The Register

Ransomware, malware-as-a-service, infostealers benefit MOIS, too

Iranian government-backed snoops are increasingly using cybercrime malware and ransomware infrastructure in their operations - not just hiding behind criminal masks as a cover for destructive cyber activity, according to security researchers.…

Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate’s campaign page

Cyber baddies quietly compromised legitimate WordPress websites, including the campaign site of a US Senate candidate, turning them into launchpads for a global infostealer operation.…

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines.…

Crooks used simple phone scam to compromise vendor account, spilling personal and financial data belonging to more than 15,000 people

A voice-phishing scam targeting one of Ericsson's service providers has exposed the personal data of more than 15,000 individuals after attackers sweet-talked an employee into handing over access.…

Digital freedom needs a Kali Linux for the rest of us

Opinion  The hacker mind is a curious way to be. To have it means to embody endless analytical curiosity, an awareness of any given rule set as just one system among many, and an ability to see any system in ways that its creators never expected. Combine this with a drive to find the bad and make things better, and you become one of the fundamental forces of the technological universe.…

Kids profited from tools used to attack popular websites, say officials

Polish police have referred seven suspected juvenile cybercriminals to family court over an alleged scheme to flog DDoS kits online.…

David and Goliath…but with AI agents

Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey's internal AI platform and gained full read and write access to the chatbot in just two hours.…

And they abused a Mandiant-developed open source tool in the attacks

ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself.…

An attack on the company’s AWS platform may have exposed customers' names and home addresses

Exclusive  ELECQ, maker of smart electric vehicle (EV) chargers, is warning customers that their personal details may have been stolen in a ransomware attack that encrypted and copied user data from its cloud systems.…

Two-week deadline to fraudsters to fess up or have their faces plastered across every screen in the country

Dutch national police are taking a novel stand against scammers - 100 suspects now have less than two weeks to hand themselves in or face public shaming.…

Dutch spies flag large-scale campaign to hijack secure messaging accounts

Russian-linked hackers are trying to break into the Signal and WhatsApp accounts of government officials, journalists, and military personnel globally – not by cracking encryption, but by simply tricking people into handing over the keys.…

This isn't just a nostalgia trip – billions of legacy microcontrollers may be at risk

AI can reverse engineer machine code and find vulnerabilities in ancient legacy architectures, says Microsoft Azure CTO Mark Russinovich, who used his own Apple II code from 40 years ago as an example.…

Britain's Ministry of Defence wants a counter-drone system designed, contracted, and delivered within weeks

Britain's Royal Navy is urgently seeking a ship-based counter-drone system and recent world events likely explain why.…

Cyber is no longer the hush-hush thing it used to be, as team Trump invades Iran with hackers taking the lead

Kettle  Unlike previous military conflicts, the cyber domain has been front and center since the Trump administration invaded Iran, upending the traditionally quiet role played by hackers in military conflicts.…

PLUS: Europol takes down two crime gangs; LastPass users phished (again); Crooks increase crypto hauls; And more

Infosec In Brief  The FBI is investigating a breach of its systems which reportedly affected systems related to wiretapping and surveillance.…

Crims 'will do what gets them their objective easiest and fastest,' Microsoft threat intel boss tells The Reg

interview  AI agents allow cybercriminals and nation-state hackers to outsource the "janitorial-type work" needed to plan and carry out cyberattacks, according to Sherrod DeGrippo, Microsoft's GM of global threat intelligence. North Korea is taking advantage.…

Now if only device makers would deliver higher quality components

Thanks to Anthropic's AI and its bug-detecting abilities, Firefox users can now enjoy stronger security. Unfortunately, if browser crashes rather than security flaws are the problem, Claude probably can't help.…

Steals SMS messages, location data, contacts … and delivers it to Hamas-linked crew

Hamas-linked attackers are dropping spyware disguised as an emergency-alert app on Israelis' smartphones via SMS messages, according to security researchers.…

Switchzilla says flaws could allow file overwrites or privilege escalation

Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.…

Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves

A new twist on the long-running ClickFix scam is now tricking Windows users into launching Windows Terminal and pasting malware into it themselves – handing the credential-stealing Lumma infostealer the keys to their browser vault.…