The Register

Automaker admits raid that crippled its factories in August led to the theft of sensitive info

Jaguar Land Rover (JLR) has reportedly told staff the cyber raid that crippled its operations in August didn't just bring production to a screeching halt – it also walked off with the personal payroll data of thousands of employees.…

Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse

Apple and Google have both issued emergency patches after zero-day bugs were caught being actively exploited in what the companies describe as "sophisticated" real-world attacks.…

Minister insists 'modest' bill is not an assault on privacy-preserving tech

The Danish government wants the public to weigh in on its proposed laws restricting use of VPNs to access certain corners of the internet.…

I'm dreaming of a white hat mass

Opinion  It was 40 years ago that four young British hackers set about changing the law, although they didn't know it at the time. It was a cross-platform attack including a ZX Spectrum, a BBC Micro, and a Tatung Einstein slamming British Telecom's Prestel service over dial-up modems at 75 bits per second.…

PLUS: Drugs found in ink cartridges; Chinse censorship fighters criticize Vultr; Coupang CEO resigns; And more!

Asia In Brief  A SpaceX executive has claimed that a Chinese satellite launch came within 200 meters of hitting a Starlink satellite.…

PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more

Infosec In Brief  The UK's National Cyber Security Centre (NCSC) has found that cyber-deception tactics such as honeypots and decoy accounts designed to fool attackers can be useful if implemented very carefully.…

Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg

A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online.…

And the earlier React2Shell patch is vulnerable

If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it should patch quickly.…

Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move

Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.…

Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements

The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.…

Rights groups say digital-only record is leaking data and courting trouble

Civil society groups are urging the UK's data watchdog to investigate whether the Home Office's digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and design failures that are exposing sensitive personal information while leaving migrants unable to prove their lawful status.…

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews

Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling.…

Judge said his fraud was on 'epic, generational scale'

Terraform Labs founder Do Kwon will spend 15 years in jail after pleading guilty to committing fraud.…

Operators accidentally left a way for you to get your data back

CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There's some bad news and some good news here.…

No details, no CVE, update your browser now

Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world's most popular browser's eighth zero-day bug of 2025.…

UK data regulator says failures were unacceptable for a company managing the world's passwords

The UK's Information Commissioner's Office (ICO) says LastPass must cough up £1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to 1.6 million UK users.…

Skills gained later fed Beijing's cyber operations, according to SentinelLabs expert

A security researcher specializing in tracking China threats claims two of Salt Typhoon's members were former attendees of a training scheme run by Cisco.…

Flare warns devs are unwittingly publishing production-level secrets

Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500 firm and a major bank.…

Workers frustrated with security-first changes to workflows and teething issues

Exclusive  Seven months after a landmark cyberattack, the UK's Legal Aid Agency (LAA) says it's returning to pre-breach operations, although law firms are still wrestling with buggy and more laborious systems.…

More than half of internet-exposed instances already compromised

Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.…