The Register

Fashion brand latest to succumb to ShinyHunters' tricks

Canada Goose says an advertised breach of 600,000 records is an old raid and there are no signs of a recent compromise.…

Bungled link handed over sensitive docs, and when recipient didn't cooperate, police opted for cuffs

Dutch police have arrested a man for "computer hacking" after accidentally handing him their own sensitive files and then getting annoyed when he didn't hand them back.…

Researchers demo weaknesses affecting some of the most popular options

Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…

Free beer is great. Securing the keg costs money

fosdem 2026  Open source registries are in financial peril, a co-founder of an open source security foundation warned after inspecting their books. And it's not just the bandwidth costs that are killing them.…

High-severity CSS flaw let malicious webpages run code inside the sandbox

Google has quietly pushed out an emergency Chrome fix after attackers were caught exploiting the browser's first reported zero-day of 2026.…

PLUS: India demands two-hour deepfake takedowns; Singapore embraces AI; Japanese robot wolf gets cuddly; And more

Asia In Brief  The United States may be about to change its policies regarding Chinese technology companies.…

PLUS: Fake ransomware group exposed; EC blesses Google's big Wiz deal; Alleged sewage hacker cuffed; And more

Infosec in Brief  The former General Manager of defense contractor L3Harris’s cyber subsidiary Trenchant sold eight zero-day exploit kits to Russia, according to a court filing last week.…

As if admins haven't had enough to do this week

Ignore patches at your own risk. According to Uncle Sam, a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.…

Names, addresses, bank account numbers accessed – but biz insists passwords and call data untouched

The Netherlands' largest mobile network operator (MNO) has admitted that a breach of its customer contact system may have affected around 6.2 million people.…

Years later, he read about his antagonist doing time for murder

On Call  Welcome to another installment of On Call, The Register's weekly reader-contributed column that tells your tech support tales.…

Are you a good bot or a bad bot?

More than 30 malicious Chrome extensions installed by at least 260,000 users purport to be helpful AI assistants, but they steal users' API keys, email messages, and other personal data. Even worse: many of these are still available on the Chrome Web Store as of this writing.…

As if snooping on your workers wasn't bad enough

Your supervisor may like using employee monitoring apps to keep tabs on you, but crims like the snooping software even more. Threat actors are now using legit bossware to blend into corporate networks and attempt ransomware deployment.…

Flaw abused 'in an extremely sophisticated attack against specific targeted individuals'

Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals.…

Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle

Cybercriminals are turning supply chain attacks into an industrial-scale operation, linking breaches, credential theft, and ransomware into a "self-reinforcing" ecosystem, researchers say.…

Whoever gets it will steer UK department's IT, AI strategy, and megabucks vendor deals

The UK Ministry of Defence (MoD) is offering between £270,000 to £300,000 for a senior digital leader who will oversee more than £4.6 billion in spending and more than 3,000 specialist staff.…

Meanwhile, IP-stealing 'distillation attacks' on the rise

A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot, Gemini, to auto-analyze vulnerabilities and plan cyberattacks against US organizations, the company says.…

Businesses are embedding prompts that produce content they want you to read, not the stuff AI makes if left to its own devices

Amid its ongoing promotion of AI’s wonders, Microsoft has warned customers it has found many instances of a technique that manipulates the technology to produce biased advice.…

Add-ons with 37M installs leak visited URLs to 30+ recipients, researcher says

They know where you've been and they're going to share it. A security researcher has identified 287 Chrome extensions that allegedly exfiltrate browsing history data for an estimated 37.4 million installations.…

The more you share online, the more you open yourself to social engineering

If you've seen the viral AI work pic trend where people are asking ChatGPT to "create a caricature of me and my job based on everything you know about me" and sharing it to social, you might think it's harmless. You'd be wrong.…

Curious port filtering and traffic patterns suggest advisories weren’t the earliest warning signals sent

Telcos likely received advance warning about January's critical Telnet vulnerability before its public disclosure, according to threat intelligence biz GreyNoise.…