Grand Theft Auto cheat users have discovered that even the people selling ways around the rules struggle to follow some basic security ones. According to breach notification site Have I Been Pwned, the operators of Atlas Menu, a cheat service for Grand Theft Auto V and Counter-Strike 2, suffered a data breach in May that exposed information belonging to tens of thousands of users after an attacker allegedly gained access to the service's systems and dumped its database online. The breach exposed 64,000 unique email addresses, according to HIBP. The leaked data also included usernames, IP addresses, support tickets, and passwords stored as bcrypt hashes. The individual who claimed responsibility for the breach published the stolen database to a public GitHub repository, claiming to have gained access to "all Atlas systems" before extracting customer records, support conversations, menu license keys, signup dates, and Rockstar Games account identifiers. The data, reviewed by The Register, also appears to include lists of thousands of banned users, administrator logs, and other internal records. Posts discussing the breach on Reddit suggest this was not Atlas Menu's first security incident, but users said the latest leak appears to contain significantly more sensitive information than previous disclosures. Anyone signing up for a GTA cheat service probably wasn't expecting privacy guarantees. Even so, having your email address leaked is one thing. Having support tickets, account identifiers, and purchase records dumped onto GitHub is another. The Atlas breach comes weeks after Rockstar Games was pulled into a separate data leak claimed by ShinyHunters. In that case, the extortion crew alleged it had accessed Rockstar data through cloud cost-monitoring platform Anodot and threatened to publish the information unless its demands were met. Atlas users now have their own security headache to deal with. Whether they're more concerned about the leaked database or the screenshot-spying allegation will likely depend on what they were doing while the software was running. ®

Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access. The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies under specific configurations. Palo Alto disclosed the bug on May 13 and initially assigned it a medium-severity rating, saying it was aware of attempts to exploit it but had not observed any malicious exploitation. That assessment has not aged well. Security boffins at Rapid7 said they observed successful exploitation across multiple customer environments dating back to at least May 17 and validated the attack technique using its own proof-of-concept testing. Attackers established unauthorized VPN sessions on vulnerable systems, potentially granting access to internal corporate networks without legitimate credentials, it added. Rapid7's analysis suggests the flaw comes down to how PAN-OS trusts authentication override cookies. In certain deployments, hackers can create their own cookies and have the firewall accept them as legitimate. The risk is highest where the same certificate is used for both HTTPS services and authentication override cookies, giving the baddies access to the information needed to generate convincing fakes. Rapid7 said it observed multiple waves of activity targeting vulnerable devices. In some cases, cybercrims successfully obtained VPN IP addresses and network access, but the company said it didn’t observe evidence of successful lateral movement following initial access in the incidents it investigated. The flaw has now landed in CISA's Known Exploited Vulnerabilities catalog, with federal agencies given until June 1 to patch or otherwise secure affected systems. Palo Alto has also revised its advisory, elevating the severity rating and attaching its highest urgency label. Fixes are available for supported releases. "Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied," the firm said in an update. The latest PAN-OS headache arrives less than a month after another Palo Alto emergency. In May, state-backed attackers were found exploiting CVE-2026-0300, a critical remote code execution flaw in the PAN-OS User-ID Authentication Portal, before patches became widely available. Organizations running vulnerable GlobalProtect gateways now face a familiar choice: patch quickly or find out whether someone else gets there first.®

Password manager Dashlane has disabled a number of user accounts as a precaution amid a spate of brute force attacks. It didn't specify the scale of the attack, although scores of users have queried the reason for receiving emails informing them of account suspensions. “Your account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn't enter the correct token after several tries,” the emails read, along with instructions to contact customer support to restore access. The attacks began on Sunday afternoon and the Dashlane team said it had finished investigating the matter later that evening, restoring all affected user accounts in the process, according to its status page. In a copy-paste statement sent to a number of users via social media, Dashlane also confirmed there was no compromise of internal systems. Dashlane posted an update to its status page on Monday morning, repeating the same statement from a day earlier, but changing the incident status from "resolved" to "monitoring." Several users reported unauthorized login attempt notifications from various countries - the common culprits being Korea and Russia. Dashlane did not specify whether any attempts on customer accounts were successful. Dashlane’s interventions involved suspending accounts and its two-factor authentication (2FA) service. Some users reported trying to access Dashlane’s 2FA one-time passcodes, but when entering them, all that returned was an error. Some criticised the company for a lack of public comms about the attacks. Aside from the direct account suspension emails and some replies to users on social media, Dashlane has not disclosed the attack through any high-visibility channels. Users also queried whether the initial account suspension emails were a phishing attempt. But the emails showed no hallmarks of phishing as they contained no suspicious links, no attachments and were sent from a real Dashlane domain. However, the nature of the message and the fact that the emails contained an old Dashlane logo only exacerbated some customers’ fears. The Register has contacted Dashlane for more information. ®

The British government wants stronger protection for subsea internet cables following a surge in Russian activity near UK waters, but its latest proposals lean heavily on fines and prison sentences rather than direct defensive action. Plans - outlined in a speech by Baroness Liz Lloyd, Minister for Digital Economy ahead of a consultation - include tougher penalties for recklessly damaging undersea cables, operator security obligations and emergency powers allowing government to compel businesses to better protect their infrastructure. In April, the Royal Navy and Royal Air Force tracked Russian submarines on a covert reconnaissance near critical undersea infrastructure. According to reports, Russia deployed an Akula-class attack submarine as a decoy while two specialist vessels from Directorate of Deep Sea Research - known as Glavnoye Upravlenie Glubokovodnikh Issledovanii (GUGI) - surveyed the UK's cable routes. “Their mission was to survey our cables in peacetime, so they could more easily sabotage them in a conflict,” Lloyd said in a speech delivered at the Royal United Services Institute (RUSI). “They wanted this operation to be secret, but they failed." In light of this, the government is reviewing whether the UK’s security and resilience arrangements are strong enough, the Defence, Science and Technology Laboratory said. UK Parliament's Joint Committee on National Security Strategy (JCNSS) last year told the government it is "too timid" in its approach to protecting Britain’s cable connections, and must do a better job. Measures proposed include tightening the law so ship owners and operators that recklessly damage subsea internet cables face tougher penalties. Cable operators could be landed with extra obligations to ensure they take steps to prevent, detect and respond to security incidents in a consistent and timely manner. “The UK already has strong protections in place for our subsea cables, but in a more uncertain world we cannot stand still,” said Lloyd. "As hostile activity by Russia and others grows, protecting these cables matters more than ever for our economy, security and daily lives.” Some 64 cables connect Britain to the global internet, and when one breaks, repair vessels are typically on scene within eight days. Historically, most cable faults have stemmed from fishing activity or dragging anchors, not sabotage. The Royal Navy unveiled its Atlantic Bastion program last year to supplement its sub-hunting ships with a force of uncrewed, autonomous vessels. The aim is that enemy submarines in the North Atlantic have nowhere to hide. This is in its early stages, with £14 million committed so far for testing and development. The latest proposals will be outlined a white paper published later this year. Separately, the UK, US, and Australia announced this weekend that their AUKUS partnership will jointly develop sensor and weapons payloads for uncrewed underwater vehicles, which is another building block for protecting seabed infrastructure. ®