More than a month after PoC made public Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears digital intruders got a month's head start.…
Fortinet finally cops to critical make-me-admin bug under active exploitation
More than a month after PoC made public Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears digital intruders got a month's head start.…
go.theregister.com
November 14, 2025 at 9:30 PM
More than a month after PoC made public Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears digital intruders got a month's head start.…
Crooks spoof US insurers, threaten bogus extradition to pry loose personal data and cash Chinese speakers in the US are being targeted as part of an aggressive health insurance scam campaign, the FBI warns.…
FBI flags scam targeting Chinese speakers with bogus surgery bills
Crooks spoof US insurers, threaten bogus extradition to pry loose personal data and cash Chinese speakers in the US are being targeted as part of an aggressive health insurance scam campaign, the FBI warns.…
go.theregister.com
November 14, 2025 at 4:30 PM
Crooks spoof US insurers, threaten bogus extradition to pry loose personal data and cash Chinese speakers in the US are being targeted as part of an aggressive health insurance scam campaign, the FBI warns.…
Advisory updated as leading cybercrime crew opens up its target pool The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware operation, which poses an imminent threat to critical sectors.…
CISA flags imminent threat as Akira ransomware starts hitting Nutanix AHV
Advisory updated as leading cybercrime crew opens up its target pool The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware operation, which poses an imminent threat to critical sectors.…
go.theregister.com
November 14, 2025 at 3:30 PM
Advisory updated as leading cybercrime crew opens up its target pool The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware operation, which poses an imminent threat to critical sectors.…
Cybercrime crew has ravaged multiple private organizations using Oracle EBS zero-day for months The UK's National Health Service (NHS) is investigating claims of a cyberattack by extortion crew Clop.…
Clop claims it hacked 'the NHS.' Which bit? Your guess is as good as theirs
Cybercrime crew has ravaged multiple private organizations using Oracle EBS zero-day for months The UK's National Health Service (NHS) is investigating claims of a cyberattack by extortion crew Clop.…
go.theregister.com
November 14, 2025 at 10:30 AM
Cybercrime crew has ravaged multiple private organizations using Oracle EBS zero-day for months The UK's National Health Service (NHS) is investigating claims of a cyberattack by extortion crew Clop.…
Maintenance to end next year after ‘helpful options’ became ‘serious security flaws’ Kubernetes maintainers have decided it’s not worth trying to save Ingress NGINX and will instead stop work on the project and retire it in March 2026.…
Kubernetes overlords decide Ingress NGINX isn’t worth saving
Maintenance to end next year after ‘helpful options’ became ‘serious security flaws’ Kubernetes maintainers have decided it’s not worth trying to save Ingress NGINX and will instead stop work on the project and retire it in March 2026.…
go.theregister.com
November 14, 2025 at 1:30 AM
Maintenance to end next year after ‘helpful options’ became ‘serious security flaws’ Kubernetes maintainers have decided it’s not worth trying to save Ingress NGINX and will instead stop work on the project and retire it in March 2026.…
The goal of 'oxidizing' the Linux distro hits another bump Two vulnerabilities in Ubuntu 25.10's new "sudo-rs" command have been found, disclosed, and fixed in short order.…
Ubuntu 25.10's Rusty sudo holes quickly welded shut
The goal of 'oxidizing' the Linux distro hits another bump Two vulnerabilities in Ubuntu 25.10's new "sudo-rs" command have been found, disclosed, and fixed in short order.…
go.theregister.com
November 13, 2025 at 4:30 PM
The goal of 'oxidizing' the Linux distro hits another bump Two vulnerabilities in Ubuntu 25.10's new "sudo-rs" command have been found, disclosed, and fixed in short order.…
Nearly 10,000 staff and contractors warned after attackers raided newspaper's Oracle EBS setup The Washington Post has confirmed that nearly 10,000 employees and contractors had sensitive personal data stolen in the Clop-linked Oracle E-Business Suite (EBS) attacks.…
Extra, extra, read all about it: Washington Post clobbered in Clop caper
Nearly 10,000 staff and contractors warned after attackers raided newspaper's Oracle EBS setup The Washington Post has confirmed that nearly 10,000 employees and contractors had sensitive personal data stolen in the Clop-linked Oracle E-Business Suite (EBS) attacks.…
go.theregister.com
November 13, 2025 at 2:30 PM
Nearly 10,000 staff and contractors warned after attackers raided newspaper's Oracle EBS setup The Washington Post has confirmed that nearly 10,000 employees and contractors had sensitive personal data stolen in the Clop-linked Oracle E-Business Suite (EBS) attacks.…
