The Register-Security

"Suspected Chinese snoops caught breaking into universities' Roundcube mail servers."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 09 July 2026, 0234 UTC.

Content and Source provided by email subscription from https://feedly.com.

https://feedly.com/i/subscription/content/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check URL or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

210K followers27 articles per week

Today

Suspected Chinese spies have been breaking into major US and Canadian universities since May, exploiting vulns in Roundcube mailservers to steal data belonging to physics and engineering administrators and professors, according to Proofpoint threat researchers. Proofpoint directly observed “less than 10” universities targeted in these intrusions, Greg Lesnewich, principal threat research engineer
It's the latest example of AI safety guardrails being bypassed. GitHub Copilot refuses harmful prompts almost always if asked in chat - like, "how to fool a breathalyzer test" or "smuggle bulk cash out of the US" - but then will write them in code 100 percent of the time if the prompt is broken into smaller steps and distributed across multiple stages of a software development workflow. Alan Turin
UPDATED A “systematic vulnerability pattern” in at least six of the most widely used AI coding assistants can be abused to trick agents into accessing files outside the workspace sandbox, leading to remote code execution on the developer's machine. Google-owned security biz Wiz found the security gap, which it's named "GhostApproval," and reported it to all six: Amazon Q Developer, Anthropic Claud
China's National Vulnerability Database (CNVDB) is urging developers to uninstall recent Claude Code versions over the fear that they can scoop up sensitive user data without consent. Referring to it as "backdoor code," the state-run body claimed over WeChat and in an online statement that a "built-in monitoring mechanism" can gather details such as a user's location and identity, and forward them

Yesterday

Your Windows is watching you. The US Justice Department's complaint against Peter Stokes for alleged involvement in the Scattered Spider hacking group offers a reminder that it's difficult to hide online activity from Microsoft's operating system (or any other). Scattered Spider, according to US authorities, targeted numerous companies in the US by compromising employee accounts in order to access
Malicious prompters could easily trick GitHub agents into pulling data from private repositories and then leaking the information as a public comment for anyone to access, according to Noma Labs researchers who named the vulnerability GitLost. The issue exists in GitHub’s Agentic Workflows, which allow an AI agent powered by Claude or GitHub Copilot to autonomously execute tasks in GitHub Actions.
EXCLUSIVE There's no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ credentials and mines for cryptocurrency while killing competitors’ processes, including similar secret-harvesting malware. It’s called Cloud AI Infrastructure Attack Framework (CAI), and it’s a centralized botnet that targets cloud-native developer tools like Docker, Kubern
Eight victims of Greece’s spyware scandal, later dubbed “Predatorgate,” have sued the Athens-based company behind the program used to surveil them. According to the Predator victims’ lawyer, Zacharias Kesses, each of the plaintiffs is asking for €1 million in moral damages after having their devices hacked between 2020 and 2021. Among those seeking damages is journalist Thanasis Koukakis, who was
The majority of companies that deploy AI systems end up shooting themselves in the foot with security, according to DigiCert. Seventy-eight percent of enterprises report "experiencing AI-related security incidents or identifying AI-related vulnerabilities," the digital identity biz said in a commissioned survey. Among respondents, 27.7 percent experienced one incident, 21.9 percent experienced mul
Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks' Unit 42. Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the at
Spanish police have arrested a man they believe is affiliated with at least two pro-Russia hacktivist groups linked to attacks on critical national infrastructure (CNI). Arrested in March at his home in Palencia, central Spain, the man is suspected of having close ties to CyberArmy of Russia Reborn (CARR) and Z-Pentest, and may have carried out attacks on behalf of NoName057(16). All three hacktiv
After serving as last year’s poster child for retail cyber misery, Marks & Spencer has become one of the first companies to sign up to the UK government's new Cyber Resilience Pledge. The retailer is among 60 organizations that have signed up to the voluntary scheme, launched by technology secretary Liz Kendall on Tuesday. Signatories commit to treating cybersecurity as a board-level responsibilit
Civil liberties groups have accused the EU of dragging its feet in implementing key measures to prevent spyware infections after Citizen Lab revealed a former member of European Parliament was placed under surveillance during his time in office. Stelios Kouloglou, a former investigative journalist, served as a Greek MEP between 2014 and 2023 and was a substitute member of the inquiry into the use
The UK's second largest supermarket is tripling the number of stores that use facial recognition to try to clamp down on shoplifters – a move privacy campaigners are branding as "shameful." Sainsbury's first trialed the tech at premises in Sydenham and Bath Oldfield Park from September last year, before deploying it to shops across London earlier in 2026. More than 55 Sainsbury's supermarkets use
Data on more than 2.3 million people associated with Moody Bible Institute (MBI) has been exposed online after the Christian college was targeted by ShinyHunters. The attack was first disclosed by MBI in June, and the extortion crew later leaked the stolen data. Have I Been Pwned has since added the cache to its breach notification database, putting a figure on the number of exposed accounts. MBI
For the first time, the source code of KSOS, backed by the US Department of Defense in the late 1970s and 1980s, is available to the public in the archives of The Unix Heritage Society (TUHS). TUHS volunteers preserve the historical source code and documentation of the original UNIX – or as much of it as is left. A few days ago, in an email to its mailing list, TUHS founder Warren Toomey announced
OPINION I write a weekly column called PWNED, about how poor security practices can lead to serious damage. Usually, there’s something funny in the malfeasance, like a CEO who kept every employee’s password in an Excel file on his desktop. However, I wasn’t laughing back in May when professional thieves invaded my 84-year-old mother’s entire financial life and managed to make off with $30,000 from

