Login
Dutch healthcare software vendor goes dark after ransomware attack
ChipSoft's website remains down but emails are functioning
A Dutch healthcare software vendor has been knocked offline following a ransomware attack, officials say.β¦
Reading view
NHS Scotland-linked domains caught serving pr0n and dodgy sports streams
Two practice web addresses appear to have been compromised
Multiple domains belonging to Scottish healthcare providers have been hijacked and are now pushing links to adult content and illegal sports streams, according to a researcher.β¦
Microsoft hints at bit bunkers for war zones
President Brad Smith tells an interviewer that Microsoft is reconsidering datacenter design in light of Iran war
Microsoft is reevaluating how it designs and builds datacenters in conflict-prone regions after Iran began targeting Middle Eastern bit barns in retaliation for US military operations.β¦
Anthropic: All your zero-days are belong to Mythos
Hasn't released it to the public, because it would break the internet - in a bad way
For years, the infosec communityβs biggest existential worry has been quantum computers blowing away all classical encryption and revealing the worldβs secrets. Now they have a new Big Bad: an AI model that can generate zero-day vulnerabilities.β¦
Iran cyber actors disrupting US water, energy facilities, FBI warns
Your PLCs aren't internet-connected, right? Right?!
Iranian-affiliated actors have escalated intrusions targeting critical US water and energy facilities, in some cases disrupting operations, the FBI and American cyber defense agencies said on Tuesday.β¦
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
Who needs MFA when you've got EvilTokens?
Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data.β¦
US cybercrime losses pass $20B for first time as AI boosts online fraud
Bots are now firmly in the toolbox, helping crooks scale old scams
Crims are taking advantage of AI to sharpen old scams. The FBI reported Monday that cybercrime losses hit a record $20.87 billion in 2025, with help from bots.β¦
Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns
200 orgs and 5,000 devices compromised so far in Vlad's latest intelligence grab, Microsoft reckons
The UK's National Cyber Security Centre (NCSC) has issued a fresh warning about Russia's ongoing targeting of routers to steal passwords and other secrets.β¦
Yahoo<i>!</i> Japanβs owner consolidating 164 OpenStack clusters into one
Customizations are causing pain so new cloud will stick to upstream cuts of the open source stack
LY Corporation, the Japanese web giant that dominates messaging, e-commerce and payments in many Asian countries, has revealed it is replacing a heavily-customized OpenStack cloud with a more conventional cut of the open source cloud stack β and making massive consolidations along the way.β¦
AI agents found vulns in this popular Linux and Unix print server
CUPS server shown spilling out remote code execution and root access
In the latest chapter on leaky CUPS, a security researcher and his band of bug-hunting agents have found two flaws that can be chained to allow an unauthenticated attacker to remotely execute code and achieve root file overwrite on the network.β¦
Attackers exploited this critical FortiClient EMS bug as a 0-day
CISA added the flaw to KEV after Fortinet confirmed exploitation in the wild
Fortinet released an emergency patch over the weekend for a critical FortiClient Enterprise Management Server (EMS) bug believed to be under attack since at least March 31.β¦
Anthropic sure has a mess on its hands thanks to that Claude Code source leak
Pay no attention to that code behind the curtain, says Anthropic as it scrambles to defend its IPO
Kettle When it comes to circling up for this week's Kettle, what is there to discuss but Anthropic's accidental release of Claude Code's source code?β¦
Researchers didnβt want to glamorize cybercrims. So they roasted them
True-crime tales of criminals making fools of themselves
interview Cybercrime crews have become almost mystical entities, with security vendors assigning them names like Wizard Spider and Velvet Tempest.β¦
Trump wants to take a battle axe to CISA again and slash $707M from budget
Ex-CISA official tells The Reg: 'this would weaken the system for managing cyber risk'
The US Cybersecurity and Infrastructure Security Agency's budget will see yet another deep cut if Congress approves President Trump's proposal to slash CISA's spending by $707 million in fiscal year 2027.β¦
Hybrid work, expanded risk: what needs to change
A practical look at securing identities, devices and applications wherever work happens
Webinar Promo The shift to hybrid work has reshaped the enterprise perimeter. Users are logging in from home networks, shared spaces and unmanaged devices, while applications span on-prem systems and multiple clouds. Traditional security models were not designed for this level of fragmentation, leaving many organizations struggling to maintain visibility and control without adding friction.β¦
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
Source code with a side of Vidar stealer and GhostSocks
Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.β¦
The company's biggest security hole lived in the breakroom
Connected devices can leave an otherwise secure network vulnerable
Pwned Welcome to Pwned, The Register's new column, where we highlight the worst infosec own goals so you can, hopefully, protect against them. Caffeine is an essential tool for most IT defenders, so, on balance, we're sure it has protected against a lot more exploits than it has caused. But in this case, the desire for everyone's favorite stimulant led to a massive breach.β¦
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
First public downstream victim, but won't be the last
AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the fallout from the Trivy compromise continues to spread.β¦
Amazon security boss: AI makes pentesting 40% more efficient
Plus: how to train your human AI
interview Amazon has seen a 40 percent efficiency gain by using AI tools to pentest its products before and after launch, according to security chief CJ Moses.β¦
'People's Panel' to check if UK wants controversial Digital ID will cost Β£630K
We could tell you no for free
The UK government will spend about Β£630,000 running a discussion panel on its digital identity card plans, which minister James Frith said will "consider different perspectives and debate trade-offs" alongside a formal consultation.β¦
