The Register-Security
- Get link
- X
- Other Apps
"Old Windows quirks help punch through new admin defenses."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 28 January 2026, 1416 UTC.
Content and Source provided by email subscription from https://feely.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
79
Most popular
5 TTPs
by Connor Jones / 53min
Google researcher sits on UAC bypass for ages, only for it to become valid with new security feature Microsoft patched a bevy of bugs that allowed bypasses of Windows Administrator Protection before the feature was made available earlier this month.…
If you're serious about encryption, keep control of your encryption keys updated If you think using Microsoft's BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond reportedly provided the FBI with encryption keys to unlock the laptops of Windows users charged in a fraud indictment.…
31by Lindsay Clark / 4d
Drone, satellite, and other data combined to monitor unwanted vessels The UK Home Office is spending up to £100 million on intelligence tech in part to tackle the so-called "small boats" issue of refugees and irregular immigrants coming across the English Channel.…
Yesterday
Meta also replaces a legacy C++ media-handling security library with Rust Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option. …
Plus, the gang says it got in via Microsoft Entra SSO ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang also claims to have stolen data from CarMax and Edmunds, in addition to three other organizations it posted to its blog last week.…
Reports say Salt Typhoon attackers accessed handsets of senior govt folk Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing private communications at the heart of the UK government.…
by Carly Page / 1d
French govt says state-run service 'Visio' will be more secure. Now where have we heard that name before? France has officially told Zoom, Teams, and the rest of the US videoconferencing herd to take a hike in favor of its own homegrown app.…
Austrian education ministry unaware of tracking software until campaigners launched case Updated Microsoft illegally installed cookies on a school pupil's devices without consent, according to a ruling by the Austrian data protection authority (DSB).…
by Connor Jones / 1d
Victim and Big Brother Watch will argue the Met's policies are incompatible with human rights law The High Court will hear from privacy campaigners this week who want to reshape the way the Metropolitan Police is allowed to use live facial recognition (LFR) tech.…
Another actively abused Office bug, another emergency patch – Office 2016 and 2019 users are left with registry tweaks instead of fixes. Updated Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real world attacks.…
Jan 26, 2026
Atlassian, RingCentral, ZoomInfo also among tech targets ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to researchers and the criminal group itself.…
Probe follows outcry over use of creepy image generation tool The European Commission has launched an investigation into X amid concerns that its GenAI model Grok offered users the ability to generate sexually explicit imagery, including sexualized images of children.…
US sports brand launches probe after extortion crew WorldLeaks claims it stole huge dataset Nike says it is probing a possible breach after extortion crew WorldLeaks claimed to have lifted 1.4TB of internal data from the sportswear giant and posted samples on its leak site.…
Cyber sleuths believe Sandworm up to its old tricks with a brand-new sabotage toy Russia was probably behind the failed attempts to compromise the systems of Poland's power companies in December, cybersecurity researchers claim.…
by Dan Robinson / 2d
Big Red says 'sovereign' platform supports decision-making and operational learning at sea Britain's Royal Navy is using Oracle Cloud edge infrastructure to operate AI-driven defenses on the aircraft carrier HMS Prince of Wales.…
Jan 25, 2026
by SA Mathieson / 2d
Minister dodges cost questions while promising smartphone-free access and 'robust' verification The UK government has revealed some thinking about digital identity in response to written questions from MPs, while continuing to say next to nothing about the scheme's cost.…
4 TTPs
by Brandon Vigliarolo / 2d
Also, cybercriminals get breached, Gemini spills the calendar beans, and more infosec in brief T'was a dark few days for automotive software systems last week, as the third annual Pwn2Own Automotive competition uncovered 76 unique zero-day vulnerabilities in targets ranging from Tesla infotainment to EV chargers.…
Jan 23, 2026
But ex-CISA boss and new RSAC CEO Jen Easterly will be there updated The US Cybersecurity and Infrastructure Security Agency won't attend the annual RSA Conference in March, an agency spokesperson confirmed to The Register . Sessions involving speakers from the FBI and National Security Agency (NSA) have also disappeared from the agenda.…
by Jessica Lyons / 4d
If you skipped it back then, now’s a very good time You've got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw.…
'A lot more' victims to come, we're told ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.…
by Connor Jones / 4d
Security chief says criminals are already automating workflows, with full end-to-end tools likely within years CISOs must prepare for "a really different world" where cybercriminals can reliably automate cyberattacks at scale, according to a senior Googler.…
2 TTPs
by Carly Page / 5d
Fix didn't quite do the job – attackers spotted logging in Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices supposedly fully up to date.…
2 TTPs
by Connor Jones / 5d
Direct debits? Maybe February. Birth certificates? Dream on. Council tax bills? Oh, those are coming Hammersmith & Fulham Council says payments are now being processed as usual, two months after a cyberattack that affected multiple boroughs in the UK's capital city.…
Jan 22, 2026
by SA Mathieson / 5d
Much owed to the few, but takeup is under 1% More than 15,000 former members of the UK's armed forces have successfully applied for a digital version of their veterans ID card since its launch in October, according to the Government Digital Service (GDS). …
6 TTPs
by Jessica Lyons / 5d
Teach a crook to phish… Criminals can more easily pull off social engineering scams and other forms of identity fraud thanks to custom voice-phishing kits being sold on dark web forums and messaging platforms.…
8 TTPs
by Jessica Lyons / 5d
Logging in, not breaking in Unknown attackers are abusing Microsoft SharePoint file-sharing services to target multiple energy-sector organizations, harvest user credentials, take over corporate inboxes, and then send hundreds of phishing emails from compromised accounts to contacts inside and outside those organizations.…
5 TTPs
by Carly Page / 5d
Admins say attackers are still getting in despite recent patches FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who've figured out how to sidestep SSO protections and grab sensitive settings right out of the box.…
by Carly Page / 6d
Regulators logged over 400 personal data breach notifications a day for first time since law came into force GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe's regulators were deluged with more than 400 data breach notifications a day, according to a new survey that suggests the post-plateau era of enforcement has well and truly arrived.…
by Connor Jones / 6d
Mind the cyber gap – similar flaws highlighted multiple years in a row Concerned about the orgs that safeguard your money? The UK's annual cybersecurity review for 2025 suggests you should be. Despite years of regulation, financial organizations continue to miss basic cybersecurity safeguards.…
Critical vuln flew under the radar for a decade A recently disclosed critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is "trivial" to exploit, experts say.…
3 TTPs
by Carly Page / 6d
The critical-rated flaw leaves unpatched systems open to full takeover Cisco has finally shipped a fix for a critical-rated zero-day in its Unified Communications gear, a flaw that's already being
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.