch tsunami: AI is unearthing decades of buried code debt

First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed

OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that

Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down

Passport to £££: Home Office adds £216M to travel doc contract before a single bid's been placed

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Bot her emails: most modern phishing campaigns are AI-enabled

FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'

Google's fix for critical Gemini CLI bug might break your CI/CD pipelines

French prosecutors link 15-year-old to mega-breach at state’s secure document agency

Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005

What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia

Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day

Finance company stores DB credentials in helpfully labeled spreadsheet

Linux cryptographic code flaw offers fast route to root

Researchers move in the right direction, develop powerful GPS interference alarm

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

Legacy TLS tour continues with Exchange Online blocking old versions from July 2026

Yet another experiment proves it's too damn simple to poison large language models

CISA flags data-theft bug in NSA-built OT networking tool

GitHub: Zounds, a genuinely helpful AI-assisted bug report that isn't total slop! Here, Wiz, take this wad of cash

30 ClawHub skills secretly turn AI agents into a crypto swarm

Don't pay Vect a ransom - your data's likely already wiped out

Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak

Ongoing supply-chain attack 'explicitly targeting' security, dev tools

Cursor-Opus agent snuffs out startup’s production database

Medical and utility tech companies admit digital breakins

Cybersec is a thankless job: expanding workload and shrinking pay packet

Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt

Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now

AI's not going to kill open source code security

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface

Governments on high alert after CISA snuffs out Firestarter backdoor on fed network