News

More than half of internet-exposed instances already compromised

Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.…

The digital intrusion allegedly caused thousands of pounds of meat to spoil and triggered an ammonia leak in the facility

A Ukrainian woman accused of hacking US public drinking water systems and a meat processing facility on behalf of Kremlin-backed cyber groups was extradited to the US earlier this year and will stand trial in early 2026.…

Devs and users should know better, Microsoft tells watchTowr

Security researchers have revealed a .NET security flaw thought to affect a host of enterprise-grade products that they say Microsoft refuses to fix.…

Why should Keith Richards’ fingers inform your approach to risk?

Partner Content  For years, celebrities have insured their body parts for vast sums of money. Mariah Carey allegedly insured her voice and legs for $70 million during a tour, according to TMZ; and Lloyd’s of London was reported to have insured a wide range of celebrity body parts, from restauranteur Egon Ronay’s taste buds to the fingers of Rolling Stones’ guitarist Keith Richards, which were insured for $1.6 million. …

1,500 military digital defenders spent past week cleaning up a series of cyberattacks on fictional island

Andravia and Harbadus – two nations so often at odds with one another – were once again embroiled in conflict over the past seven days, which thoroughly tested NATO's cybersecurity experts' ability to coordinate defenses across battlefield domains.…

Plus critical critical Notepad++, Ivanti, and Fortinet updates, and one of these patches an under-attack security hole

Happy December Patch Tuesday to all who celebrate. This month's patch party includes one Microsoft flaw under exploitation, plus two others listed as publicly known – but just 57 CVEs in total from Redmond.…

Identity management vendors like Okta see an opening to calm CISOs worried about agents running amok

The fear of AI agents running amok has thus far halted the wide deployment of these digital workhorses, Okta's president of Auth0, Shiv Ramji, told The Register.…

Satellite silence trips immobilizers, leaving owners stuck

Hundreds of Porsches in Russia were rendered immobile last week, raising speculation of a hack, but the German carmaker tells The Register that its vehicles are secure.…

Have we learned nothing from sci-fi films and TV shows?

Interview  Imagine botnets in physical form and you've got a pretty good idea of what could go wrong with the influx of AI-infused humanoid robots expected to integrate into society over the next few decades.…

Foreign secretary set to address senior diplomats later today

The UK's foreign secretary is calling for closer collaboration with Europe to combat the growing threat of information warfare as hybrid attacks target countries on the continent.…

As Portugal gives researchers a pass under cybersecurity law

Portugal has become the latest country to carve out protections for researchers under its cybersecurity law.…

Officials insist OBR relied on 'early estimate' and real figure won't emerge until next year

The head of the department delivering the UK government's digital identity scheme has rejected the £1.8 billion cost forecast by the Office for Budget Responsibility (OBR), but is not willing to provide an alternative until after a delayed consultation on the plans.…

Get your Hyper-V and VMware ESXi setups in order, people

Researchers at security software vendor Huntress say they’ve noticed a huge increase in ransomware attacks on hypervisors and urged users to ensure they’re as secure as can be and properly backed up.…

Minors groomed to kill and intimidate victims

Nearly 200 people, including minors accused of involvement in murder plots, have been arrested over the last six months as part of Europol's Operational Taskforce (OTF) GRIMM. The operation targets what cops call "violence-as-a-service" - crime crews recruiting kids and teens online to carry out contract killings and other real-world attacks.…

Atlantic Bastion combines AI systems with warships to counter increased surveillance

The UK government has announced enhanced protection for undersea cables using autonomous vessels alongside crewed warships and aircraft, responding to escalating Russian surveillance activities.…

Regulator disappointed as soon-to-be-scrapped algo's problems remained a secret despite consistent engagement

The UK's data protection watchdog has criticized the Home Office for failing to disclose significant biases in police facial recognition technology, despite regular engagement between the organizations.…

Body confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul

Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop's mass-exploitation of Oracle's E-Business Suite (EBS), and says it is now taking legal action in an effort to stop the gang publishing any of the snatched information.…

Analysts worry lazy users could have agents complete mandatory infosec training, and attackers could do far nastier things

Agentic browsers are too risky for most organizations to use, according to analyst firm Gartner.…

PLUS: South Korea to strengthen security standards; Canon closes Chinese printer plant; APAC datacenter capacity to triple by 2029; And more

Asia In Brief  Chinese rocketry outfit LandSpace last week flew what it hoped would be the country’s first reusable rocket, only to watch it explode while attempting to land.…

PLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more!

Infosec in Brief  The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit.…