The Register

Subscribe to The Register feed
Biting the hand that feeds IT — Enterprise Technology News and Analysis
Updated: 1 hour 47 min ago

Putin on the code: DoD reportedly relies on utility written by Russian dev

Wed, 27/08/2025 - 19:53
Fast-glob is widely used in government, security lab says

A Node.js utility used by thousands of public projects - and more than 30 Department of Defense ones - appears to have a sole maintainer whose online profiles identify him as a Yandex employee living in Russia.…

Categories: News

Nx NPM packages poisoned in AI-assisted supply chain attack

Wed, 27/08/2025 - 18:34
Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon

Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday evening.…

Categories: News

The intruder is in the house: Storm-0501 attacked Azure, stole data, demanded payment via Teams

Wed, 27/08/2025 - 17:51
Don't let it happen to you

Storm-0501, a financially motivated cybercrime crew, recently broke into a large enterprise's on-premises and cloud environments, ultimately exfiltrating and destroying data within the org's Azure environment. The criminals then contacted the victim via a Microsoft Teams account that they'd also compromised in the attack, demanding a ransom payment for the stolen files.…

Categories: News

Salesforce data missing? It might be due to Salesloft breach, Google says

Wed, 27/08/2025 - 14:04
Attackers steal OAuth tokens to access third-party sales platform, then CRM data in 'widespread campaign'

Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third-party Salesloft Drift app.…

Categories: News

Who are you again? Infosec experiencing 'Identity crisis' amid rising login attacks

Wed, 27/08/2025 - 10:39
Vendor insists passkeys are the future, but getting workers on board is proving difficult

Infosec pros are losing confidence in their identity providers' ability to keep attackers out, with Cisco-owned Duo warning that the industry is facing what it calls "an identity crisis."…

Categories: News

BGP’s security problems are notorious. Attempts to fix that are a work in progress

Wed, 27/08/2025 - 07:30
Securing internet infrastructure remains a challenging endeavour

Systems Approach  I’ve been working on a chapter about infrastructure security for our network security book.…

Categories: News

Google issued ‘State-backed attack in progress’ warnings after spotting web hijack scheme

Wed, 27/08/2025 - 05:58
Suspects this was Beijing-backed Typhoon and/or Panda crew targeting diplomats in Asia

Google has warned customers of a suspected state-backed attack after observing a web traffic hijacking campaign.…

Categories: News

First AI-powered ransomware spotted, but it's not active – yet

Tue, 26/08/2025 - 22:24
Oh, look, a use case for OpenAI's gpt-oss-20b model

ESET malware researchers Anton Cherepanov and Peter Strycek have discovered what they describe as the "first known AI-powered ransomware," which they named PromptLock. …

Categories: News

Azure apparatchik shows custom silicon keeping everything locked down

Tue, 26/08/2025 - 21:50
From hardware security chips and trusted execution pipelines to open source Root of Trust modules

Hot Chips  Microsoft is one of the biggest names in cybersecurity, but it has a less-than-stellar track record in the department. Given its reputation, Redmond can't afford to mess around when it comes to securing its cloud customers' data and workloads.…

Categories: News

DOGE accused of duplicating critical Social Security database on unsecured cloud

Tue, 26/08/2025 - 21:02
Remember that cost-cutting group once led by Elon Musk? Federal employees are still dealing with it

A Social Security Administration employee has filed a whistleblower complaint alleging that Donald Trump's DOGE cost-cutting unit has put the records of every single American at risk by duplicating an agency database in an unauthorized cloud environment. …

Categories: News

ZipLine attack uses 'Contact Us' forms, White House butler pic to invade sensitive industries

Tue, 26/08/2025 - 20:43
'Many dozens' targeted in ongoing campaign, CheckPoint researcher tells The Reg

Cybercriminals are targeting critical US manufacturers and supply-chain companies, looking to steal sensitive IP and other data while deploying ransomware. Their attack involves a novel twist on phishing — and a photo of White House butlers. …

Categories: News

Citrix patches trio of NetScaler bugs – after attackers beat them to it

Tue, 26/08/2025 - 16:40
Criminals already abusing its latest zero-days

Citrix has pushed out fixes for three fresh NetScaler holes – and yes, they've already been used in the wild before the vendor got around to patching.…

Categories: News

Crypto thief earns additional prison time for assaulting witness

Tue, 26/08/2025 - 14:47
Remy Ra St Felix led a vicious international crime ring

A violent home invader and gunpoint cryptocurrency thief will now spend more than 50 years behind bars after being found guilty of assaulting a witness.…

Categories: News

Farmers Insurance harvests bad news: 1.1M customers snared in data breach

Tue, 26/08/2025 - 12:26
Crims raided third-party systems and lifted personal data, including license numbers and partial SSNs

US insurance giant Farmers Insurance says more than a million customers had personal data nicked after a third-party vendor was compromised.…

Categories: News

Malware-ridden apps made it into Google's Play Store, scored 19 million downloads

Tue, 26/08/2025 - 08:31
Everything's fine, the ad slinger assures us

Cloud security vendor Zscaler says customers of Google’s Play Store have downloaded more than 19 million instances of malware-laden apps that evaded the web giant’s security scans.…

Categories: News

Australian university used Wi-Fi location data to identify student protestors

Mon, 25/08/2025 - 04:55
PLUS: India bans ‘money’ games; SK Hynix cranks out 321-layer SSDs; Fastly re-thinking CDNs for Asia; and more!

Asia In Brief  Australia’s University of Melbourne last year used Wi-Fi location data to identify student protestors.…

Categories: News

AWS, Cloudflare, Digital Ocean, and Google helped Feds investigate alleged Rapper Bot DDoS perp

Mon, 25/08/2025 - 01:57
PLUS: Comet AI browser fooled; Microsoft sets sail for quantum safety; Sailor sent down for espionage

Infosec in brief  PLUS…

Categories: News

Bug bounties: The good, the bad, and the frankly ridiculous ways to do it

Sun, 24/08/2025 - 09:28
For incentives remember the three Fs – finance, fame, and fixing it

feature  Thirty years ago, Netscape kicked off the first commercial bug bounty program. Since then, companies large and small have bought into the idea, with mixed results.…

Categories: News

Short circuit: Electronics supplier to tech giants suffers ransomware shutdown

Fri, 22/08/2025 - 22:07
Amazon, Apple, Google, and Microsoft among major customers

Data I/O, a major electronics manufacturer whose customers include Amazon, Apple, Google, and Microsoft, notified federal regulators that it fell victim to a ransomware infection on August 16 that continues to disrupt its business operations.…

Categories: News

Kidney dialysis giant DaVita tells 2.4M people they were snared in ransomware data theft nightmare

Fri, 22/08/2025 - 20:05
Health details, tax ID numbers, even images of checks were stolen, reportedly by the Interlock gang

Ransomware scum breached kidney dialysis firm Davita's labs database in April and stole about 2.4 million people's personal and health-related information.…

Categories: News

Pages