The Register

If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help

An alleged security SNAFU that occurred during the Obama administration has finally been settled under the second Trump administration.…

If you want to avoid urgent patches, stop exposing management consoles to the public internet

A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain root access to affected systems.…

Because stealing your credentials, banking info, and IP just wasn’t enough

A new variant of Snake Keylogger is making the rounds, primarily hitting Windows users across Asia and Europe. This strain also uses the BASIC-like scripting language AutoIt to deploy itself, adding an extra layer of obfuscation to help it slip past detection.…

Called it an 'incident' in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word

US newspaper publisher Lee Enterprises is blaming its recent service disruptions on a "cybersecurity attack," per a regulatory filing, and is the latest company to avoid using the dreaded R word.…

Exploit code now available for MitM and DoS attacks

Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.…

Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees

Opinion  Nobody likes The Man. When a traffic cop tells you to straighten up and slow down or else, profound thanks are rarely the first words on your lips. Then you drive past a car embedded in a tree, surrounded by blue lights and cutting equipment. Perhaps Officer Dibble had a point.…

Devices containing crypto wallets tracked online, then in the real world

Indian authorities seize loot from BitConnect crypto-Ponzi scheme Devices containing crypto wallets tracked online, then in the real world India’s Directorate of Enforcement has found and seized over $200 million of loot it says are the proceeds of the BitConnect crypto-fraud scheme.…

Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert

Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…

PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more!

Infosec In Brief  A security researcher has found that Google could leak the email addresses of YouTube channels, which wasn’t good because the search and ads giant promised not to do that.…

PLUS: Pacific islands targeted by Chinese APT; China’s new rocket soars; DeepSeek puts Korea in a pickle; and more

Asia In Brief  The head of Fujitsu’s North American operations has warned that the Trump administration’s tariff plans will be bad for business.…

El Reg shows you how to run Zypher's speech-replicating AI on your own box

Hands on  Palo Alto-based AI startup Zyphra unveiled a pair of open text-to-speech (TTS) models this week said to be capable of cloning your voice with as little as five seconds of sample audio. In our testing, we generated realistic results with less than half a minute of recorded speech.…

'In 50 years, I think we'll view these business practices like we view sweatshops today'

Interview  It has been nearly a decade since famed cryptographer and privacy expert Bruce Schneier released the book Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World - an examination of how government agencies and tech giants exploit personal data. Today, his predictions feel eerily accurate.…

Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir

Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus Microsoft Teams meeting invites to trick victims in key government and business sectors into handing over their authentication tokens, granting access to emails, cloud data, and other sensitive information.…

Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew

Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…

High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further

A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.…

Officer says mistakenly published police details were shared 'a considerable amount of times'

Two suspected New IRA members were arrested on Tuesday and charged under the Terrorism Act 2000 after they were found in possession of spreadsheets containing details of staff that the Police Service of Northern Ireland (PSNI) mistakenly published online.…

Germany's Federal Cartel Office voices concerns iPhone maker may be breaking competition law

Apple is feeling the heat over its acclaimed iPhone privacy policy after a German regulator's review of iOS tracking consent alleged that the tech giant exempted itself from the rules it enforces on third-party developers.…

Some employees steal sticky notes, others 'borrow' malicious code

A crew identified as a Chinese government-backed espionage group appears to have started moonlighting as a ransomware player – further evidence that lines are blurring between nation-state cyberspies and financially motivated cybercriminals.…

Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks

China's Salt Typhoon spy crew exploited vulnerabilities in Cisco devices to compromise at least seven devices linked to global telecom providers and other orgs, in addition to its previous victim count.…

Senator, Congressman tell DNI to threaten infosec agreements if Blighty won't back down

US lawmakers want newly confirmed Director of National Intelligence Tulsi Gabbard to back up her tough talk on backdoors. They're urging her to push back on the UK government's reported order for Apple to weaken iCloud security for government access.…