News

Prompt injection lets risky commands slip past guardrails

IBM describes its coding agent thus: "Bob is your AI software development partner that understands your intent, repo, and security standards." Unfortunately, Bob doesn't always follow those security standards.…

Two weeks, two major data leaks … not a good look for the European Space Agency

exclusive  The European Space Agency on Wednesday confirmed yet another massive security breach, and told The Register that the data thieves responsible will be subject to a criminal investigation. And this could be a biggie.…

pcTattletale boss Bryan Fleming faces up to 15 years in prison when sentenced later this year

The US government has secured a guilty plea from a stalkerware maker in federal court, marking just the second time in more than a decade that the US has managed to prosecute a consumer spyware vendor successfully. …

Negative feedback sinks Redmond's plan to cap outbound email recipients

Microsoft has backed away from planned changes to Exchange Online after customers objected to limits designed to curb outbound email abuse.…

High-risk system compromised long before intrusion was finally spotted

The UK's Ministry of Justice spent £50 million ($67 million) on cybersecurity improvements at the Legal Aid Agency (LAA) before the high-profile cyberattack it disclosed last year.…

Production halts and supply-chain disruption left luxury automaker reeling in fiscal Q3

Brit luxury automaker Jaguar Land Rover has reported devastating preliminary Q3 results that lay bare the cascading consequences of a crippling cyberattack, revealing wholesale volumes collapsed more than two-fifths year-on-year.…

Customers report being locked out after grabbing the password manager via F-Droid

Some HSBC mobile banking customers in the UK report being locked out of the bank's app after installing the Bitwarden password manager via an open source app catalog.…

Long after CVEs issued and open source flaws fixed

Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.…

Crimson Collective claims 'sophisticated attack'

Internet service provider Brightspeed confirmed that it's investigating criminals' claims that they stole more than a million customers' records and have listed them for sale for three bitcoin, or about $276,370. …