The Register

Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel

Hackers have found a new use for OpenAI's Assistants API – not to write poems or code, but to secretly control malware.…

South Korea's president laughed, so perhaps it was funny? Unlike China's censorship and snooping

Chinese president Xi Jinping has joked that smartphones from Xiaomi might include backdoors.…

55 cuffed last week after court ruled sting operation was legal

Australian police last week made 55 arrests using evidence gathered with a backdoored messaging app that authorities distributed in the criminal community.…

Even AI has doubts about the claim that '80% of ransomware attacks are AI-driven'

Do 80 percent of ransomware attacks really come from AI? MIT Sloan has now withdrawn a working paper that made that eyebrow-raising claim after criticism from security researcher Kevin Beaumont.…

This is not what people mean when they say: 'You should get a side hustle'

A ransomware negotiator and an incident response manager at two separate cybersecurity firms have been indicted for allegedly carrying out ransomware attacks of their own against multiple US companies.…

Last year's winner scored a $65M funding round on a $300M valuation

Cloud and AI security startups have two weeks to apply for a program that fast-tracks access to investors and mentors from Amazon Web Services, CrowdStrike, and Nvidia.…

Old-school cargo heists reborn in the cyber age

Cybercriminals are increasingly orchestrating lucrative cargo thefts alongside organized crime groups (OCGs) in a modern-day resurgence of attacks on freight companies.…

But question marks remain over the tech’s biases

London's Metropolitan Police Service (MPS) says the hundreds of live facial recognition (LFR) deployments across the Capital last year led to 962 arrests, according to a new report on the controversial tech's use.…

Ukraine first to deploy open source security platform to isolate incidents, stop lateral movement

Feature  It was a sunny morning in late April when a massive power outage suddenly rippled across Spain, Portugal, and parts of southwestern France, leaving tens of millions of people without electricity for hours.…

PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more

Infosec in brief  Australia’s Signals Directorate (ASD) last Friday warned that attackers are installing an implant named “BADCANDY” on unpatched Cisco IOS XE devices and can detect deletion of their wares and reinstall their malware.…

Rare case of the state turning on its own, but researchers say it may be doing so more often

Russia's Interior Ministry says police have arrested three suspects it believes helped build and spread the Meduza infostealer.…

Bitcoin bridge biz offers 10 percent reward to attackers if they play nice

Blockchain company Garden admits it was compromised and temporarily shut down its app after approximately $11 million worth of assets were stolen.…

Price hikes, politics, and platform fatigue drive organizations back toward open alternatives

OpenInfra Summit  Sovereignty might be the word of the hour, but the OpenStack community has another – resilience.…

Hospitals told to upgrade, but some medical device makers haven't prescribed compatibility yet

NHS hospitals are being blocked from fully upgrading to Windows 11 by a small number of suppliers that have yet to make their medical devices compatible with Microsoft's latest operating system.…

Because fewer people like banknotes, and payment sovereignty is a problem

The Governing Council of the European Central Bank (ECB) has decided the bloc needs a digital version of the Euro, and ordered work that could see it enter circulation in 2029.…

Expired security cert, real Brussels agenda, plus PlugX malware finish the job

Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March – but that Microsoft hasn't fixed yet – to target European diplomats in an effort to steal defense and national security details.…

Service will tell on compromised organizations, even if they didn't plan on doing so themselves

Some orgs would rather you not know when they've suffered a cyberattack, but a new platform from privacy-focused tech firm Proton will shine a light on the big breaches that might otherwise stay buried.…

Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity

Docker Compose users are being strongly urged to upgrade their versions of the orchestration tool after a researcher uncovered a flaw that could allow attackers to stage path traversal attacks.…

PhantomRaven slipped over a hundred credential-stealing packages into npm

A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first downloaded, making them particularly difficult for security apps to identify.…

Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls

Hacktivists have breached Canadian critical infrastructure systems to meddle with controls that could have led to dangerous conditions, marking the latest in a string of real-world intrusions driven by online activists rather than spies.…