The Register

One cert, in plaintext, on thousands of devices, led to what looks like years of crime

South Korea’s Ministry of Science and ICT has found that local carrier Korea Telecom (KT) deployed thousands of badly secured femtocells, leading to an attack that enabled micropayments fraud and snooping on customers’ communications – maybe for years.…

There's more where that came from, CEO says

Rogue insiders suspected of taking bribes to hand over Coinbase customer records to criminals are beginning to face justice, according to CEO Brian Armstrong.…

Extortion group Lovely claims to have stolen 40 million pieces of info from publisher Conde Nast

A criminal group is beating Conde Nast over the head for not responding sooner to its extortion attempt by posting stolen subscribers' email and home addresses and warning the publisher of Wired, The New Yorker, Vanity Fair, and Teen Vogue that it has 40 million more entries.…

Countries that banded together to challenge Boeing in the air try to do the same to AWS, Microsoft, and Google on the ground

Feature  More than half a century ago, a consortium of European aerospace businesses from the UK, France, Germany and Spain joined forces to take on America's Boeing. Fast forward to the 21st century and the countries are applying the same model needs to the world of cloud computing, giving the continent a fighting chance to reduce the digital domination of Big Tech.…

Former staffer of Korean e-tailer Coupang accessed 33 million records but may have done less damage than feared

Korean e-tailer Coupang claims a former employee has admitted to improperly accessing data describing 33 million of its customers, but says the accused deleted the stolen data.…

The human harms of cyberattacks piled up this year, and violence expected to increase

The knock-on, and often unintentional, impacts of a cyberattack are so rarely discussed. As an industry, the focus is almost always placed on the economic damage: the ransom payment; the cost of business downtime; and goodness, don't forget those poor shareholders.…

Practice makes perfect

It's the most wonderful time of the year … for corporate security bosses to run tabletop exercises, simulating a hypothetical cyberattack or other emergency, running through incident processes, and practicing responses to ensure preparedness if when a digital disaster occurs.…

In supercharged AI race, defenders need to keep up

interview  According to Remedio CEO Tal Kollender, the only way to beat the bad guys hacking into corporate networks is to "think like a hacker," and because not everyone is a teenage hacker turned cybersecurity startup chief executive, she built an AI to do this.…

AI goes off the rails … because of shoddy guardrails

Researchers at Pen Test Partners found four flaws in Eurostar's public AI chatbot that, among other security issues, could allow an attacker to inject malicious HTML content or trick the bot into leaking system prompts. Their thank you from the company: being accused of "blackmail."…

Crooks used platform to scoop up and store banking credentials for big-money thefts

The US says it has shut down a platform used by cybercriminals to break into Americans' bank accounts.…

Plans move to Rust, with help from AI

Microsoft wants to translate its codebase to Rust, and is hiring people to make it happen.…

Customers will be able to see vulnerabilities, prioritize risks, and close them with automated workflows.

After over a week of speculation, ServiceNow announced on Tuesday that it has agreed to buy cybersecurity heavyweight Armis in a $7.75 billion deal that will see the workflow giant incorporate a real-time security intelligence feed into its products.…

Automaker's third security snafu in three years

Thousands of Nissan customers are learning that some of their personal data was leaked after unauthorized access to a Red Hat-managed server, according to the Japanese automaker.…

Redmond gets in early for the twelve whoopsies of Christmas

Microsoft has hustled out an out-of-band update to address a Message Queuing issue introduced by the December 2025 update.…

And it's especially dangerous because the code works

A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals messages, harvests credentials and contacts, and hijacks users' WhatsApp accounts.…

SEC filings show the outfit cut projected 2027 cloud purchase commitments by $114M

Security vendor Palo Alto Networks is expanding its Google Cloud partnership, saying it will move "key internal workloads" onto the Chocolate Factory's infrastructure. The outfit also claims it is tightening integrations between its security tools and Google Cloud to deliver what it calls a "unified" security experience. At the same time, Palo Alto may trim its own cloud purchase commitments.…

Ah, the good old days when 0-day development took a year

Interview  "In my past life, it would take us 360 days to develop an amazing zero day," Zafran Security CEO Sanaz Yashar said.…

Anna’s Archive’s idealism doesn’t quite survive its own blog post

What would happen to the world's music collections if streaming services disappeared? One hacktivist group says it has a solution: scrape around 300 terabytes of music and metadata from Spotify and offer it up for free as what it calls the world’s first “fully open” music preservation archive.…

Judge says former most-wanted fugitive Mark Acklom will likely never return to the UK

The UK's Crown Prosecution Service (CPS) says a fraudster who claimed to be part of MI6 must repay £125,000 ($168,000) to a former love interest that he conned.…

On-site staff keep key systems working while all but one region battles with encrypted PCs

Romania's cybersecurity agency confirms a major ransomware attack on the country's water management administration has compromised around 1,000 systems, with work to remediate them still ongoing.…