Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package Microsoft says GigaWiper combines at least 3 malware families into one modular tool
Fashion mart Miinto unzips breach details, warns shoppers to watch for phisherfolk Copenhagen company ‘sorry’ after 'perpetrator' pops order management system
Scot NHS Trust probes email stuffup involving maternity patients' data NHS Forth Valley is the latest health board to bungle basic email data protection principles
Microsoft warns customers AI will mean busier Patch Tuesdays More patches mean more reasons to buy Redmond’s auto-patching tools
An unnamed US county – perhaps in Ohio – paid $1M extortion demand to cybercriminals Leaked negotiations spill the tea
EU 'Chat Control' snoopfest returns after vote to kill it falls short Opponents won the count but missed the 360-seat threshold needed to stop the interim CSAM-scanning rule
Microsoft closes book on Nightmare Eclipse's RoguePlanet zero-day Weeks after the exploit code dropped, Redmond has finally ships a fix for the Defender zero-day
Accenture admits to 'isolated matter' after crook tries to flog alleged 35GB haul Consulting giant says it has 'remediated ... source' after crook claims to offer source code, keys, and cloud creds for sale
Thief posed as Wi-Fi fixing hero, then stole priceless trophy If people think you are doing a legitimate job, you can get away with anything
Suspected Chinese snoops caught breaking into universities' Roundcube mailservers Proofpoint researcher tells The Reg: 'We estimate the total volume of targets would be a few dozen'
GitHub Copilot: Sorry Dave, I can't do that harmful thing - unless you ask me in code More fun with AI jailbreaks, this time at the workflow level
Tool promises to make lazy academics' AI-written papers sound more human Startup insists it's not trying to help anyone cheat the system - honest!
Bug in top AI coding agents shows that Unix-era security headaches never really die 'GhostApproval' problem highlights human-in-the-loop fails
China tells devs to ditch Claude Code over 'backdoor code' fears National vulnerability database claims monitoring mechanism can forward Chinese users' data to remote servers
Windows is watching: Anti-piracy tool fingers Scattered Spider suspect Along with other telemetry, Windows GDID makes online activity more traceable
GitHub AI agent leaks private repos when asked nicely Per usual, there's no fix – or even any documentation – for GitLost
CAI cloud worm gives competitors' malware the boot, then steals secrets and mines for coin Dog-eat-dog world for credential-stealing attackers
Predatorgate snoopfest victims launch €8M sueball at spyware maker Greek lawsuit comes as rights campaigners lobby the EU to take firmer stance on spyware abuses
Enterprise AI still smarting from leaping before looking Majority report AI-related security incidents or vulnerabilities
Fake IT bods on Microsoft Teams coax workers into installing malware Unit 42 says attackers are posing as helpdesk staff and persuading employees to hand over remote control before dropping EtherRAT trojan
Spain collars alleged pro-Russia hacktivist after FBI tip-off Palencia man suspected of links to CARR, Z-Pentest, and NoName057(16), plus helping a Ukrainian hacker flee to Russia
Government's cyber pledge lands 60 signatories, including M&S and, somehow, Capita Whitehall's latest attempt to boost corporate cyber hygiene has already produced a curious roll call
EU urged to act after Pegasus infects phone of spyware inquiry MEP Campaigners demand investigation and long-delayed action on PEGA Committee recommendations
Brit supermarket giant triples down on facial recog to nab shoplifters Up to 150 more stores to get the 'Orwellian' tech by year's end
Moody Bible Institute breach leaves 2.3M accounts needing salvation, says cyber expert ShinyHunters leaks names, addresses, DOBs, and more after Christian college discloses cyberattack
Secure Unix ancestor KSOS did type safety before Rust made it cool Modula-based source code resurfaces after nearly four decades
MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage Financial institutions are putting their clients at risk in the name of convenience.
