Login
On Call Welcome to another installment of On Call, The Register's weekly reader-contributed column that tells your tech support tales.β¦
More than 30 malicious Chrome extensions installed by at least 260,000 users purport to be helpful AI assistants, but they steal users' API keys, email messages, and other personal data. Even worse: many of these are still available on the Chrome Web Store as of this writing.β¦
Your supervisor may like using employee monitoring apps to keep tabs on you, but crims like the snooping software even more. Threat actors are now using legit bossware to blend into corporate networks and attempt ransomware deployment.β¦
Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals.β¦
Cybercriminals are turning supply chain attacks into an industrial-scale operation, linking breaches, credential theft, and ransomware into a "self-reinforcing" ecosystem, researchers say.β¦
The UK Ministry of Defence (MoD) is offering between Β£270,000 to Β£300,000 for a senior digital leader who will oversee more than Β£4.6 billion in spending and more than 3,000 specialist staff.β¦
A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot, Gemini, to auto-analyze vulnerabilities and plan cyberattacks against US organizations, the company says.β¦
Amid its ongoing promotion of AIβs wonders, Microsoft has warned customers it has found many instances of a technique that manipulates the technology to produce biased advice.β¦
They know where you've been and they're going to share it. A security researcher has identified 287 Chrome extensions that allegedly exfiltrate browsing history data for an estimated 37.4 million installations.β¦
If you've seen the viral AI work pic trend where people are asking ChatGPT to "create a caricature of me and my job based on everything you know about me" and sharing it to social, you might think it's harmless. You'd be wrong.β¦
Telcos likely received advance warning about January's critical Telnet vulnerability before its public disclosure, according to threat intelligence biz GreyNoise.β¦
Exclusive When fraudsters go after people's paychecks, "every employee on earth becomes a target," according to Binary Defense security sleuth John Dwyer.β¦
Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE).β¦
Legacy IT issues are hampering key technical measures designed to prevent highly sensitive data leaks, UK government officials say.β¦
What better way to say I love you than with an update? Attackers exploited a whopping six Microsoft bugs as zero-days prior to Redmond releasing software fixes on February's Patch Tuesday.β¦
AI agents can shop for you, program for you, and, if you're feeling bold, chat for you in a messaging app. But beware: attackers can use malicious prompts in chat to trick an AI agent into generating a data-leaking URL, which link previews may fetch automatically.β¦
Singapore spent almost a year flushing a suspected China-linked espionage crew out of its telecom networks in what officials describe as the country's largest cyber defense operation to date.β¦
Nearly 17,000 Volvo employees had their personal data exposed after cybercriminals breached Conduent, an outsourcing giant that handles workforce benefits and back-office services.β¦
British soldiers are to get an array of AI-ready kit that should mean they don't have to wait to see the "whites of their eyes" before pulling the trigger.β¦
Digital intruders exploited buggy SolarWinds Web Help Desk (WHD) instances in December to break into victims' IT environments, move laterally, and steal high-privilege credentials, according to Microsoft researchers.β¦
It's a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster.β¦
The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days.β¦
Taiwan's vice-premier has ruled out relocating 40 percent of the country's semiconductor production to the US, calling the Trump administration's goal "impossible."β¦
FOSDEM 2026 The creators of security software have encountered an unlikely foe in their attempts to protect us: modern compilers.β¦
European techies looking for the biggest payday are far better off in Switzerland than anywhere else, with average salaries eclipsing all other countries on the continent.β¦
Brussels is digging into a cyber break-in that targeted the European Commission's mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff.β¦
Asia In Brief The Commissioner of Police in the Indian city of Hyderabad, population 11 million, has called for AI agents to be issued with identity cards β or at least their digital equivalent.β¦
Infosec In Brief So-hot-right-now AI assistant OpenClaw, which is very much not secure right now, has teamed up with security scanning service VirusTotal.β¦
A growing body of research continues to show that older workers are generally more productive than younger employees.β¦
Legacy image-sharing website Flickr suffered a data breach, according to customer emails seen by The Register.β¦
