The Register

Remember when government agents didn't wear masks?

While watching us now seems like the least of its sins, the US Immigration and Customs Enforcement (ICE) was once best known (and despised) for its multi-billion-dollar surveillance tech budget.…

Basketball player accused of aiding cybercrime gang extradition blocked in exchange for Swiss NGO consultant

France has released an alleged ransomware crook wanted by the US in exchange for a conflict researcher imprisoned in Russia.…

State-backed attackers are using QR codes to slip past enterprise security and help themselves to cloud logins, the FBI says

North Korean government hackers are turning QR codes into credential-stealing weapons, the FBI has warned, as Pyongyang's spies find new ways to duck enterprise security and help themselves to cloud logins.…

Huntress analysis suggests VM escape bugs were already weaponized in the wild

Chinese-linked cybercriminals were sitting on a working VMware ESXi hypervisor escape kit more than a year before the bugs it relied on were made public.…

Image generation paywalled on X after ministers and regulators start asking awkward questions

Grok has yanked its image-generation toy out of the hands of most X users after the UK government openly weighed a ban over the AI feature that "undressed" people on command.…

As you should, when being told the only remedy is deleting everything and starting again

On Call  2025 has ended and a new year is upon us, but The Register will continue opening Friday mornings with a fresh installment of On Call – the reader-contributed column that tells your tales of tech support.…

Authentication is basically solved. Authorization is another thing entirely...

CrowdStrike has signed a $740 million deal to buy identity security startup SGNL. The move underscores the growing threat of identity-based attacks as companies struggle to secure skyrocketing numbers of non-human identities, including AI agents.…

No reports of active exploitation … yet

Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information - and warned that a public, proof-of-concept exploit for the flaw exists online.…

Cop wins hit crime infrastructure, not the people behind it

If 2025 was meant to be the year ransomware started dying, nobody appears to have told the attackers.…

Max-severity OneView hole joins a PowerPoint bug that should've been retired years ago

CISA has added a pair of security holes to its actively exploited list, warning that attackers are now abusing a maximum-severity bug in HPE's OneView management software and a years-old flaw in Microsoft Office.…

Lawyers say Musk's platform may face punishment under Online Safety Act priority offenses

Elon Musk's X platform is under fire as UK regulators close in on mounting reports that the platform's AI chatbot, Grok, is generating sexual imagery without users' consent.…

Unauthenticated RCE means anyone on the network can seize full control

A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete takeover, courtesy of a flaw so bad it doesn't even require logging in.…

Happy Groundhog Day!

Security researchers at Radware say they've identified several vulnerabilities in OpenAI's ChatGPT service that allow the exfiltration of personal information.…

They also hallucinate when writing ransomware code

Interview  With everyone from would-be developers to six-year-old kids jumping on the vibe coding bandwagon, it shouldn't be surprising that criminals like automated coding tools too.…

Company says it dropped the ball, apologizes for wasting people's time

Logitech says an expired developer certificate is to blame after swaths of customers were left infuriated when their mice malfunctioned.…

Suggests rotten routing, not evidence of a cyber-strike before kinetic action

Cloudflare has poured cold water on a theory that the USA’s incursion into Venezuela coincided with a cyberattack on telecoms infrastructure.…

Prompt injection lets risky commands slip past guardrails

IBM describes its coding agent thus: "Bob is your AI software development partner that understands your intent, repo, and security standards." Unfortunately, Bob doesn't always follow those security standards.…

Two weeks, two major data leaks … not a good look for the European Space Agency

exclusive  The European Space Agency on Wednesday confirmed yet another massive security breach, and told The Register that the data thieves responsible will be subject to a criminal investigation. And this could be a biggie.…

pcTattletale boss Bryan Fleming faces up to 15 years in prison when sentenced later this year

The US government has secured a guilty plea from a stalkerware maker in federal court, marking just the second time in more than a decade that the US has managed to prosecute a consumer spyware vendor successfully. …

Negative feedback sinks Redmond's plan to cap outbound email recipients

Microsoft has backed away from planned changes to Exchange Online after customers objected to limits designed to curb outbound email abuse.…