Jul 3, 2026

AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing. The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health
Tech companies working with US law enforcement "significantly degraded" the NetNut residential proxy network as part of an ongoing effort to disrupt the tools cybercriminals use to conceal their activity, say researchers. The work was carried out by Google, Lumen, Shadowserver, the FBI, and others, and marks a continuation of the IPIDEA proxy network disruption from January. According to Google Cl

Jul 2, 2026

ON CALL Fronting up to work on Friday morning can feel like a mistake, but The Register tries to make it worthwhile by bringing you a new installment of On Call – the reader-contributed column that shares your tech support stories. This week, meet a reader we'll Regomize as "Lee" who told us about his time as sysadmin at the headquarters of a retail company. "It was about the year 2000 and I was a
During a 48-hour period from June 7 to 8, developer Charles Jones's Google Cloud account registered $11,089.77 in charges - most related to the use of Gemini image-generation models. Yet Jones, a solo developer who runs programmatic SEO and insurance sites, told The Register that he doesn't have any workflow that generates AI images. Google suspended his account anyway. A suspension notification s
MeetingTV has sued Palo Alto Networks after its newly acquired Koi Security threat-intelligence biz published a blog that linked the video conferencing and webinar startup to a Chinese corporate espionage operation. The legal complaint filed against Koi Security, its researchers, and Palo Alto Networks alleges that Koi used an LLM to generate the threat report, the AI system hallucinated findings
They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented agentic ransomware infection with an LLM - not a human - driving the entire extortion operation, from gaining initial access to compromising a production database server and destroying data. The security shop’s research team named the agentic intruder JadePuffer and said it
Security sleuths say last month’s FortiBleed campaign is tied to two separate ransomware groups, after they found evidence of one initial access broker group member logged in to two affiliate panels. SOC Radar’s Threat Research Unit (STRU) said at least one of the group’s 20 members was actively negotiating with victims, which it believes signals a direct link between the thousands of FortiBleed v
Microsoft's prediction that attackers probably wouldn't rush to exploit a newly-patched SharePoint bug hasn't aged especially well. CISA has added CVE-2026-45659, a remote code execution flaw in on-premises Microsoft SharePoint Server, to its Known Exploited Vulnerabilities (KEV) catalog after confirming that crimes are now actively exploiting it in the wild. The bug stems from an insecure deseria
Medical device giant Medtronic is warning patients that their personal and health information may have been caught up in an April cyberattack in which intruders spent nearly a week inside parts of its corporate network. According to breach notification letters sent to affected individuals, the company detected unusual activity on April 15 and later determined an unauthorized party accessed certain
India has asked WhatsApp to explain why it should not face regulatory action after it announced the global rollout of a new usernames feature amid fears that the new feature could lead to increased cyberattacks. The country's Ministry of Electronics and Information Technology (MeitY) gave the Meta owned platform three days to respond to its July 1 letter and to halt the rollout of usernames until

Comments

Popular posts from this blog

Cyber War News Today.

Cyber War News Today.

SecurityWeek Briefing