The Register

No reports of active exploitation (yet)

Watch out for more Fortinet vulns! Two critical bugs in Fortinet's sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems.…

Some customer orgs tell staff to block inbound email from the provider

Autovista confirms that it called in outside support to help clean up a ransomware infection currently affecting systems in Europe and Australia.…

Latest in a string of cases that have earned France an unfortunate title

A mother and her ten-year-old son are now free after being kidnapped for around 20 hours while the father was being extorted for hundreds of thousands of euros.…

Vuln old enough to drive lands on CISA's exploited list

While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit.…

Command prefix will require password by default

The latest version of Raspberry Pi OS now requires a password for sudo by default.…

Open Rights Group says years of reliance on US giants have left Britain exposed

Britain has spent years wiring its public sector into US Big Tech, and a new report says that dependence could quickly become a national security headache.…

Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive

Exclusive  Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal API keys and access tokens, and the vendors who run agents didn’t disclose the problem.…

The company's new software keeps an eye on your agents and backs up data.

Keep your agents close and your agent-monitoring software closer. Commvault’s new AI Protect can discover and monitor AI agents running inside AWS, Azure, and GCP environments and even roll back their actions when something goes wrong.…

One CVE under attack, one already disclosed by angry bug hunter, and 163 more

Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April's mega Patch Tuesday.…

Honey, the skids are fighting again

Two rival ransomware gangs have locked horns after 0APT threatened to expose people affiliated with Krybit.…

One was patched almost 14 years ago

Crooks are exploiting four Microsoft vulnerabilities - one patched 14 years ago and another tied to ransomware activity - according to America's lead cyber-defense agency, which on Monday gave federal agencies two weeks to patch them.…

Google Sites lure leads to bogus root certificate

Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.…

Travel giant says names, contact details, dates, and hotel messages potentially exposed

Booking.com is warning customers that their reservation details may have been exposed to unknown attackers, in the latest reminder that the travel giant still can't quite keep a lid on the data flowing through its platform.…

Names, addresses, dates of birth, and bank details accessed, though not passwords

Basic-Fit, Europe's largest gym chain, has confirmed data including the bank details of around a million customers was stolen from its systems.…

Gang claims it accessed Snowflake metrics via third-party tool

ShinyHunters is back, this time pinning Rockstar Games to its leak site and claiming it didn't so much hack its way in as walk through a door someone else left wide open.…

Benchmarking contract lays groundwork for renegotiating £774M software agreement

NHS England is spending £46,000 on "benchmarking" as it gears up for what looks like the next round of negotiations behind one of the UK public sector's biggest software deals.…

PLUS: Toyota wheels out basketball bot; Arm scores AI server win with SK Telecom; India ponders payment pauses to foil fraudsters; And more!

Asia In Brief  China’s National Data Administration last Friday published its action plan for AI in education which calls for upskilling of the nation’s citizens to ensure they can put the technology to work.…

Or it's a bunch of pre-IPO hype. Either way, we're giving it the once-over on this week's episode

Kettle  Anthropic dropped a doozy on us this week with the launch of Mythos, an AI model it says is able to find and exploit zero-day vulnerabilities with a shocking level of ability. …

Time to start dropping SBOMs

FEATURE  Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from tens of thousands – if not more – organizations. We won't know the full blast radius for months.…

Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts

Hungary's government has discovered the hard way that the biggest threat to national security might just be its own password choices.…