News
CVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warn
Huntress security researchers observed exploitation of the CVSS 10.0 remote code execution (RCE) flaw in Wing FTP Server on July 1, just one day after its public disclosure.…
UK Online Safety Act 'not up to scratch' on misinformation, warn MPs
The Online Safety Act fails to tackle online misinformation, leaving the UK in need of further regulation to curb the viral spread of false content, a report from MPs has found.…
Security company hired a used car salesman to build a website, and it didn't end well
On Call Welcome once again to On Call, The Register's Friday column that shares your stories of tech support terror and triumph.…
French cops cuff Russian pro basketball player on ransomware charges
A Russian professional basketball player is cooling his heels in a French detention center after being arrested and accused of acting as a negotiator for a ransomware gang.…
Chinese censorship-busters claim Tencent is trying to kill its WeChat archive
Anti-censorship organization GreatFire.org has accused Singapore infosec outfit Group-IB of helping Chinese web giant Tencent to quell its activities.…
Lovestruck US Air Force worker admits leaking secrets on dating app
A lovestruck US Air Force employee has pleaded guilty to conspiring to transmit confidential national defense information after sharing military secrets information about the Russia-Ukraine war with a woman he met on a dating app.…
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitation and abused to hijack user sessions.…
Ex-ASML engineer who stole chip tech for Russia gets three years in Dutch prison
A former ASML and NXP semiconductor engineer will spend three years in a Dutch prison after stealing secret chip technology from his employers and sharing it with Russia.…
Russia, hotbed of cybercrime, says nyet to ethical hacking bill
Russia, home to some of the world's most lucrative and damaging cybercrime operations, has rejected a bill to legalize ethical hacking.…
NCA arrests four in connection with UK retail ransomware attacks
The UK's National Crime Agency (NCA) arrested four individuals suspected of being involved with the big three cyberattacks on UK retail businesses in recent weeks.…
Sovereign-ish: Google Cloud keeps AI data in UK, but not the support
Google Cloud is attempting to ease concerns about where AI data is stored by offering organizations the option to keep Gemini 2.5 Flash machine learning processing entirely within the UK.…
Review: How Passwork 7 helps tame business passwords
Sponsored feature Passwords are necessary for businesses, but look away for a minute and they quickly get out of control. If your users do things right and use a different password for each application, you'll easily reach hundreds of them with just a few dozen people. It's time to take control of them before they become toxic.…
At last, a use case for AI agents with sky-high ROI: Stealing crypto
Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.…
How to trick ChatGPT into revealing Windows keys? I give up
A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the AI model to play a guessing game.…
US sanctions alleged North Korean IT sweatshop leader
The US Treasury has imposed sanctions on 38-year-old Song Kum Hyok, a North Korean accused of attempting to hack the Treasury Department and posing as an IT worker to collect revenue and secret data for Pyongyang.…
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs
AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure.…
The cloud-native imperative for effective cyber resilience
Partner content Every organization is investing in cyberresilience tools, training, and processes. Unfortunately, only some of them will be able to successfully respond and recover from an attack. Regardless of how hard they work, many IT and security teams are constrained by legacy technology architectures that were built for the challenges of 2015, not 2025.…
Reframing investments in security as investments in the business
Partner content Cybersecurity executives and their teams are under constant pressure and scrutiny. As the barrier to entry for attackers gets lower, organizations need to improve their defenses. As businesses get leaner, so do their security teams. There are increasingly high expectations and increasingly tougher challenges to meet them across people, processes, and platforms.…
Qantas begins telling some customers that mystery attackers have their home address
Qantas says that when cybercrooks attacked a "third party platform" used by the airline's contact center systems, they accessed the personal information and frequent flyer numbers of the "majority" of the circa 5.7 million people affected.…
Ingram Micro restarts orders – for some – following ransomware attack
Ingram Micro says it is gradually reactivating customer's ordering capabilities across the world, region by region, now its ransomware attack is thought to be "contained".…
Pages
