News

AI + skilled malware developers = security threat

VoidLink, the newly spotted Linux malware that targets victims' clouds with 37 evil plugins, was generated "almost entirely by artificial intelligence" and likely developed by just one person, according to the research team that discovered the do-it-all implant.…

Update Chainlit to the latest version ASAP

Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to cyber-threat exposure startup Zafran.…

Prompt injection for the win

Anthropic has fixed three bugs in its official Git MCP server that researchers say can be chained with other MCP tools to remotely execute malicious code or overwrite files via prompt injection.…

Group-IB says crims forking out for Dark LLMs, deepfakes, and more at subscription prices

Cybercrime has entered its AI era, with criminals now using weaponized language models and deepfakes as cheap, off-the-shelf infrastructure rather than experimental tools, according to researchers at Group-IB.…

OG CDN boss says fighting illegal streams is about stopping criminals cashing in, not free speech

Interview  After Cloudflare CEO Matthew Prince recently threatened to disrupt the Winter Olympics to protect free speech after Italian authorities fined his company for not disrupting pirate video streams, rival CDN provider Akamai’s CEO Dr. Tom Leighton fired back with what reads a lot like thinly veiled criticism.…

Feras Albashiti faces 10 years after $20,000 in sales to undercover agent exposed ransomware ties

A Jordanian national faces sentencing in the US after pleading guilty to acting as an initial access broker (IAB) for various cyberattacks.…

They’re not the most sophisticated, but even simple attacks can lead to costly consequences

The UK's National Cyber Security Centre (NCSC) is once again warning that pro-Russia hacktivists are a threat to critical services operators.…

Ships emergency update to fix a Patch Tuesday misfire that prevented systems from switching off

Microsoft has rushed out an out-of-band Windows 11 update after January's Patch Tuesday broke something as fundamental as turning PCs off.…

Maine filing confirms July attack affected 42,521 employees and job applicants

Ingram Micro disclosed that a July 2025 ransomware attack compromised the personal data of tens of thousands of employees.…

Labour's latest U-turn? 61 backbenchers pile pressure for Starmer to back Tory peer's amendment

The British government may impose a ban on under-16s using social media, despite Labour prime minister Keir Starmer having previously expressed skepticism over the measure.…

Kids return to classrooms after safety infrastructure knocked out

A Warwickshire secondary school says it will fully reopen this week after a cyberattack forced a prolonged closure – though staff will return to classrooms with "very limited access" to IT systems.…

Capable of carrying 1-ton payload and key to strategy protecting North Atlantic from Russian submarines

The Royal Navy has conducted the first flight of a helicopter-sized autonomous drone that is planned to operate from its ships in support of missions, including hunting for hostile submarines.…

Bank staff wore the blame for a silly security slip

Who, Me?  Welcome to another edition of “Who Me?”, The Register’s Monday column that shares your mistakes and celebrates your escapes.…

PLUS: ASUS gets into healthcare gadgets; Vietnam’s first fab; Australia's child social ban takes out 4.7 million accounts; And more!

Asia In Brief  Microsoft is hiring senior managers to ensure its datacenters in Asia can access the energy they need.…

PLUS: Navy spy sent to brig for 200 months in brig; Black Axe busted again; Bill aims to crimp ICE apps; and more

Infosec In Brief  PLUS: Google’s security outfit Mandiant last week released tools that can crack credentials in 12 hours, in the hope that doing so will accelerate the death of an ancient Microsoft security protocol.…

Sloppy implementation of Google spec leaves 'hundreds of millions' of devices vulnerable

Hundreds of millions of wireless earbuds, headphones, and speakers are vulnerable to silent hijacking due to a flaw in Google's Fast Pair system that allows attackers to seize control without the owner ever touching the pairing button.…

Microsoft claims it's a Secure Launch bug

We're not saying Copilot has become sentient and decided it doesn't want to lose consciousness. But if it did, it would create Microsoft's January Patch Tuesday update, which has made it so that some PCs flat-out refuse to shut down or hibernate, no matter how many times you try.…

Ransomware kingpin who escaped Armenian custody is believed to be lying low back home

German cops have added Russian national Oleg Evgenievich Nefekov to their list of most-wanted criminals for his services to ransomware.…

Check Point observes 40K+ attack attempts in our hours, with government organizations under fire

A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet.…

Owner reverse-engineered his ride, revealing authentication was never properly individualized

An Estonian e-scooter owner locked out of his own ride after the manufacturer went bust did what any determined engineer might do. He reverse-engineered it, and claims he ended up discovering the master key that unlocks every scooter the company ever sold.…