Confidential computing's trust mechanism is broken. The fix may not exist Attested TLS: the handshake that can't prove who's on the other end
AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data Third-party contractor compromise exposed health information and insurance billing passwords
NetNut cracked as Google and FBI target 2 million-device botnet Other residential proxy brands may rely on the same network
Dev says Google warned him about account hijack – then charged him $11,000 anyway Left hand, meet right hand
Startup sues Palo Alto Networks' Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionage MeetingTV wants to see the evidence
Smooth AI criminal drives 'first' end-to-end agentic ransomware attack Don't count on the LLM to return your data - even if you pay up
Ctrl+Alt+Oops: FortiBleed criminal's logins stitch two gangs together Researchers scoured logs, finding opsec fail for at least one person who was working with INC and Lynx simultaneously
Microsoft said exploitation was 'less likely' ... but CISA just added SharePoint RCE to KEV list Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers
Pacemaker manufacturer Medtronic warns patients cybercrooks may have swiped health data Company that also makes insulin pumps and other devices tells users what was exposed months after ShinyHunters attack
India gives WhatsApp three days to defend username rollout amid security fears Government of the messenger's largest market demands a pause while Meta explains how it plans to stop impersonators
Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even released Attackers appear to have reverse-engineered Big Red's patch
Hackers shoveled snow for company, were rewarded with network admin access Fortunately, they were professional red teamers. Unfortunately, they pwned the network
EvilTokens device-code phishing kit totally more evil than we all thought It's a 'complete BEC operations environment,' Talos researcher says
Claude Sonnet 5.0 heads straight down the middle of the road to dodge controversy Safer, cheaper, and nothing to do with cybersecurity
Somebody told DeepSeek to build in-browser ransomware and it gleefully complied 'The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,' Check Point researcher tells The Reg
An artificial cell with a full lifecycle has been created for the first time SpudCell can feed, divide, and even outcompete its siblings. It's not truly alive, its creator tells us, but it could still transform the bioengineering world
Red teamers turned Claude Desktop into a double agent to do their evil bidding People trust their AI assistants and it's easy to abuse this trust
Infosec professionals sour on automated pentesting tools 29% of security pros were open to fully autonomous pentesting last year; now only 9% are
Huntress CEO says threat hunter used 'poor judgment' in alerting ransomware crim about law enforcement probe Ex-employee claims this 'meets the definition of an insider threat'
Microsoft builds a bouncer to keep bots out of Teams meetings Allows ISVs to put their names on the door so desirable bots always get in
India’s central bank mandated use of .bank domains to enhance trust – but its registry leaked sensitive info Open API could reveal everything an attacker needs to impersonate bank officials
Security researchers tricked LLMs into giving them cocaine recipes by abusing role models for prompt injection If you want a picture of the future of LLM security, imagine Whac-a-Mole meets Groundhog Day
Anonymous researcher drops 0-day 'exploitarium' repo At least two vulnerabilities are already under attack
AI may be good at finding security vulnerabilities, but it can't beat human stupidity You don't need Mythos or GPT-5.5-Cyber to find a vuln to exploit when the world's password habits are so sloppy
Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs Carmaker points finger at an 'unknown' flaw as customer fallout continues
It's looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns Time to start praying to the goddess of wisdom and war
Even the Secret Service won't use company-issued phones Personal cell phones on protective missions, no threat detection on government-issued devices among the litany of sins
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds Researchers warn many AI coding assistants now execute commands from project configurations
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers
Microsoft extends extended updates for Windows 10 in the most muted way imaginable Tiny tweak to support page reveals consumers can purchase another year of patch protection
Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder Qihoo 360, which the US has banned, says it’s needed as a deterrent to weaponized Anthropic models
Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs Spotted in intrusions targeting insurance, education, IT, and professional services sectors
Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues Former employee accuses company of prioritizing pending IPO over client security
UK school’s network left wide open for invasion, student found And the admin password was right in the Active Directory description field
Nation-state actors cracked critical Australian infrastructure to ‘cripple it at a time of their choosing’ To defuse another attack, Oz spies called foreign counterparts to tell them an op was a bust
The hits keep on coming for Cisco vulnerabilities CVE-2026-20230 under exploitation, while an earlier SD-WAN 0-day looks even worse than we thought
Microsoft uses AI to link two malware operations in racketeering suit 200+ C2 servers linked to StealC and Amadey shut down
Boffin claims Microsoft's supposed quantum leap does not compute due to 'basic Python errors' Nature paper argues researchers cherry-picked data. Redmond insists its work is sound
London cops bring live facial recognition to West End 'Permanent biometric surveillance of the public square' incompatible with policing by consent, say critics