The Register-Security
- Get link
- X
- Other Apps
"Porsche panic in Russia as pricey status symbols forget how to car."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 10 December 2025, 1419 UTC.
Content and Source: "The Register-Security" via email subscription from https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom
Please click subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
The Register – Security
Most popular
33by Paul Kunert / 20hSatellite silence trips immobilizers, leaving owners stuck Hundreds of Porsches in Russia were rendered immobile last week, raising speculation of a hack, but the German carmaker tells The Register that its vehicles are secure.… 1,500 military digital defenders spent past week cleaning up a series of cyberattacks on fictional island Andravia and Harbadus – two nations so often at odds with one another – were once again embroiled in conflict over the past seven days, which thoroughly tested NATO's cybersecurity experts' ability to coordinate defenses across battlefield domains.… Analysts worry lazy users could have agents complete mandatory infosec training, and attackers could do far nastier things Agentic browsers are too risky for most organizations to use, according to analyst firm Gartner.…
33by Paul Kunert / 20h
Satellite silence trips immobilizers, leaving owners stuck Hundreds of Porsches in Russia were rendered immobile last week, raising speculation of a hack, but the German carmaker tells The Register that its vehicles are secure.…
1,500 military digital defenders spent past week cleaning up a series of cyberattacks on fictional island Andravia and Harbadus – two nations so often at odds with one another – were once again embroiled in conflict over the past seven days, which thoroughly tested NATO's cybersecurity experts' ability to coordinate defenses across battlefield domains.…
Analysts worry lazy users could have agents complete mandatory infosec training, and attackers could do far nastier things Agentic browsers are too risky for most organizations to use, according to analyst firm Gartner.…
Yesterday
Plus critical critical Notepad++, Ivanti, and Fortinet updates, and one of these patches an under-attack security hole Happy December Patch Tuesday to all who celebrate. This month's patch party includes one Microsoft flaw under exploitation, plus two others listed as publicly known – but just 57 CVEs in total from Redmond.… by O'Ryan Johnson / 16hIdentity management vendors like Okta see an opening to calm CISOs worried about agents running amok The fear of AI agents running amok has thus far halted the wide deployment of these digital workhorses, Okta's president of Auth0, Shiv Ramji, told The Register .… by Jessica Lyons / 23hHave we learned nothing from sci-fi films and TV shows? Interview Imagine botnets in physical form and you've got a pretty good idea of what could go wrong with the influx of AI-infused humanoid robots expected to integrate into society over the next few decades.… Foreign secretary set to address senior diplomats later today The UK's foreign secretary is calling for closer collaboration with Europe to combat the growing threat of information warfare as hybrid attacks target countries on the continent.… As Portugal gives researchers a pass under cybersecurity law Portugal has become the latest country to carve out protections for researchers under its cybersecurity law.…
Plus critical critical Notepad++, Ivanti, and Fortinet updates, and one of these patches an under-attack security hole Happy December Patch Tuesday to all who celebrate. This month's patch party includes one Microsoft flaw under exploitation, plus two others listed as publicly known – but just 57 CVEs in total from Redmond.…
by O'Ryan Johnson / 16h
Identity management vendors like Okta see an opening to calm CISOs worried about agents running amok The fear of AI agents running amok has thus far halted the wide deployment of these digital workhorses, Okta's president of Auth0, Shiv Ramji, told The Register .…
by Jessica Lyons / 23h
Have we learned nothing from sci-fi films and TV shows? Interview Imagine botnets in physical form and you've got a pretty good idea of what could go wrong with the influx of AI-infused humanoid robots expected to integrate into society over the next few decades.…
Foreign secretary set to address senior diplomats later today The UK's foreign secretary is calling for closer collaboration with Europe to combat the growing threat of information warfare as hybrid attacks target countries on the continent.…
As Portugal gives researchers a pass under cybersecurity law Portugal has become the latest country to carve out protections for researchers under its cybersecurity law.…
Dec 8, 2025
by SA Mathieson / 1dOfficials insist OBR relied on 'early estimate' and real figure won't emerge until next year The head of the department delivering the UK government's digital identity scheme has rejected the £1.8 billion cost forecast by the Office for Budget Responsibility (OBR), but is not willing to provide an alternative until after a delayed consultation on the plans.… 5 TTPs•by Simon Sharwood / 1dGet your Hyper-V and VMware ESXi setups in order, people Researchers at security software vendor Huntress say they’ve noticed a huge increase in ransomware attacks on hypervisors and urged users to ensure they’re as secure as can be and properly backed up.