News

Poisoned PNGs contain malicious code

A fresh wave of ClickFix attacks is using fake Windows update screens to trick victims into downloading infostealer malware.…

The hardest part is admitting you were wrong, which AWS did.

Opinion  For years, Google has seemingly indulged a corporate fetish of taking products that are beloved, then killing them. AWS has been on a different kick lately: Killing services that frankly shouldn't have seen the light of day.…

Don't believe everything you read

Afraid of connecting to public Wi-Fi? Terrified to turn your Bluetooth on? You may be falling for "hacklore," tall tales about cybersecurity that distract you from real dangers. Dozens of chief security officers and ex-CISA officials have launched an effort and website to dispel these myths and show you how not to get hacked for real.…

Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs

A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.…

SitusAMC rules out ransomware, but accounting records for major institutions potentially affected

Real estate finance business SitusAMC says thieves sneaked into its systems earlier this month and made off with confidential client data.…

Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days

A self-propagating malware targeting node package managers (npm) is back for a second round, according to Wiz researchers who say that more than 25,000 developers had their secrets compromised within three days.…

Months after China-linked spies burrowed into US networks, regulator tears up its own response

The Federal Communications Commission (FCC) has scrapped a set of telecom cybersecurity rules introduced after the Salt Typhoon espionage campaign, reversing course on measures designed to stop state-backed snoops from slipping back into America's networks.…

Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix

CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix was released.…

Reflections on coaching, collaboration, and the pursuit of excellence in cyber security

Partner Content  From 6th to 10th October 2025, ten exceptional cyber enthusiasts proudly flew the flag for the United Kingdom in the European Cyber Security Challenge (ECSC), held this year in the vibrant setting of Poland.…

The shoemaker’s children have new friends

The International Association for Cryptologic Research will run a second election for new board members and other officers, after it was unable to complete its first poll due to a lost encryption key.…

PLUS: Manga publishers win Cloudflare copyright case; India, EU to link payment systems; Storm over Australia’s weather website; And more!

Asia In Brief  Infosys co-founder Narayana Murthy has suggested Indian citizens should work even longer, suggesting his previous target of 70-hour weeks could climb to 72.…

PLUS: CISA issues drone warning; China-linked DNS-hijacking malware; Prison for BTC Samourai; And more

Infosec In Brief  Researchers have urged users of the glob file pattern matching library to update their installations, after discovery of a years-old remote code execution flaw in the tool's CLI.…

'I have compromised other known OAuth apps,' Shiny tells The Reg

EXCLUSIVE  ShinyHunters has claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers.…

Prosecutors say front companies, falsified paperwork, and overseas drop points used to dodge US export rules

Four people have been charged in the US with plotting to funnel restricted Nvidia AI chips into China, allegedly relying on shell firms, fake invoices, and covert routing to slip cutting-edge GPUs past American export controls.…

UK cops trace street-level crime to sanctions-busting networks tied to Moscow's war economy

On Christmas Day 2024, a Russian-linked laundering network bought itself a very special present: a controlling stake in a Kyrgyzstan bank, later used to wash cybercrime profits and funnel money into Moscow's war machine, according to the UK's National Crime Agency (NCA).…

A multi-layered security framework protecting large-model applications from adversarial threats, data leakage, API abuse, and content risks

Partner Content  At MWC Shanghai 2025, ZTE has officially launched its ZXCSec MAF product, a dedicated application-layer security protection device specifically designed for large model services.…

Relies on very loose permissions, but don’t worry – Google wrote it in Rust

Google has linked Android’s wireless peer-to-peer file sharing tool Quick Share to Apple’s equivalent AirDrop.…

Company 'clearly delighted' with the outcome

The US Securities and Exchange Commission (SEC) has abandoned the lawsuit it pursued against SolarWinds and its chief infosec officer for misleading investors about security practices that led to the 2020 SUNBURST attack.…

They keep coming back for more

Salesforce has disclosed another third-party breach in which criminals - likely ShinyHunters (again) - may have accessed hundreds of its customers' data.…

Researchers tried to get ChatGPT to do evil, but it didn't do a good job

LLMs are getting better at writing malware - but they're still not ready for prime time.…