News

Short circuit: Electronics supplier to tech giants suffers ransomware shutdown

The Register - Fri, 22/08/2025 - 22:07
Amazon, Apple, Google, and Microsoft among major customers

Data I/O, a major electronics manufacturer whose customers include Amazon, Apple, Google, and Microsoft, notified federal regulators that it fell victim to a ransomware infection on August 16 that continues to disrupt its business operations.…

Categories: News

Kidney dialysis giant DaVita tells 2.4M people they were snared in ransomware data theft nightmare

The Register - Fri, 22/08/2025 - 20:05
Health details, tax ID numbers, even images of checks were stolen, reportedly by the Interlock gang

Ransomware scum breached kidney dialysis firm Davita's labs database in April and stole about 2.4 million people's personal and health-related information.…

Categories: News

Criminal background checker APCS faces data breach

The Register - Fri, 22/08/2025 - 16:54
The attack first affected an upstream provider of bespoke software

Exclusive  A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company.…

Categories: News

Fake CAPTCHA tests trick users into running malware

The Register - Fri, 22/08/2025 - 16:32
ClickFix tricks

Microsoft's security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity.…

Categories: News

Interpol bags 1,209 suspects, $97M in cybercrime operation focused on Africa

The Register - Fri, 22/08/2025 - 15:24
Crypto mines, BEC scams, fake passports, and a $300M fraud empire allegedly brought down during Serengeti 2.0

Interpol's latest clampdown on cybercrime resulted in 1,209 arrests across the African continent, from ransomware crooks to business email compromise (BEC) scammers, the agency says.…

Categories: News

Developer jailed for taking down employer's network with kill switch malware

The Register - Fri, 22/08/2025 - 01:27
Pro tip: When taking revenge, don't use your real name

A US court sentenced a former developer at power management biz Eaton to four years in prison after he installed malware on the company’s servers.…

Categories: News

Anthropic scanning Claude chats for queries about DIY nukes for some reason

The Register - Fri, 22/08/2025 - 00:42
Because savvy terrorists always use public internet services to plan their mischief, right?

Anthropic says it has scanned an undisclosed portion of conversations with its Claude AI model to catch concerning inquiries about nuclear weapons.…

Categories: News

Microsoft reportedly cuts China's early access to bug disclosures, PoC exploit code

The Register - Thu, 21/08/2025 - 23:58
Better late than never after SharePoint assault?

Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program.…

Categories: News

'Impersonation as a service' the next big thing in cybercrime

The Register - Thu, 21/08/2025 - 23:11
Underground forums now recruiting English-speaking social engineers

English speakers adept at social engineering are a hot commodity in the cybercrime job market.…

Categories: News

Honey, I shrunk the image and now I'm pwned

The Register - Thu, 21/08/2025 - 22:24
Google’s Gemini-powered tools tripped up by image-scaling prompt injection

Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge for machine learning systems.…

Categories: News

Congressman proposes bringing back letters of marque for cyber privateers

The Register - Thu, 21/08/2025 - 19:45
Bill would let US President commission white hat hackers to go after foreign threats, seize assets on the online seas

It's been more than 200 years since the United States issued a letter of marque allowing privateers to attack the vessels of foreign nations, but those letters may return to empower cyber operators if a bill introduced in Congress actually manages to pass. …

Categories: News

Orange Belgium mega-breach exposes 850K customers to serious fraud

The Register - Thu, 21/08/2025 - 15:07
Everything a criminal needs for targeted attacks exposed, but telco insists 'no critical data compromised'

A significant data theft at Orange Belgium has opened hundreds of thousands of its customers to serious cybersecurity risks.…

Categories: News

US cops wrap up RapperBot, one of world's biggest DDoS-for-hire rackets

The Register - Thu, 21/08/2025 - 14:26
Feds say Mirai-spawned botnet blasted 370K attacks before AWS and pals helped yank its servers

RapperBot, a botnet-for-hire blamed for hundreds of thousands of DDoS attacks, has been yanked offline by the Feds, who also hauled in its alleged Oregon-based mastermind.…

Categories: News

Apple rushes out fix for active zero-day in iOS and macOS

The Register - Thu, 21/08/2025 - 13:26
Another 'extremely sophisticated' exploit chewing at Cupertino's walled garden

Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.…

Categories: News

Colt changes tune, admits data theft as Warlock gang begins auction

The Register - Thu, 21/08/2025 - 13:01
Worried about your data? Not to worry, we'll check the dark web for you! Yes really

A week after its services were disrupted by a cyberattack, UK telco Colt Technology Services has gone back on its initial statement to confirm that data has indeed been stolen.…

Categories: News

Google yet to take down 'screenshot-grabbing' Chrome VPN extension

The Register - Thu, 21/08/2025 - 12:28
Researcher claims extension didn't start out by exfiltrating info... while dev says its actions are 'compliant'

Security boffins at Koi Security have warned of a shift in behavior of a popular Chrome VPN extension, FreeVPN.One, which recently appears to have begun snaffling screenshots of users' page activity and transmitting them to a remote server without their knowledge – and Google has yet to take it down.…

Categories: News

AI crawlers and fetchers are blowing up websites, with Meta and OpenAI the worst offenders

The Register - Thu, 21/08/2025 - 11:33
One fetcher bot seen smacking a website with 39,000 requests per minute

Cloud services giant Fastly has released a report claiming AI crawlers are putting a heavy load on the open web, slurping up sites at a rate that accounts for 80 percent of all AI bot traffic, with the remaining 20 percent used by AI fetchers. Bots and fetchers can hit websites hard, demanding data from a single site in thousands of requests per minute.…

Categories: News

China cut itself off from the global internet for an hour on Wednesday

The Register - Thu, 21/08/2025 - 02:48
Took out all traffic to port 443 at a time Beijing didn't have an obvious need to keep its netizens in the dark

China cut itself off from much of the global internet for just over an hour on Wednesday.…

Categories: News

Microsoft stays mum about M365 Copilot on-demand security bypass

The Register - Thu, 21/08/2025 - 00:59
Redmond doesn't bother informing customers about some security fixes

UPDATED  Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.…

Categories: News

Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

The Register - Wed, 20/08/2025 - 22:01
Move along, nothing to see here

Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News