The Register

Company refuses to pay ransom as attackers threaten larger daily dumps

The Netherlands' national police is backing Odido's refusal to pay a ransom after ShinyHunters leaked a second round of records belonging to the telco.…

Report claims more vulnerabilities created than fixed as remediation gap widens

Veracode has posted its annual State of Software Security report, based on data from 1.6 million applications tested on its cloud platform, finding that more vulnerabilities are being created than are being fixed, and that high-velocity development with AI is making comprehensive security unattainable.…

Telegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse

Prolific cybercrime crew Scattered Lapsus$ Hunters (SLSH) is reportedly recruiting women in the hope of improving its social engineering success.…

A rare joint alert from all five spy agencies means serious business

The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks.…

Anthropic fixed the flaws - but the AI-enabled attack surfaces remain

Security vulnerabilities in Claude Code could have allowed attackers to remotely execute code on users' machines and steal API keys by injecting malicious configurations into repositories, and then waiting for a developer to clone and open an untrustworthy project.…

UNC2814 historically targets governments and telcos

A China-linked crew found a unique formula for attacking telcos and government orgs across the Americas, Asia, and Africa in its latest round of intrusions. Google's threat intelligence, along with unnamed industry partners, disrupted the gang, which used the Chocolate Factory's own spreadsheet tools as part of its exploits.…

Come for the coding test, stay for the C2 traffic

Next.js developers are once again in the crosshairs as hackers seed malicious repositories disguised as legitimate projects, according to Microsoft, which said a limited set of those repos were directly tied to observed compromises.…

Former Trenchant manager profited millions from cyber tools reserved for the US

The former general manager of L3Harris's cyber arm will spend the next seven years behind bars for selling trade secrets to Russia.…

Security pros question assurances as company offers staff credit monitoring

Wynn Resorts has confirmed that employee data was stolen from its servers, and is taking the hackers' word that they've since deleted it.…

Note to secret agents: ChatGPT is NOT a private diary

A ChatGPT user with links to Chinese law enforcement tried to use the AI chatbot to run smear campaigns targeting the Japanese prime minister and other critics of the Chinese Communist Party, according to OpenAI's latest report on malicious uses of its models.…

And they're being stressed by geopolitical concerns that threaten to slow important data-sharing efforts

Researchers from Georgia Tech have found that the supply chain for threat intelligence data is susceptible to adversarial action, and proposed a method to improve data sharing that they think will make it stronger.…

Discovery is getting cheaper. Validation and patching aren’t

What good is finding a hole if you can't fix it? Anthropic last week talked up Claude Code's improved ability to find software vulnerabilities and propose patches. But security researchers say that's not enough.…

SolarWinds + file transfer software = what attackers' dreams are made of

If you run SolarWinds’ Serv-U, you should patch promptly. Four critical vulnerabilities in the file transfer software can allow attackers to execute code as root.…

New ransomware of choice, same critical targets

North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters.…

When a one-line fix triggers thousands of PRs, something's off

A Go library maintainer has urged developers to turn off GitHub's Dependabot, arguing that false positives from the dependency-scanning tool "reduce security by causing alert fatigue."…

Social media giant retorts it doesn't want to collect 'private' data, and plans to appeal

The UK's data protection regulator has fined social media giant Reddit £14.47 million ($19.5 million) over its use of children's data.…

Public prosecutor mulls sentencing following investigations into two separate attacks

Two South Korean teenagers were this week charged with breaching Seoul's public bike service, Ttareungyi.…

Visa applications down, executives emigrating, and AI blamed for the rest

The number of international workers applying for a visa to work in the UK's tech sector dropped 11 percent between Q2 and Q3 2025, and was down 6 percent year-on-year, according to consultancy RSM UK.…

We like our surface-to-air weapons affordable

Britain has joined a handful of European allies in a program to develop low-cost air defense systems, including autonomous drones or missiles, with project delivery of the first elements scheduled for as early as 2027.…

Not the first of its kind

ai-pocalypse  Anthropic sent the infosec community into a tizzy on Friday when it rolled out Claude Code Security, a new feature that scans codebases for vulnerabilities and suggests patches to fix the issues.…