Operation Endgame also takes down Elysium and VenomRAT infrastructure International cops have pulled apart the Rhadamanthys infostealer operation, seizing 1,025 servers tied to the malware in coordinated raids between November 10-13.…
Rhadamanthys malware admin rattled as cops seize a thousand-plus servers
Operation Endgame also takes down Elysium and VenomRAT infrastructure International cops have pulled apart the Rhadamanthys infostealer operation, seizing 1,025 servers tied to the malware in coordinated raids between November 10-13.…
go.theregister.com
November 13, 2025 at 12:30 PM
Operation Endgame also takes down Elysium and VenomRAT infrastructure International cops have pulled apart the Rhadamanthys infostealer operation, seizing 1,025 servers tied to the malware in coordinated raids between November 10-13.…
600+ phishing websites and 116 of these use a Google logo Google has filed a lawsuit against 25 unnamed China-based scammers, which it claims have stolen more than 115 million credit card numbers in the US as part of the Lighthouse phishing operation.…
Google sues 25 China-based scammers behind Lighthouse 'phishing for dummies' kit
600+ phishing websites and 116 of these use a Google logo Google has filed a lawsuit against 25 unnamed China-based scammers, which it claims have stolen more than 115 million credit card numbers in the US as part of the Lighthouse phishing operation.…
go.theregister.com
November 12, 2025 at 10:30 PM
600+ phishing websites and 116 of these use a Google logo Google has filed a lawsuit against 25 unnamed China-based scammers, which it claims have stolen more than 115 million credit card numbers in the US as part of the Lighthouse phishing operation.…
Vendors (still) keep mum An "advanced" attacker exploited CitrixBleed 2 and a max-severity Cisco Identity Services Engine (ISE) bug as zero-days to deploy custom malware, according to Amazon Chief Information Security Officer CJ Moses.…
Attackers turned Citrix, Cisco 0-day exploits into custom-malware hellscape
Vendors (still) keep mum An "advanced" attacker exploited CitrixBleed 2 and a max-severity Cisco Identity Services Engine (ISE) bug as zero-days to deploy custom malware, according to Amazon Chief Information Security Officer CJ Moses.…
go.theregister.com
November 12, 2025 at 5:30 PM
Vendors (still) keep mum An "advanced" attacker exploited CitrixBleed 2 and a max-severity Cisco Identity Services Engine (ISE) bug as zero-days to deploy custom malware, according to Amazon Chief Information Security Officer CJ Moses.…
Metropolitan Police lands lengthy sentence following 'complex' investigation The Metropolitan Police's seven-year investigation into a record-setting fraudster has ended after she was sentenced to 11 years and eight months in prison on Tuesday.…
Bitcoin bandit's £5B bubble bursts as cops wrap seven-year chase
Metropolitan Police lands lengthy sentence following 'complex' investigation The Metropolitan Police's seven-year investigation into a record-setting fraudster has ended after she was sentenced to 11 years and eight months in prison on Tuesday.…
go.theregister.com
November 12, 2025 at 11:30 AM
Metropolitan Police lands lengthy sentence following 'complex' investigation The Metropolitan Police's seven-year investigation into a record-setting fraudster has ended after she was sentenced to 11 years and eight months in prison on Tuesday.…
Skies are open for mischief as hard-to-trace drones and fast-moving cyber raids promise new wave of disruption Britain's aviation watchdog has warned it's only a matter of time before organized drone attacks bring UK airports to a standstill.…
Aviation watchdog says organized drone attacks will shut UK airports ‘sooner or later’
Skies are open for mischief as hard-to-trace drones and fast-moving cyber raids promise new wave of disruption Britain's aviation watchdog has warned it's only a matter of time before organized drone attacks bring UK airports to a standstill.…
go.theregister.com
November 12, 2025 at 10:30 AM
Skies are open for mischief as hard-to-trace drones and fast-moving cyber raids promise new wave of disruption Britain's aviation watchdog has warned it's only a matter of time before organized drone attacks bring UK airports to a standstill.…
‘Elite teams’ are pondering cyber-attacks to turn off energy supply or telecoms networks The head of Australia’s Security Intelligence Organisation (ASIO) has warned that authoritarian regimes “are growing more willing to disrupt or destroy critical infrastructure”, using cyber-sabotage.…
Australia’s spy boss says authoritarian nations ready to commit ‘high-impact sabotage’
‘Elite teams’ are pondering cyber-attacks to turn off energy supply or telecoms networks The head of Australia’s Security Intelligence Organisation (ASIO) has warned that authoritarian regimes “are growing more willing to disrupt or destroy critical infrastructure”, using cyber-sabotage.…
go.theregister.com
November 12, 2025 at 1:30 AM
‘Elite teams’ are pondering cyber-attacks to turn off energy supply or telecoms networks The head of Australia’s Security Intelligence Organisation (ASIO) has warned that authoritarian regimes “are growing more willing to disrupt or destroy critical infrastructure”, using cyber-sabotage.…
