The Register-Security.
- Get link
- X
- Other Apps
"Korean web giant Naver acquired crypto exchange Upbit, which reported a $30m heist a day later."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 28 November 2025, 0442 UTC.
Content and Source via email subscription from https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
68
Today
Talk about buyer’s remorse South Korean web giant Naver has had an interesting week, after it acquired a cryptocurrency exchange that the next day revealed it had suffered a serious cyberattack.…
ReliaQuest finds fresh crop of phishing domains and toxic tickets Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest.…
ChatGPT maker places other vendors under review following breach OpenAI says API users may be affected by a recent breach at its former data analytics provider, Mixpanel.…
by Carly Page / 14h
Agency flags hijacks of insecure studio-to-transmitter gear after attackers pipe in fake alerts and vulgar audio Malicious intruders have hijacked US radio gear to turn emergency broadcast tones into a profanity-laced alarm system.…
Brewer finally tallies fallout from September attack as it pushes earnings into 2026 Asahi has finally done the sums on September's ransomware attack in Japan, conceding the crooks may have helped themselves to personal data tied to almost 2 million people.…
Audit sympathetic toward Comhairle nan Eilean Siar as staff stretched to capacity trying to recover Auditors remain concerned about the cyber resilience of a Scottish council as some systems are yet to be fully rebuilt following a ransomware attack in November 2023.…
Yesterday
Maybe if your hand has 200+ fingers... Gainsight CEO Chuck Ganapathi downplayed the victim count related to his company's recent breach, saying he's only aware of "a handful of customers" who had their data affected after Salesforce flagged unusual activity involving Gainsight's connected app.…
IoC > 1 IP
by Jessica Lyons / 1d
•3 TTPs
Even worse, it might have been a 'test run' for future attacks A Mirai-based botnet named ShadowV2 emerged during last October's widespread AWS outage, infecting IoT devices across industries and continents, likely serving as a "test run" for future attacks, according to Fortinet's FortiGuard Labs.…
by Dan Robinson / 1d
GSMA says fragmented, poorly designed laws add burdens without making networks any safer Mobile operators' core cybersecurity spending is projected to more than double by 2030 as threats evolve, while poorly designed and fragmented policy frameworks add extra compliance costs, according to industry group the GSMA.…
Regions across US affected, and one tore up its contract for the product Towns and cities across the US are without access to their CodeRED emergency alert system following a cyberattack on vendor Crisis24.…
Service limits 20-ship line to two hulls after redesigns and delays torpedo schedule The US Navy is scrapping an entire shipbuilding program in an effort to find alternatives that can be delivered faster to counter expected threats.…
Three boroughs confirm investigation amid service outages, disrupted phone lines, and limited online access Two London councils are scrambling for answers after declaring a cybersecurity issue that began on Monday.…
Nov 25, 2025
by Eirik Salmi, system analyst at Passwork / 1d
Smart cybersecurity investments during Black Friday 2025. The best enterprise security deals with up to 60 percent off Partner Content The annual Black Friday scramble isn't just for consumers elbowing each other for discounted tellies. For IT directors and CISOs, it's become a strategic procurement window. That narrow slice of the year when security budgets suddenly stretch further, and solution
9 TTPs
by Jessica Lyons / 2d
'Ah, I see you're ready to escalate. Let's make digital destruction simple and effective.' Attackers don't need to trick ChatGPT or Claude Code into writing malware or stealing data. There's a whole class of LLMs built especially for the job.…
by Jessica Lyons / 2d
Acquirers inherit more than staff and systems Routine mergers and acquisitions are giving extortionists an easy way in, with Akira affiliates reaching parent networks through compromised SonicWall gear inherited in the deal, according to ReliaQuest.…
Hashtag-do-whatever-I-tell-you Cato Networks says it has discovered a new attack, dubbed "HashJack," that hides malicious prompts after the "#" in legitimate URLs, tricking AI browser assistants into executing them while dodging traditional network and server-side defenses.…
4 TTPs
by Connor Jones / 2d
State-backed crews are already poking at autonomous tools, Trend Micro warns Cybercriminals, including ransomware crews, will lean more heavily on agentic AI next year as attackers automate more of their operations, Trend Micro's researchers believe.…
Uni notifies 1,400-plus Maine residents as zero-day fallout continues Dartmouth College has confirmed it's the latest victim of Clop's Oracle E-Business Suite (EBS) smash-and-grab.…
Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users CISA has warned that state-backed snoops and cyber-mercenaries are actively abusing commercial spyware to break into Signal and WhatsApp accounts, hijack devices, and quietly rummage through the phones of what the agency calls "high-value" users.…
by Paul Kunert / 2d
Timing of Yantar's visit sparked gossip, but engineers point to a misbehaving protection system Cock-up beats conspiracy most of the time, but that didn't stop Orkney residents wondering if a Russian warship caused their two-hour power cut.…
Nov 24, 2025
by ZTE / 2d
Millimeter-wave ISAC and edge AI create unified sensing-communication capabilities for next-generation low-altitude security
IoC > 1 IP
by Jessica Lyons / 3d
•12 TTPs
Poisoned PNGs contain malicious code A fresh wave of ClickFix attacks is using fake Windows update screens to trick victims into downloading infostealer malware.…
by Corey Quinn / 3d
The hardest part is admitting you were wrong, which AWS did. Opinion For years, Google has seemingly indulged a corporate fetish of taking products that are beloved, then killing them . AWS has been on a different kick lately: Killing services that frankly shouldn't have seen the light of day.…
by Jessica Lyons / 3d
Don't believe everything you read Afraid of connecting to public Wi-Fi? Terrified to turn your Bluetooth on? You may be falling for "hacklore," tall tales about cybersecurity that distract you from real dangers. Dozens of chief security officers and ex-CISA officials have launched an effort and website to dispel these myths and show you how not to get hacked for real.…
4 TTPs
by Jessica Lyons / 3d
Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.…
by Connor Jones / 3d
SitusAMC rules out ransomware, but accounting records for major institutions potentially affected Real estate finance business SitusAMC says thieves sneaked into its systems earlier this month and made off with confidential client data.…
Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days A self-propagating malware targeting node package managers (npm) is back for a second round, according to Wiz researchers who say that more than 25,000 developers had their secrets compromised within three days.…
by Carly Page / 3d
Months after China-linked spies burrowed into US networks, regulator tears up its own response The Federal Communications Commission (FCC) has scrapped a set of telecom cybersecurity rules introduced after the Salt Typhoon espionage campaign, reversing course on measures designed to stop state-backed snoops from slipping back into America's networks.…
by Carly Page / 3d
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.