… by Jessica Lyons / 1dMinors groomed to kill and intimidate victims Nearly 200 people, including minors accused of involvement in murder plots, have been arrested over the last six months as part of Europol's Operational Taskforce (OTF) GRIMM. The operation targets what cops call "violence-as-a-service" - crime crews recruiting kids and teens online to carry out contract killings and other real-world attacks.… Atlantic Bastion combines AI systems with warships to counter increased surveillance The UK government has announced enhanced protection for undersea cables using autonomous vessels alongside crewed warships and aircraft, responding to escalating Russian surveillance activities.… Regulator disappointed as soon-to-be-scrapped algo's problems remained a secret despite consistent engagement The UK's data protection watchdog has criticized the Home Office for failing to disclose significant biases in police facial recognition technology, despite regular engagement between the organizations.… 4 TTPs•by Carly Page / 2dBody confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop's mass-exploitation of Oracle's E-Business Suite (EBS), and says it is now taking legal action in an effort to stop the gang publishing any of the snatched information.…
by SA Mathieson / 1d
Officials insist OBR relied on 'early estimate' and real figure won't emerge until next year The head of the department delivering the UK government's digital identity scheme has rejected the £1.8 billion cost forecast by the Office for Budget Responsibility (OBR), but is not willing to provide an alternative until after a delayed consultation on the plans.…
5 TTPs
by Simon Sharwood / 1d
Get your Hyper-V and VMware ESXi setups in order, people Researchers at security software vendor Huntress say they’ve noticed a huge increase in ransomware attacks on hypervisors and urged users to ensure they’re as secure as can be and properly backed up.…
by Jessica Lyons / 1d
Minors groomed to kill and intimidate victims Nearly 200 people, including minors accused of involvement in murder plots, have been arrested over the last six months as part of Europol's Operational Taskforce (OTF) GRIMM. The operation targets what cops call "violence-as-a-service" - crime crews recruiting kids and teens online to carry out contract killings and other real-world attacks.…
Atlantic Bastion combines AI systems with warships to counter increased surveillance The UK government has announced enhanced protection for undersea cables using autonomous vessels alongside crewed warships and aircraft, responding to escalating Russian surveillance activities.…
Regulator disappointed as soon-to-be-scrapped algo's problems remained a secret despite consistent engagement The UK's data protection watchdog has criticized the Home Office for failing to disclose significant biases in police facial recognition technology, despite regular engagement between the organizations.…
4 TTPs
by Carly Page / 2d
Body confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop's mass-exploitation of Oracle's E-Business Suite (EBS), and says it is now taking legal action in an effort to stop the gang publishing any of the snatched information.…
Dec 7, 2025
by Simon Sharwood / 2dPLUS: South Korea to strengthen security standards; Canon closes Chinese printer plant; APAC datacenter capacity to triple by 2029; And more Asia In Brief Chinese rocketry outfit LandSpace last week flew what it hoped would be the country’s first reusable rocket, only to watch it explode while attempting to land.… 2 TTPs•by Brandon Vigliarolo / 2dPLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more! Infosec in Brief The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit.…
by Simon Sharwood / 2d
PLUS: South Korea to strengthen security standards; Canon closes Chinese printer plant; APAC datacenter capacity to triple by 2029; And more Asia In Brief Chinese rocketry outfit LandSpace last week flew what it hoped would be the country’s first reusable rocket, only to watch it explode while attempting to land.…
2 TTPs
by Brandon Vigliarolo / 2d
PLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more! Infosec in Brief The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit.…
Dec 5, 2025
by Jessica Lyons / 4dWanna know a secret? Whether you're logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to enter a second or third proof of identity. However, not all forms of MFA are created equal, and the one-time passwords orgs send to your phone have holes so big you could drive a tr Proof of life? Or an active social media presence? Criminals are altering social media and other publicly available images of people to use as fake proof of life photos in "virtual kidnapping" and extortion scams, the FBI warned on Friday. … Exfiltration (Enterprise TA0010)•by Thomas Claburn / 4d•Who needs JavaScript? Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS).… 3 TTPs•by Jessica Lyons / 4dSecurity community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a widespread outage early Friday, to patch React2Shell.… Laptop maker says a vendor breach exposed some phone camera code, but not its own systems Asus has admitted that a third-party supplier was popped by cybercrims after the Everest ransomware gang claimed it had rifled through the tech titan's internal files.… State-backed attackers started poking flaw as soon as it dropped – anyone still unpatched is on borrowed time Amazon has warned that China-nexus hacking crews began hammering the critical React "React2Shell" vulnerability within hours of disclosure, turning a theoretical CVSS-10 hole into a live-fire incident almost immediately.… Plan would create statutory powers for police use of biometrics, prompting warnings of mass surveillance The UK government has kicked off plans to ramp up police use of facial recognition, undeterred by a mounting civil liberties backlash and fresh warnings that any expansion risks turning public spaces into biometric dragnets.…
