News

That's the way the cookie melts

A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people's private call records.…

Hey, at least Katie Arrington brings a solid resume

Donald Trump's nominee for a critical DoD cybersecurity role sports a resume that outshines many of his past picks, despite previously suspended security clearance.…

You can find out if your GitHub codebase is leaking keys ... but so can miscreants

A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released.…

15GB of sensitive files traced back to former software biz

Typically shoppers can expect to find tie-dye t-shirts, broken lamps and old disco records at flea markets, now it seems storage drives filled with huge volumes of sensitive data can be added to that list.…

Showbiz members' passport scans already plastered online

A London talent agency has reported itself to the UK's data protection watchdog after the Rhysida ransomware crew last week claimed it had attacked the business, which represents luminaries of stage and screen.…

If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help

An alleged security SNAFU that occurred during the Obama administration has finally been settled under the second Trump administration.…

If you want to avoid urgent patches, stop exposing management consoles to the public internet

A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain root access to affected systems.…

Because stealing your credentials, banking info, and IP just wasn’t enough

A new variant of Snake Keylogger is making the rounds, primarily hitting Windows users across Asia and Europe. This strain also uses the BASIC-like scripting language AutoIt to deploy itself, adding an extra layer of obfuscation to help it slip past detection.…

Called it an 'incident' in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word

US newspaper publisher Lee Enterprises is blaming its recent service disruptions on a "cybersecurity attack," per a regulatory filing, and is the latest company to avoid using the dreaded R word.…

Exploit code now available for MitM and DoS attacks

Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.…

Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees

Opinion  Nobody likes The Man. When a traffic cop tells you to straighten up and slow down or else, profound thanks are rarely the first words on your lips. Then you drive past a car embedded in a tree, surrounded by blue lights and cutting equipment. Perhaps Officer Dibble had a point.…

Devices containing crypto wallets tracked online, then in the real world

Indian authorities seize loot from BitConnect crypto-Ponzi scheme Devices containing crypto wallets tracked online, then in the real world India’s Directorate of Enforcement has found and seized over $200 million of loot it says are the proceeds of the BitConnect crypto-fraud scheme.…

Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert

Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…

PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more!

Infosec In Brief  A security researcher has found that Google could leak the email addresses of YouTube channels, which wasn’t good because the search and ads giant promised not to do that.…

PLUS: Pacific islands targeted by Chinese APT; China’s new rocket soars; DeepSeek puts Korea in a pickle; and more

Asia In Brief  The head of Fujitsu’s North American operations has warned that the Trump administration’s tariff plans will be bad for business.…

El Reg shows you how to run Zypher's speech-replicating AI on your own box

Hands on  Palo Alto-based AI startup Zyphra unveiled a pair of open text-to-speech (TTS) models this week said to be capable of cloning your voice with as little as five seconds of sample audio. In our testing, we generated realistic results with less than half a minute of recorded speech.…

'In 50 years, I think we'll view these business practices like we view sweatshops today'

Interview  It has been nearly a decade since famed cryptographer and privacy expert Bruce Schneier released the book Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World - an examination of how government agencies and tech giants exploit personal data. Today, his predictions feel eerily accurate.…

Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir

Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus Microsoft Teams meeting invites to trick victims in key government and business sectors into handing over their authentication tokens, granting access to emails, cloud data, and other sensitive information.…

Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew

Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…

High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further

A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.…