The Register

'Only' a local access bug but important part of N Korea, Russia, and China attack picture

An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.…

Ad giant's cloudy arm to pay $30B in security shop deal

Wiz security researchers think they've found the root cause of the GitHub supply chain attack that unfolded over the weekend, and they say that a separate attack may have been to blame.…

Govt wants to learning mistakes of serially breached record holders so it can, er, liberalize data sharing regs under new law

The UK government is inviting experts to provide insights about the data brokerage industry and the potential risks it poses to national security as it moves to push new data-sharing legislation over the line.…

Don't laugh. This kind of warning shows crims are getting desperate

Dark web analysts at infosec software vendor Fortra have discovered an extortion crew named Ox Thief that threatened to contact Edward Snowden if a victim didn’t pay to protect its data – a warning that may be an indicator of tough times in the ransomware world for some, at least.…

One PUT request, one poisoned session file, and the server’s yours

A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure.…

More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit

A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials, according to a court document filed Friday.…

Web souk says Echo hardware doesn't have the oomph for next-gen AI anyway

Come March 28, those who opted to have their voice commands for Amazon's AI assistant Alexa processed locally on their Echo devices will lose that option, with all spoken requests pushed to the cloud for analysis.…

Large organizations among those cleaning up the mess

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.…

Technology Services 4 framework expands by £4B, with procurement to begin this week

UK government is set to crack open the pork barrel for up to £16 billion in contracts for a range of IT services. The buying framework was delayed by six months and the total pot of spending is now potentially 25 percent bigger than the previous proposal.…

Maddening techno loop, Zoolander reference, and 14 minutes of time wasted

A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug report unless he submitted a video alongside a written explanation.…

PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware

Infosec In Brief  United States Federal Communications Commission chair Brendan Carr has unveiled plans to form a Council on National Security that will combat foreign threats to American tech and telecommunications infrastructure.…

National security defense being used to keep appeal behind closed doors

US politicians and privacy campaigners are calling for the private hearing between Apple and the UK government regarding its alleged encryption-busting order to be aired in public.…

It's March already and you haven't patched?

Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January.…

Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail

House Democrats have sent letters to 24 federal agencies asking for assurances that Elon Musk's DOGE team is not feeding sensitive government data into "unapproved and unaccountable" AI systems.…

It'll take a few days, give or take your situation

Google has told The Register it's beginning to roll out a fix for Chromecast devices that were bricked due to an expired security certificate authority. We're assured this deployment will take place over the next few days.…

Phishers check in, your credentials check out, Microsoft warns

An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees' inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.…

Agency tries to save face as it also pulls essential funding for election security initiatives

The US cybersecurity agency is trying to save face by seeking to clear up what it's calling "inaccurate reporting" after a former senior pentester claimed it laid off the entire Red Team.…

It might need polishing, but a useful find for any budding cybercrooks out there

DeepSeek's flagship R1 model is capable of generating a working keylogger and basic ransomware code, just as long as a techie is on hand to tinker with it a little.…

Feds warn gang still rampant and now cracked 300+ victims around the world

A crook who distributes the Medusa ransomware tried to make a victim cough up three payments instead of the usual two, according to a government advisory on how to defend against the malware and the gangs who wield it.…

Root cert expiry may bring breakage or worse for add-ons, media playback, and more

If you're running an outdated version of Firefox, update by Friday or risk broken add-ons, failing DRM-protected media playback, and other errors, due to an expiring root certificate.…