The Register

Feds told they can't demand a haystack to find a needle

The United States is requesting [PDF] a month-long extension to the deadline for its final decision regarding an appeal against a judge's ruling that obtaining tower dumps is unconstitutional.…

Experts note 'major red flags' in donut giant's security as 161,676 staff and families informed of attack details

Krispy Kreme finally revealed the number of people affected by its November cyberattack, and it's easy to see why analyzing the incident took the well-resourced company several months.…

Good to see government that values its academics (cough cough). Plus: New board criticized for lacking 'ops' people

Cybersecurity experts have started a formal review into the UK cybersecurity market, at the government's request, to identify future growth opportunities as it looks to grow the industry that's core to the country's Industrial Strategy.…

Phishing, Python and RATs, oh my

A sneaky malware campaign slithers through Cloudflare tunnel subdomains to execute in-memory malicious code and give unknown attackers long-term access to pwned machines.…

Bank and crypto outfits hit after Israeli commander mentioned attacks expanding to ‘other areas’

The government of Iran appears to have shut down the internet within its borders, perhaps in response to Israel-linked cyberattacks.…

Infostealers posing as popular cheat tools are cropping up on GitHub

Trojanized Minecraft cheat tools hosted on GitHub have secretly installed stealers that siphon credentials, crypto wallets, and other sensitive data when executed by players.…

New MCP server was shut down for nearly two weeks

Asana has fixed a bug in its Model Context Protocol (MCP) server that could have allowed users to view other organizations' data, and the experimental feature is back up and running after nearly two weeks of downtime to fix the issue.…

Version 13 can’t come soon enough

Veeam Backup & Replication users are urged to apply the latest patches that fix another critical bug leading to remote code execution (RCE) on backup servers.…

If a credential is worth protecting, it's worth protecting well.

Sponsored feature  What do flossing and multi-factor authentication (MFA) have in common? Each is highly beneficial, yet far too few people do them consistently. MFA helps protect organizations from credential-based attacks, but according to the Cyber Readiness Institute, only 35% of businesses globally bother with it.…

Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI

Interview  Iran's state-sponsored cyber operatives and hacktivists have all increased their activities since the military conflict with Israel erupted last week – but not necessarily in the way that Amazon chief information security officer CJ Moses expected.…

Quick reminder: The law that banned the app is called ‘Protecting Americans from Foreign Adversary Controlled Applications Act’

The Trump administration is set to again waive the 2024 law that requires the made-in-China social network TikTok to either sell its US operations to a local company or stop operating on US soil.…

Plus adds a ton more security capabilities for cloud customers at re:Inforce

Amazon Web Services hit a major multi-factor authentication milestone, achieving 100 percent MFA enforcement for root users across all types of AWS accounts.…

Hardcoded passwords and path traversals keeping bug hunters in work

Security researchers have issued a warning about a pre-authentication exploit chain affecting a CMS used by some of the biggest companies in the world.…

Now AI agents have identity, too. Here's how to handle it

Partner content  The rise of agentic AI systems is rewriting the rules of cybersecurity. Unlike generative AI, which relies on predefined instructions or prompts, AI agents operate autonomously, learn continuously, and act with minimal oversight. They collaborate across systems and adapt to dynamic environments. As enterprises scale their AI deployments, identity security must evolve in lockstep to preserve control, mitigate risk, and enforce trust.…

Penalty follows year-long probe into flaws that allowed attack to affect so many

The UK's data watchdog is fining beleaguered DNA testing outfit 23andMe £2.31 million ($3.13 million) over its 2023 mega breach.…

Google threat analysts warn the team behind the Marks & Spencer break-in has moved on

Cyber-crime crew Scattered Spider has infected US insurance companies following a series of ransomware attacks against American and British retailers, according to Google, which urged this sector to be on "high alert."…

The group has previously threatened to SWAT cancer patients and leaked pre-op plastic surgery photos

An extortion gang claims to have breached Freedman HealthCare, a data and analytics firm whose customers include state agencies, health providers, and insurance companies, and is threatening to dump tens of thousands of sensitive files early Tuesday morning.…

Flights still flying - just don't count on the app or website working smoothly

Canadian airline WestJet is warning of "intermittent interruptions or errors" on its app and website as it investigates a cybersecurity incident.…

Marketplace as big as Silk Road had more than 600k users and turnover of 'at least' €250M

Operation Deep Sentinel is the latest international law enforcement collaboration against cybercrime, shutting down Archetyp – one of the largest dark web drug marketplaces.…

6-in-10 success rate for single-step tasks

A new benchmark developed by academics shows that LLM-based AI agents perform below par on standard CRM tests and fail to understand the need for customer confidentiality.…