❌

Normal view

Received today — 31 March 2026 ⏭ The Register - Security

The Register - Security
Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines 31 March 2026 at 10:29

Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

The Register - Security

31 March 2026 at 10:29

Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios

One of npm's most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate axios releases, in what's being described as "one of the most impactful npm supply chain attacks on record."…

The Register - Security
OpenAI patches ChatGPT flaw that smuggled data over DNS 30 March 2026 at 19:36

OpenAI patches ChatGPT flaw that smuggled data over DNS

The Register - Security

30 March 2026 at 19:36

Check Point says outbound controls blocked web traffic but overlooked DNS

OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.…

Received yesterday — 30 March 2026 ⏭ The Register - Security

The Register - Security
Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach 30 March 2026 at 17:42

Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

The Register - Security

30 March 2026 at 17:42

Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more

infosec in brief The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort to plant credential-stealing malware on developers’ systems.…

The Register - Security
Citrix NetScaler bug exploited in days, may be multiple flaws in a trench coat 30 March 2026 at 13:49

Citrix NetScaler bug exploited in days, may be multiple flaws in a trench coat

The Register - Security

30 March 2026 at 13:49

Researchers say attackers are already looting vulnerable boxes

In-the-wild exploitation of a critical Citrix NetScaler bug has begun less than a week after disclosure, with researchers warning that attackers are already poking and pillaging vulnerable boxes.…

The Register - Security
European Commission admits attackers broke into public web systems, but says little else 30 March 2026 at 10:15

European Commission admits attackers broke into public web systems, but says little else

The Register - Security

30 March 2026 at 10:15

Brussels notifying 'Union entities' whose data may've been snatched in websites breach

The European Commission has admitted that attackers broke into its public-facing web infrastructure and siphoned off data in a bare-bones disclosure that answers the what but ducks most of the how.…

The Register - Security
Security contractor blew the whistle on support crew's viral indifference 30 March 2026 at 07:30

Security contractor blew the whistle on support crew's viral indifference

The Register - Security

30 March 2026 at 07:30

Career-limiting stupidity and rudeness exposed, with terminal consequences

Who, Me? The week before Easter may be a short one for many in the Reg-reading world, but that won't stop us from opening it with a fresh installment of Who, Me? It's the reader-contributed column in which you share stories of things you did at work that had interesting consequences.…

The Register - Security
US foreign router ban criticized for being ‘industrial policy disguised as cybersecurity’ 30 March 2026 at 04:31

US foreign router ban criticized for being ‘industrial policy disguised as cybersecurity’

The Register - Security

30 March 2026 at 04:31

Public policy professor says it will make America less secure but hits Netgear’s lobbying goals

The United States’ ban on foreign-made SOHO routers won’t improve security, and only makes sense as “industrial policy disguised as cybersecurity,” according to Milton Mueller, Professor at the University of Georgia’s School of Public Policy and founder of its Internet Governance Project.…

Received — 27 March 2026 ⏭ The Register - Security

The Register - Security
AFC Ajax drops ball as flaws let hackers play admin with tickets and bans 27 March 2026 at 12:30

AFC Ajax drops ball as flaws let hackers play admin with tickets and bans

The Register - Security

27 March 2026 at 12:30

Vulns in Dutch football club's systems didn't just expose data – they let outsiders play with accounts, and even lift stadium bans

Dutch football giant AFC Ajax has admitted to a data breach after an attacker gained access to its internal systems, in an incident that looks less like a stray pass and more like the gates left wide open.…

The Register - Security
Iran war drives urgent need to counter underwater attack drones 27 March 2026 at 11:17

Iran war drives urgent need to counter underwater attack drones

The Register - Security

27 March 2026 at 11:17

US and UK forces seeking tech tender with an April 3 deadline

The UK and US are looking for technology to counter the threat posed by underwater drones to ships, harbors and other critical maritime infrastructure, and are asking industry for answers.…

The Register - Security
Security boffins scoured the web and found hundreds of valid API keys 27 March 2026 at 07:04

Security boffins scoured the web and found hundreds of valid API keys

The Register - Security

27 March 2026 at 07:04

Global bank's devs have some cleaning up to do after cloud creds found in website code

Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages.…

Received — 26 March 2026 ⏭ The Register - Security

The Register - Security
Brit lawmaker targeted by AI deepfake fails to get answers from US Big Tech 26 March 2026 at 11:49