by Jessica Lyons / 4d
Wanna know a secret? Whether you're logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to enter a second or third proof of identity. However, not all forms of MFA are created equal, and the one-time passwords orgs send to your phone have holes so big you could drive a tr
Proof of life? Or an active social media presence? Criminals are altering social media and other publicly available images of people to use as fake proof of life photos in "virtual kidnapping" and extortion scams, the FBI warned on Friday. …
Exfiltration (Enterprise TA0010)
by Thomas Claburn / 4d
•Who needs JavaScript? Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS).…
3 TTPs
by Jessica Lyons / 4d
Security community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a widespread outage early Friday, to patch React2Shell.…
Laptop maker says a vendor breach exposed some phone camera code, but not its own systems Asus has admitted that a third-party supplier was popped by cybercrims after the Everest ransomware gang claimed it had rifled through the tech titan's internal files.…
State-backed attackers started poking flaw as soon as it dropped – anyone still unpatched is on borrowed time Amazon has warned that China-nexus hacking crews began hammering the critical React "React2Shell" vulnerability within hours of disclosure, turning a theoretical CVSS-10 hole into a live-fire incident almost immediately.…
Plan would create statutory powers for police use of biometrics, prompting warnings of mass surveillance The UK government has kicked off plans to ramp up police use of facial recognition, undeterred by a mounting civil liberties backlash and fresh warnings that any expansion risks turning public spaces into biometric dragnets.…
Dec 4, 2025
20by Steven J. Vaughan-Nichols / 5dYou can improve the odds by combining skepticism, verification habits, and a few technical checks Opinion Liars, cranks, and con artists have always been with us. It's just that nowadays their reach has gone from the local pub to the globe.… Automated software keeps getting better at pilfering cryptocurrency Anthropic could have scored an easy $4.6 million by using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts.… 'Dozens' of US orgs infected Chinese cyberspies maintained long-term access to critical networks – sometimes for years – and used this access to infect computers with malware and steal data, according to Thursday warnings from government agencies and private security firms.… He's not alone: DoD inspector general says the whole Defense Department has a messaging security problem US Defense Secretary Pete Hegseth definitely broke the rules when he sent sensitive information to a Signal chat group, say Pentagon auditors, but he's not the only one using insecure messaging, and everyone needs better training.… And then they asked an AI to help cover their tracks Vetting staff who handle sensitive government systems is wise, and so is cutting off their access the moment they're fired. Prosecutors say a federal contractor learned this the hard way when twin brothers previously convicted of hacking-related offenses allegedly used lingering access to delete nearly 100 government databases, including system 11 TTPs•by Carly Page / 5dSilent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks.… by Carly Page / 6dCloudflare data shows 29.7 Tbps record-breaker landed amid 87% surge in network-layer attacks The internet has spent the past three months ducking for cover as the Aisuru botnet hurled record-
20by Steven J. Vaughan-Nichols / 5d
You can improve the odds by combining skepticism, verification habits, and a few technical checks Opinion Liars, cranks, and con artists have always been with us. It's just that nowadays their reach has gone from the local pub to the globe.…
Automated software keeps getting better at pilfering cryptocurrency Anthropic could have scored an easy $4.6 million by using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts.…
'Dozens' of US orgs infected Chinese cyberspies maintained long-term access to critical networks – sometimes for years – and used this access to infect computers with malware and steal data, according to Thursday warnings from government agencies and private security firms.…
He's not alone: DoD inspector general says the whole Defense Department has a messaging security problem US Defense Secretary Pete Hegseth definitely broke the rules when he sent sensitive information to a Signal chat group, say Pentagon auditors, but he's not the only one using insecure messaging, and everyone needs better training.…
And then they asked an AI to help cover their tracks Vetting staff who handle sensitive government systems is wise, and so is cutting off their access the moment they're fired. Prosecutors say a federal contractor learned this the hard way when twin brothers previously convicted of hacking-related offenses allegedly used lingering access to delete nearly 100 government databases, including system
11 TTPs
by Carly Page / 5d
Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks.…
by Carly Page / 6d
Cloudflare data shows 29.7 Tbps record-breaker landed amid 87% surge in network-layer attacks The internet has spent the past three months ducking for cover as the Aisuru botnet hurled record-
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.