Cloudflare says DDoS crews ended 2025 by pushing traffic floods to new extremes, while Britain made an unwelcome leap of 36 places to become the world's sixth-most targeted location.β¦
Chrome's latest revision of its browser extension architecture, known as Manifest v3 (MV3), was widely expected to make content blocking and privacy extensions less effective than its predecessor, Manifest v2 (MV2).β¦
Another day, another vulnerability (or two, or 200) in the security nightmare that is OpenClaw.β¦
Newsletter platform Substack has admitted that an intruder swiped user contact details months before the company noticed, forcing it to warn writers and readers that their email addresses and other account metadata were accessed without permission.β¦
A state-aligned cyber group in Asia compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, according to security researchers.β¦
Breach-tracking site Have I Been Pwned (HIBP) claims a cyberattack on Betterment affected roughly 1.4 million users β although the investment company has yet to publicly confirm how many customers were affected by January's intrusion.β¦
Italy's foreign minister says the country has already started swatting away cyberattacks from Russia targeting the Milano Cortina Winter Olympics.β¦
Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes.β¦
Interview Sovereignty remains a hot topic in the tech industry, but interpretations of what it actually means β and how much it matters β vary widely between organizations and sectors. While public bodies are often driven by regulation and national policy, the private sector tends to take a more pragmatic, cost-focused view.β¦
Sleeper agent-style backdoors in AI large language models pose a straight-out-of-sci-fi security threat.β¦
Microsoft CEO Satya Nadella has decided Microsoft needs an engineering quality czar, and shifted Charlie Bell, the companyβs executive veep for security, into the new role.β¦
UPDATED A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.β¦
Attackers are exploiting a critical SolarWinds Web Help Desk bug - less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That's according to America's lead cyber-defense agency, which set a Friday deadline for federal agencies to patch the security flaw.β¦
Cybersecurity experts usually advise victims against paying ransomware crooks, but that advice goes double for those who have been targeted by the Nitrogen group. There's no way to get your data back from them!β¦
Police Service of Northern Ireland (PSNI) employees who had their details exposed in a significant 2023 data breach will each receive Β£7,500 ($10,279) as part of a universal offer of compensation.β¦
If youβre brave enough to want to run the demonstrably insecure AI assistant OpenClaw, several clouds have already started offering it as a service.β¦
AI agents and other systems can't yet conduct cyberattacks fully on their own β but they can help criminals in many stages of the attack chain, according to the International AI Safety report.β¦
Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven't received the "broad public acknowledgement" that they should, according to security researchers.β¦
On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that's a problem.β¦
French police raided Elon Musk's X offices in Paris this morning as part of a criminal investigation into alleged algorithmic manipulation by foreign powers.β¦
Today is the day Azure Storage stops supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). TLS 1.2 is the new minimum.β¦
Polish authorities have cuffed a 20-year-old man on suspicion of carrying out DDoS attacks.β¦
OpenClaw, the AI-powered personal assistant users interact with via messaging apps and sometimes entrust with their credentials to various online services, has prompted a wave of malware and is delivering some shocking bills.β¦
Britain's defense personnel will be given the authority to neutralize drones threatening military bases under measures being introduced in the Armed Forces Bill, currently making its way through Parliament.β¦
Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructure to gain a foothold in high-value targets by delivering a newly identified backdoor dubbed Chrysalis.β¦
ICE-reporting service StopICE has blamed a US Customs and Border Protection (CBP) agent for attacking its app and website and sending users text messages warning them that their information had been "sent to the authorities."β¦
Russia-linked attackers are already exploiting Microsoft's latest Office zero-day, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU.β¦
Change Your Password Day took place over the weekend, and in case you doubt the need to improve this most basic element of cybersecurity hygiene, even McDonald's β yes, the fast food chain β is urging people to get more creative when it comes to passwords.Β β¦
Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits.β¦
A state-sponsored cyber criminal compromised Notepad++'s update service in 2025, according to the project's author.β¦
FreshRSS