Lobbying efforts gain ground as proposals carve myriad holes into regulations Privacy advocates are condemning the European Commission's leaked plans to overhaul digital privacy legislation, accusing officials of bypassing proper legislative processes to favor Big Tech interests.…
EU's reforms of GDPR, AI slated by privacy activists for 'playing into Big Tech’s hands'
Lobbying efforts gain ground as proposals carve myriad holes into regulations Privacy advocates are condemning the European Commission's leaked plans to overhaul digital privacy legislation, accusing officials of bypassing proper legislative processes to favor Big Tech interests.…
go.theregister.com
November 11, 2025 at 3:30 PM
Lobbying efforts gain ground as proposals carve myriad holes into regulations Privacy advocates are condemning the European Commission's leaked plans to overhaul digital privacy legislation, accusing officials of bypassing proper legislative processes to favor Big Tech interests.…
Massive increase in policy claims… and data doesn’t even cover the major attacks of 2025 The number of successful cyber insurance claims made by UK organizations shot up last year, according to the latest figures from the industry's trade association.…
Cyber insurers paid out over twice as much for UK ransomware attacks last year
Massive increase in policy claims… and data doesn’t even cover the major attacks of 2025 The number of successful cyber insurance claims made by UK organizations shot up last year, according to the latest figures from the industry's trade association.…
go.theregister.com
November 11, 2025 at 11:31 AM
Massive increase in policy claims… and data doesn’t even cover the major attacks of 2025 The number of successful cyber insurance claims made by UK organizations shot up last year, according to the latest figures from the industry's trade association.…
Aleksei Volkov faces years in prison, may have been working with other crews A Russian national will likely face several years in US prison after pleading guilty to a range of offenses related to his work with ransomware crews.…
Russian broker pleads guilty to profiting from Yanluowang ransomware attacks
Aleksei Volkov faces years in prison, may have been working with other crews A Russian national will likely face several years in US prison after pleading guilty to a range of offenses related to his work with ransomware crews.…
go.theregister.com
November 10, 2025 at 3:30 PM
Aleksei Volkov faces years in prison, may have been working with other crews A Russian national will likely face several years in US prison after pleading guilty to a range of offenses related to his work with ransomware crews.…
Insurance giant’s UK arm says cybercriminals misattributed the real victim Allianz UK confirms it was one of the many companies that fell victim to the Clop gang's Oracle E-Business Suite (EBS) attack after crims reported that they had attacked a subsidiary.…
Allianz UK joins growing list of Clop’s Oracle E-Business Suite victims
Insurance giant’s UK arm says cybercriminals misattributed the real victim Allianz UK confirms it was one of the many companies that fell victim to the Clop gang's Oracle E-Business Suite (EBS) attack after crims reported that they had attacked a subsidiary.…
go.theregister.com
November 10, 2025 at 10:30 AM
Insurance giant’s UK arm says cybercriminals misattributed the real victim Allianz UK confirms it was one of the many companies that fell victim to the Clop gang's Oracle E-Business Suite (EBS) attack after crims reported that they had attacked a subsidiary.…
Doubles parameters to over 17 billion, to detect threats and recommend actions Exclusive Cisco is working on a new AI model that will more than double the number of parameters used to train its current flagship Foundation-Sec-8B.…
Cisco creating new security model using 30 years of data describing cyber-dramas and saves
Doubles parameters to over 17 billion, to detect threats and recommend actions Exclusive Cisco is working on a new AI model that will more than double the number of parameters used to train its current flagship Foundation-Sec-8B.…
go.theregister.com
November 10, 2025 at 7:30 AM
Doubles parameters to over 17 billion, to detect threats and recommend actions Exclusive Cisco is working on a new AI model that will more than double the number of parameters used to train its current flagship Foundation-Sec-8B.…
Licensing expert worries they’ll be out of control on day one Microsoft has teased what it’s calling “a new class” of AI agents “that operate as independent users within the enterprise workforce.”…
Microsoft teases agents that become ‘independent users within the workforce’
Licensing expert worries they’ll be out of control on day one Microsoft has teased what it’s calling “a new class” of AI agents “that operate as independent users within the enterprise workforce.”…
go.theregister.com
November 10, 2025 at 3:30 AM
Licensing expert worries they’ll be out of control on day one Microsoft has teased what it’s calling “a new class” of AI agents “that operate as independent users within the enterprise workforce.”…
