The Register

AI goes off the rails … because of shoddy guardrails

Researchers at Pen Test Partners found four flaws in Eurostar's public AI chatbot that, among other security issues, could allow an attacker to inject malicious HTML content or trick the bot into leaking system prompts. Their thank you from the company: being accused of "blackmail."…

Crooks used platform to scoop up and store banking credentials for big-money thefts

The US says it has shut down a platform used by cybercriminals to break into Americans' bank accounts.…

Plans move to Rust, with help from AI

Microsoft wants to translate its codebase to Rust, and is hiring people to make it happen.…

Customers will be able to see vulnerabilities, prioritize risks, and close them with automated workflows.

After over a week of speculation, ServiceNow announced on Tuesday that it has agreed to buy cybersecurity heavyweight Armis in a $7.75 billion deal that will see the workflow giant incorporate a real-time security intelligence feed into its products.…

Automaker's third security snafu in three years

Thousands of Nissan customers are learning that some of their personal data was leaked after unauthorized access to a Red Hat-managed server, according to the Japanese automaker.…

Redmond gets in early for the twelve whoopsies of Christmas

Microsoft has hustled out an out-of-band update to address a Message Queuing issue introduced by the December 2025 update.…

And it's especially dangerous because the code works

A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals messages, harvests credentials and contacts, and hijacks users' WhatsApp accounts.…

SEC filings show the outfit cut projected 2027 cloud purchase commitments by $114M

Security vendor Palo Alto Networks is expanding its Google Cloud partnership, saying it will move "key internal workloads" onto the Chocolate Factory's infrastructure. The outfit also claims it is tightening integrations between its security tools and Google Cloud to deliver what it calls a "unified" security experience. At the same time, Palo Alto may trim its own cloud purchase commitments.…

Ah, the good old days when 0-day development took a year

Interview  "In my past life, it would take us 360 days to develop an amazing zero day," Zafran Security CEO Sanaz Yashar said.…

Anna’s Archive’s idealism doesn’t quite survive its own blog post

What would happen to the world's music collections if streaming services disappeared? One hacktivist group says it has a solution: scrape around 300 terabytes of music and metadata from Spotify and offer it up for free as what it calls the world’s first “fully open” music preservation archive.…

Judge says former most-wanted fugitive Mark Acklom will likely never return to the UK

The UK's Crown Prosecution Service (CPS) says a fraudster who claimed to be part of MI6 must repay £125,000 ($168,000) to a former love interest that he conned.…

On-site staff keep key systems working while all but one region battles with encrypted PCs

Romania's cybersecurity agency confirms a major ransomware attack on the country's water management administration has compromised around 1,000 systems, with work to remediate them still ongoing.…

SK Telecom's epic infosec faill will cost it another $1.5 billion

South Korea’s government on Friday announced it will require local mobile carriers to verify the identity of new customers with facial recognition scans, in the hope of reducing scams.…

PLUS: Debian supports Chinese chips ; Hong Kong’s Christmas Karaoke crackdown; Asahi admits it should have prevented hack; And more!

APAC in Brief  Google and Apple last week started to allow developers of mobile applications to distribute their wares through third-party app stores and accept payments from alternative payment providers.…

PLUS: Texas sues alleged TV spies; The Cloud is full of holes; Hospital leaked its own data; And more

Infosec In Brief  Google will soon end its “Dark Web Report”, an email service that alerts users when their personal information appears on the internet’s dark underbelly.…

A rare case of deliberately trying to induce an outage

A staffer at the USA’s National Institute of Standards and Technology (NIST) tried to disable backup generators powering some of its Network Time Protocol infrastructure, after a power outage around Boulder, Colorado, led to errors.…

Latest charges join the mountain of indictments facing alleged Tren de Aragua members

A Venezuelan gang described by US officials as "a ruthless terrorist organization" faces charges over alleged deployment of malware on ATMs across the country, illegally siphoning millions of dollars.…

Newly disclosed vulnerability already being abused, users urged to lock down exposed firewalls

WatchGuard is in emergency patch mode after confirming that a critical remote code execution flaw in its Firebox firewalls is under active attack.…

Attackers helped themselves to historical personal info on 27K people

The University of Sydney is ringing around thousands of current and former staff and students after admitting attackers helped themselves to historical personal data stashed inside one of its online code repositories.…

Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform

Hewlett Packard Enterprise has told customers to drop whatever they're doing and patch OneView after admitting a maximum-severity bug could let attackers run code on the management platform without so much as a login prompt.…