News

Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move

Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.…

Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements

The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.…

Rights groups say digital-only record is leaking data and courting trouble

Civil society groups are urging the UK's data watchdog to investigate whether the Home Office's digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and design failures that are exposing sensitive personal information while leaving migrants unable to prove their lawful status.…

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews

Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling.…

Judge said his fraud was on 'epic, generational scale'

Terraform Labs founder Do Kwon will spend 15 years in jail after pleading guilty to committing fraud.…

Operators accidentally left a way for you to get your data back

CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There's some bad news and some good news here.…

No details, no CVE, update your browser now

Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world's most popular browser's eighth zero-day bug of 2025.…

UK data regulator says failures were unacceptable for a company managing the world's passwords

The UK's Information Commissioner's Office (ICO) says LastPass must cough up £1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to 1.6 million UK users.…

Skills gained later fed Beijing's cyber operations, according to SentinelLabs expert

A security researcher specializing in tracking China threats claims two of Salt Typhoon's members were former attendees of a training scheme run by Cisco.…

Flare warns devs are unwittingly publishing production-level secrets

Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500 firm and a major bank.…

Workers frustrated with security-first changes to workflows and teething issues

Exclusive  Seven months after a landmark cyberattack, the UK's Legal Aid Agency (LAA) says it's returning to pre-breach operations, although law firms are still wrestling with buggy and more laborious systems.…

More than half of internet-exposed instances already compromised

Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.…

The digital intrusion allegedly caused thousands of pounds of meat to spoil and triggered an ammonia leak in the facility

A Ukrainian woman accused of hacking US public drinking water systems and a meat processing facility on behalf of Kremlin-backed cyber groups was extradited to the US earlier this year and will stand trial in early 2026.…

Devs and users should know better, Microsoft tells watchTowr

Security researchers have revealed a .NET security flaw thought to affect a host of enterprise-grade products that they say Microsoft refuses to fix.…

Why should Keith Richards’ fingers inform your approach to risk?

Partner Content  For years, celebrities have insured their body parts for vast sums of money. Mariah Carey allegedly insured her voice and legs for $70 million during a tour, according to TMZ; and Lloyd’s of London was reported to have insured a wide range of celebrity body parts, from restauranteur Egon Ronay’s taste buds to the fingers of Rolling Stones’ guitarist Keith Richards, which were insured for $1.6 million. …

1,500 military digital defenders spent past week cleaning up a series of cyberattacks on fictional island

Andravia and Harbadus – two nations so often at odds with one another – were once again embroiled in conflict over the past seven days, which thoroughly tested NATO's cybersecurity experts' ability to coordinate defenses across battlefield domains.…

Plus critical critical Notepad++, Ivanti, and Fortinet updates, and one of these patches an under-attack security hole

Happy December Patch Tuesday to all who celebrate. This month's patch party includes one Microsoft flaw under exploitation, plus two others listed as publicly known – but just 57 CVEs in total from Redmond.…

Identity management vendors like Okta see an opening to calm CISOs worried about agents running amok

The fear of AI agents running amok has thus far halted the wide deployment of these digital workhorses, Okta's president of Auth0, Shiv Ramji, told The Register.…

Satellite silence trips immobilizers, leaving owners stuck

Hundreds of Porsches in Russia were rendered immobile last week, raising speculation of a hack, but the German carmaker tells The Register that its vehicles are secure.…

Have we learned nothing from sci-fi films and TV shows?

Interview  Imagine botnets in physical form and you've got a pretty good idea of what could go wrong with the influx of AI-infused humanoid robots expected to integrate into society over the next few decades.…