PLUS: India’s tech services exports growing fast; South Korea puts the bite on TXT spam; NTT gets into autonomous vehicles; and more! Asia In Brief Chinese infosec blog MXRN last week reported a data breach at a security company called Knownsec that has ties to Beijing and Chinas military.…
Data breach at Chinese infosec firm reveals cyber-weapons and target list
PLUS: India’s tech services exports growing fast; South Korea puts the bite on TXT spam; NTT gets into autonomous vehicles; and more! Asia In Brief Chinese infosec blog MXRN last week reported a data breach at a security company called Knownsec that has ties to Beijing and Chinas military.…
go.theregister.com
November 10, 2025 at 12:30 AM
PLUS: India’s tech services exports growing fast; South Korea puts the bite on TXT spam; NTT gets into autonomous vehicles; and more! Asia In Brief Chinese infosec blog MXRN last week reported a data breach at a security company called Knownsec that has ties to Beijing and Chinas military.…
Multi-year wait for destruction comes to an end for mystery attackers Security experts have helped remove malicious NuGet packages planted in 2023 that were designed to destroy systems years in advance, with some payloads not due to hit until the latter part of this decade.…
Cybercrims plant destructive time bomb malware in industrial .NET extensions
Multi-year wait for destruction comes to an end for mystery attackers Security experts have helped remove malicious NuGet packages planted in 2023 that were designed to destroy systems years in advance, with some payloads not due to hit until the latter part of this decade.…
go.theregister.com
November 7, 2025 at 3:30 PM
Multi-year wait for destruction comes to an end for mystery attackers Security experts have helped remove malicious NuGet packages planted in 2023 that were designed to destroy systems years in advance, with some payloads not due to hit until the latter part of this decade.…
What to do when even your espresso machine needs end-to-end encryption Sponsored Feature The security landscape is getting more perilous day by day, as both nation-state groups and financially-motivated hackers ramp up their activity.…
How TeamViewer builds enterprise trust through security-first design
What to do when even your espresso machine needs end-to-end encryption Sponsored Feature The security landscape is getting more perilous day by day, as both nation-state groups and financially-motivated hackers ramp up their activity.…
go.theregister.com
November 7, 2025 at 9:30 AM
What to do when even your espresso machine needs end-to-end encryption Sponsored Feature The security landscape is getting more perilous day by day, as both nation-state groups and financially-motivated hackers ramp up their activity.…
Move fast - miscreants compromised a domain controller in 17 hours Gootloader JavaScript malware, commonly used to deliver ransomware, is back in action after a period of reduced activity.…
Gootloader malware back for the attack, serves up ransomware
Move fast - miscreants compromised a domain controller in 17 hours Gootloader JavaScript malware, commonly used to deliver ransomware, is back in action after a period of reduced activity.…
go.theregister.com
November 6, 2025 at 11:30 PM
Move fast - miscreants compromised a domain controller in 17 hours Gootloader JavaScript malware, commonly used to deliver ransomware, is back in action after a period of reduced activity.…
Spies, not crooks, were behind digital heist – damage stopped at the backups, says US cybersec biz SonicWall has blamed an unnamed, state-sponsored collective for the September break-in that saw cybercriminals rifle through a cache of firewall configuration backups.…
SonicWall fingers state-backed cyber crew for September firewall breach
Spies, not crooks, were behind digital heist – damage stopped at the backups, says US cybersec biz SonicWall has blamed an unnamed, state-sponsored collective for the September break-in that saw cybercriminals rifle through a cache of firewall configuration backups.…
go.theregister.com
November 6, 2025 at 12:30 PM
Spies, not crooks, were behind digital heist – damage stopped at the backups, says US cybersec biz SonicWall has blamed an unnamed, state-sponsored collective for the September break-in that saw cybercriminals rifle through a cache of firewall configuration backups.…
Second time's the charm for after Wiz rejected Google's $23B offer last year Google's second attempt to acquire cloud security firm Wiz is going a lot better than the first, with the Department of Justice clearing the $32 billion deal, which ranks as Google's largest-ever acquisition.…
Uncle Sam lets Google take Wiz for $32B
Second time's the charm for after Wiz rejected Google's $23B offer last year Google's second attempt to acquire cloud security firm Wiz is going a lot better than the first, with the Department of Justice clearing the $32 billion deal, which ranks as Google's largest-ever acquisition.…
go.theregister.com
November 5, 2025 at 6:30 PM
Second time's the charm for after Wiz rejected Google's $23B offer last year Google's second attempt to acquire cloud security firm Wiz is going a lot better than the first, with the Department of Justice clearing the $32 billion deal, which ranks as Google's largest-ever acquisition.…