The Register

And then they send victims to the legit VPN download to hide their tracks

A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients from CheckPoint, Cisco, Fortinet, Ivanti, and other vendors to steal users' credentials, according to Microsoft.…

Operation Synergia's third season is the most productive to date

Ninety-four people were arrested as part of a global, multi-month cybercrime crackdown, Interpol revealed today.…

Take your YOLO and box it up

exclusive  NanoClaw, an open source agent platform, can now run inside Docker Sandboxes, furthering the project's commitment to security.…

Skia graphics lib and V8 JavaScript engine brings browser's tally of actively exploited bugs to three in 2026

Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before the patches landed.…

Prompt like a hard-ass boss who won't tolerate failure and bots will find ways to breach policy

AI agents work together to bypass security controls and stealthily steal sensitive data from within the enterprise systems in which they operate, according to tests carried out by frontier security lab Irregular.…

International cops stuck down 23 servers in 7 countries

Cops from eight countries this week disrupted SocksEscort, a residential proxy service used by criminals to compromise hundreds of thousands of routers worldwide and carry out digital fraud, costing businesses and consumers millions.…

No rest for project maintainers battered by slew of vulnerability disclosures

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n.…

Like deleting data, exposing keys, and loading malicious content, perhaps leading to government ban

China’s National Computer Network Emergency Response Technical Team has warned locals that the OpenClaw agentic AI tool poses significant security risks.…

State news published a list of nearly 30 sites that could be targeted

Iran has reportedly designated Amazon, Google, IBM, Microsoft, Nvidia, Oracle, and Palantir facilities as legitimate targets of retaliatory strikes, according to an Al Jazeera report citing Iran’s state-affiliated Tasnim news agency.…

Meanwhile, Verifone says 'no evidence' to support the digital intruders' claims

A hacking crew with ties to Iran's intelligence agency claimed to be behind a global network outage at med-tech firm Stryker on Wednesday, and said the cyberattack was in response to the US-Israel airstrikes.…

150k accounts nuked, 21 suspects arrested

Not every scam starts with malware or a compromised account. Sometimes all it takes is a friend request or a link shared via chat.…

Blue-on-blue internal investigation lands force £66k fine

The UK's data protection watchdog has fined Police Scotland £66,000 ($88,000) for what it calls a "serious failure" in handling an alleged victim's sensitive data.…

Officials suspend Basel-Stadt trial and launch probe

A Swiss canton has suspended its pilot of electronic voting after failing to count 2,048 votes cast in national referendums held on March 8.…

17-year-old allegedly withdrew large sums of cash from ATMs

Dutch police have arrested a 17-year-old boy who detectives suspect was responsible for 16 bank card frauds across the Netherlands.…

Advocate General urges rethink of PSD2 to speed compensation after scams

Analysis  One of the European Union's top legal advisors is trying to change how banks treat cybercrime victims – meaning they could enjoy greater financial protections sooner than expected.…

Reflecting on the relaunch of the UK Cyber Team and introducing the next phase of leadership

Partner Content  The UK Cyber Team is a government initiative led by the Department for Science, Innovation and Technology in partnership with SANS Institute. Its purpose is to identify, develop, and support the UK’s most promising emerging cyber talent, while ensuring the UK is represented with confidence and credibility on the international cyber stage.…

Could steal sensitive personal and financial data

After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn't exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we're sure is a welcome change to sysadmins.…

Ransomware, malware-as-a-service, infostealers benefit MOIS, too

Iranian government-backed snoops are increasingly using cybercrime malware and ransomware infrastructure in their operations - not just hiding behind criminal masks as a cover for destructive cyber activity, according to security researchers.…

Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate’s campaign page

Cyber baddies quietly compromised legitimate WordPress websites, including the campaign site of a US Senate candidate, turning them into launchpads for a global infostealer operation.…

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines.…