News

PLUS: Bluetooth mess leaves cars exposed; Bitcoin ATMs attacked; Deepfakers imitate US secretary of state Marco Rubio; and more

Infosec In Brief  Nvidia last week advised customers to ensure they employ mitigations against Rowhammer attacks, after researchers found one of its workstation-grade GPUs is susceptible to the exploit.…

Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another

By now, the North Korean fake IT worker problem is so ubiquitous that if you think you don't have any phony resumes or imposters in your interview queue, you're asleep at the wheel.…

Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal

Huntress security researchers observed exploitation of the CVSS 10.0 remote code execution (RCE) flaw in Wing FTP Server on July 1, just one day after its public disclosure.…

Last summer's riots show how some content can be harmful but not illegal

The Online Safety Act fails to tackle online misinformation, leaving the UK in need of further regulation to curb the viral spread of false content, a report from MPs has found.…

First came the dodgy lawyer, then the explosively angry HR person, leaving a whistleblower techie to save his career

On Call  Welcome once again to On Call, The Register's Friday column that shares your stories of tech support terror and triumph.…

'He's useless with computers and can't even install an application' says lawyer

A Russian professional basketball player is cooling his heels in a French detention center after being arrested and accused of acting as a negotiator for a ransomware gang.…

Alleges Singaporean infosec outfit sent feeble legal demands to hosting company, which caved

Anti-censorship organization GreatFire.org has accused Singapore infosec outfit Group-IB of helping Chinese web giant Tencent to quell its activities.…

Oh my sweet secret informant lover, what happened in that NATO meeting today?

A lovestruck US Air Force employee has pleaded guilty to conspiring to transmit confidential national defense information after sharing military secrets information about the Russia-Ukraine war with a woman he met on a dating app.…

Add CISA to the list

The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitation and abused to hijack user sessions.…

'Whether those files were allowed to go to Russia? I didn't ask'

A former ASML and NXP semiconductor engineer will spend three years in a Dutch prison after stealing secret chip technology from his employers and sharing it with Russia.…

Politicians uneasy over potential impact on national security, local reports say

Russia, home to some of the world's most lucrative and damaging cybercrime operations, has rejected a bill to legalize ethical hacking.…

Crimefighting agency cagey on details, probes into intrusions at M&S, Harrods, and Co-op continue

The UK's National Crime Agency (NCA) arrested four individuals suspected of being involved with the big three cyberattacks on UK retail businesses in recent weeks.…

Processing and storage for Gemini 2.5 Flash to stay in Blighty

Google Cloud is attempting to ease concerns about where AI data is stored by offering organizations the option to keep Gemini 2.5 Flash machine learning processing entirely within the UK.…

A simple interface and new roles-based capabilities make this venerable password manager an attractive proposition

Sponsored feature  Passwords are necessary for businesses, but look away for a minute and they quickly get out of control. If your users do things right and use a different password for each application, you'll easily reach hundreds of them with just a few dozen people. It's time to take control of them before they become toxic.…

Boffins outsmart smart contracts with evil automation

Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.…

No, really, those are the magic words

A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the AI model to play a guessing game.…

Turns out outsourcing coders to bankroll Kim’s nukes doesn’t jibe with Uncle Sam

The US Treasury has imposed sanctions on 38-year-old Song Kum Hyok, a North Korean accused of attempting to hack the Treasury Department and posing as an IT worker to collect revenue and secret data for Pyongyang.…

Low-severity bugs but infosec pros claim they are a 'critical' overall threat – patch accordingly

AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure.…

Modern threats demand modern defenses. Cloud-native is the new baseline

Partner content  Every organization is investing in cyberresilience tools, training, and processes. Unfortunately, only some of them will be able to successfully respond and recover from an attack. Regardless of how hard they work, many IT and security teams are constrained by legacy technology architectures that were built for the challenges of 2015, not 2025.…

A little skill in business communication can help get the board on board

Partner content  Cybersecurity executives and their teams are under constant pressure and scrutiny. As the barrier to entry for attackers gets lower, organizations need to improve their defenses. As businesses get leaner, so do their security teams. There are increasingly high expectations and increasingly tougher challenges to meet them across people, processes, and platforms.…