Brit lawmaker targeted by AI deepfake fails to get answers from US Big Tech

The Register - Security

26 March 2026 at 11:49

Appearing before Parliament, Meta, Google and X struggle to explain how fake political video circulated for so long

A member of the UK Parliament's lower house who was the victim of a deepfake AI campaign this week had a rare chance to confront the Big Tech executives who helped spread it. Their answers disappointed.…

The Register - Security
UK wants to know if banning under-16s from social media does anything useful 26 March 2026 at 09:30

UK wants to know if banning under-16s from social media does anything useful

The Register - Security

26 March 2026 at 09:30

300 families undergo 6-week trial to test impact on sleep, school, and home life

The UK government will trial different levels of restrictions on social media for under-16s with the help of 300 families, alongside a public consultation that has already gathered nearly 30,000 responses.…

The Register - Security
Indian government probes CCTV espionage operation linked to Pakistan 26 March 2026 at 03:18

Indian government probes CCTV espionage operation linked to Pakistan

The Register - Security

26 March 2026 at 03:18

Police found cameras pointing at infrastructure

Indian authorities have reportedly ordered an audit of the nation’s CCTV cameras, after police uncovered what they claim was a Pakistan-backed surveillance operation.…

The Register - Security
AI supply chain attacks don’t even require malware…just post poisoned documentation 25 March 2026 at 20:50

AI supply chain attacks don’t even require malware…just post poisoned documentation

The Register - Security

25 March 2026 at 20:50

A proof-of-concept attack on Context Hub suggests there's not much content santization

A new service that helps coding agents stay up to date on their API calls could be dialing in a massive supply chain vulnerability.…

The Register - Security
Scammers have virtual smartphones on speed dial for fraud 25 March 2026 at 20:25

Scammers have virtual smartphones on speed dial for fraud

The Register - Security

25 March 2026 at 20:25

They cleverly mimic most traits of a real phone

Smartphones have fast become the basis of our digital identities, securing payment systems and bank accounts. Now virtual devices that pretend to be real handsets have become a key tool for financial scammers, according to one company. …

The Register - Security
Jen Easterly, cybersecurity's 'relentless optimist,' hopes feds come back to RSAC next year 25 March 2026 at 19:39

Jen Easterly, cybersecurity's 'relentless optimist,' hopes feds come back to RSAC next year

The Register - Security

25 March 2026 at 19:39

Ex-CISA boss also says no reason to panic about AI and security

RSAC 2026 "Everybody feels massive FOMO if they don't get to RSAC," Jen Easterly says.…

The Register - Security
Only Trump can decide when cyberwar turns into real war 25 March 2026 at 18:55

Only Trump can decide when cyberwar turns into real war

The Register - Security

25 March 2026 at 18:55

Four former NSA bosses walk onto the stage at RSAC…

rsac 2026 There's a theoretical red line with cyber warfare. Cross it, and the US will respond with a physical attack like missile strikes. And that line "is whatever the President says it is," according to former NSA boss retired General Paul Nakasone.…

Received — 25 March 2026 ⏭ The Register - Security

The Register - Security
Enterprise PCs are unreliable, unpatched, and unloved compared to Macs 25 March 2026 at 07:29

Enterprise PCs are unreliable, unpatched, and unloved compared to Macs

The Register - Security

25 March 2026 at 07:29

Omnissa telemetry suggests business buyers are loving Apple and Google

End-user compute vendor Omnissa, the company formed by the spin-out of VMware’s virtual desktops, applications, and device management biz, has dug into the telemetry it collects from customers and painted a picture of the world’s enterprise hardware fleet – and the news is better for Google and Apple than it is for Microsoft.…

The Register - Security
EFF has a new boss to lead the fight against privacy-sucking forces of doom 24 March 2026 at 21:00

EFF has a new boss to lead the fight against privacy-sucking forces of doom

The Register - Security

24 March 2026 at 21:00

Cyber rights org retools for the days of AI and unrestrained government

interview The Electronic Frontier Foundation (EFF) on Tuesday appointed Nicole Ozer to succeed Cindy Cohn as the cyber rights group's executive director when Cohn departs this summer.…

The Register - Security
1K+ cloud environments infected following Trivy supply chain attack 24 March 2026 at 20:31

1K+ cloud environments infected following Trivy supply chain attack

The Register - Security

24 March 2026 at 20:31

Crims 'creating a snowball effect' across open source projects

RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.…