News

They're good at zero-day exploits, too

Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local government agencies since late 2024, according to Microsoft Threat Intelligence.…

A first-of-its-kind legal challenge set to be heard this month, per reports

Apple has reportedly filed a legal complaint with the UK's Investigatory Powers Tribunal (IPT) contesting the UK government's order that it must forcibly break the encryption of iCloud data.…

English football club offers apologies after fans' card details stolen from online retail store

English football club Leeds United says cyber criminals targeted its retail website during a five-day assault in February and stole the card details of "a small number of customers." …

List of attacks by 'No regrets' crew leaking highly sensitive data continues to grow

Qilin – the "no regrets" ransomware crew wreaking havoc on the global healthcare industry – just claimed responsibility for fresh attacks on a cancer treatment clinic in Japan and a women's healthcare facility in the US.…

Stop cyberattacks before they happen with preventative endpoint security

Sponsored Post  Every organization is vulnerable to cyber threats, and endpoint devices are a common target for cyber criminals.…

Hunters International ready to off-shore 1.4 TB of info allegedly swiped from Indian giant

A subsidiary of Indian multinational Tata has allegedly fallen victim to the notorious ransomware gang Hunters International.…

The heap overflow zero-day in the memory unsafe code by Miss Creant

Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.…

No warning, no opt-out, and critic claims ... no consent

Research from a leading academic shows Android users have advertising cookies and other gizmos working to build profiles on them even before they open their first app.…

Says the biz trying to sell us stuff to catch that, admittedly

High-profile deepfake scams that were reported here at The Register and elsewhere last year may just be the tip of the iceberg. Attacks relying on spoofed faces in online meetings surged by 300 percent in 2024, it is claimed.…

Enhancing API security for financial institutions

Partner Content  Open banking has revolutionized financial services, empowering consumers to share their financial data with third-party providers, including fintech innovators.…

Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks

Comment  America's cybersecurity chiefs in recent days have been sending mixed messages about the threat posed by Russia in the digital world.…

Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts

Analysis  It's a familiar refrain in the security industry that there is a massive skills gap in the sector. And while it's true there are specific shortages in certain areas, some industry watchers believe we may be reaching the point of oversupply for generalists.…

Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored

Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a US entity, even with the guarantees in place.…

Officials remain intent on uncovering who was behind it

The Polish Space Agency (POLSA) is currently dealing with a "cybersecurity incident," it confirmed via its X account on Sunday.…

ICO looking at what data is used to serve up recommendations

The UK's data protection watchdog has launched three investigations into certain social media platforms following concerns about the protection of privacy among teenage users.…

Cut off one head and 100 grow back? Decapitation may not be the way to go

Opinion  With Apple pulling the plug on at-rest end-to-end encryption (E2EE) for UK users, and Signal threatening to pull out of Sweden if that government demands E2EE backdoors, it's looking bleak.…

PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more

Infosec In Brief  US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia, as the USA’s Cybersecurity and Infrastructure Security Agency (CISA) has denied any change in its posture.…

Bjarne Stroustrup says standards committee needs to show it can respond to memory safety push

Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory safety shortcomings.…

1 in 3 entries are used to extort civilians, says new paper

Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware attacks.…

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim

Microsoft has named four of the ten people it is suing for allegedly snatching Azure cloud credentials and developing tools to bypass safety guardrails in its generative AI services – ultimately to generate deepfake smut videos of celebrities and others.…