The Register

But this mystery isn't over yet, Unit 42 opines

That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than previously suspected.…

Crummy OPSEC leads to potentially decades in prison

Noah Michael Urban, 20, of alleged Scattered Spider infamy, has pleaded guilty to various charges and potentially faces decades in prison.…

After 23 years, the privacy plumber has finally arrived to clean up this mess

A 23-year-old side-channel attack for spying on people's web browsing histories will get shut down in the forthcoming Chrome 136, released last Thursday to the Chrome beta channel.…

Last month's secret hearing comes to light

Details of Apple's appeal against the UK's so-called "backdoor order" will now play out in public after the Home Office failed in its bid to keep them secret on national security grounds.…

Native tools help, but they don’t cover everything - here’s what they miss and how to close the gaps

Partner Content  : AWS provides a number of security services, such as GuardDuty, Inspector, Config, and Security Hub, designed to protect your cloud environment.…

PLUS: Qualcomm acquires Vietnamese AI outfit; China claims US hacked winter games; India's browser challenge winner disputed; and more

Asia In Brief  Asian nations and tech companies are trying to come to terms with the USA’s new universal import tariffs and additional “reciprocal tariffs”.…

PLUS: Google re-patches Quick Share flaws; Critical Cisco flaw exploited; WordPress plugin trouble; and more

Infosec in Brief  How did journalist Jeffrey Goldberg’s phone number end up in a Signal group chat? According to The Guardian, US national security adviser Mike Waltz accidentally saved it into the contact file of a campaign staffer who later took a job at the US National Security Council official.…

Intelligence chief booted after less than two years on the job

President Trump yesterday fired the head of the NSA and US Cyber Command and his deputy.…

The industry’s approach to keeping quality backups may be masking the importance of other recovery mainstays

Maintaining good-quality backups is often seen as the spine of any organization's ability to recover from cyberattacks quickly. Naturally, given the emphasis placed on them by experts of all stripes, you'd be forgiven for thinking that prioritizing them over anything else would be the way to go.…

Law enforcement facing huge gap in 'AI adoption'

The National Crime Agency (NCA) will "closely examine" the recommendations made by the Alan Turing Institute after it claimed the UK was ill-equipped to tackle AI-enabled crime.…

We're not Putin up with this alleged industrial espionage, say the Dutch

A Russian national appeared in a Netherlands court on Thursday accused of industrial espionage against ASML, the world’s leading manufacturer of chip factory equipment and a key supplier that helps the likes of TSMC pump out top-drawer processors.…

Australians checking their pensions are melting down call centres and websites

Australian retirement fund operators are scrambling after reports emerged of unauthorized access to customer accounts leading to theft of cash.…

Classification compliance? Records retention requirements? How quaint

A US Department of Defense watchdog has opened an investigation into its own Secretary of Defense, Pete Hegseth, over his use of instant-messaging app Signal to discuss government business.…

Shape shifting technique described as menace to national security

The US govt's Cybersecurity Infrastructure Agency, aka CISA, on Thursday urged organizations, internet service providers, and security firms to strengthen defenses against so-called fast flux attacks.…

Simple denial-of-service blunder turned out to be remote unauth code exec disaster

Suspected Chinese government spies have been exploiting a newly disclosed critical bug in Ivanti VPN appliances since mid-March. This is now at least the third time in three years these snoops have been pwning these products.…

It's going to happen to you one day, so get your ducks in a row

As Benjamin Franklin famously said: "An ounce of prevention is worth a pound of cure," and that's especially true when it comes to disaster recovery.…

Espionage? Botnets? Trying to exploit a zero-day?

Someone or something is probing devices made by Juniper Networks and Palo Alto Networks, and researchers think it could be evidence of espionage attempts, attempts to build a botnet, or an effort to exploit zero-day vulnerabilities.…

ProtectEU plan wants to have its cake and eat it too

The EU has issued its plans to keep the continent's denizens secure and among the pages of bureaucratese are a few worrying sections that indicate the political union wants to backdoor encryption by 2026, or even sooner.…

Recovery's never been harder in today's tangled, outsourced infrastructure

Comment  Disaster recovery is getting tougher as IT estates sprawl across on-prem gear, public cloud, SaaS, and third-party ITaaS providers. And it's not floods or fires causing most outages anymore - ransomware now leads the pack, taking down systems faster than any natural disaster.…

Stamp it out: Infostealer malware at German outfit may be culprit

Britain's Royal Mail is investigating after a crew calling itself GHNA claimed it has put 144GB of the delivery giant’s data up for sale, perhaps after acquiring it with the same stolen credentials it used to crack Samsung Germany.…