September 2025

Cybercrooks ripped the wheels off at Jaguar Land Rover. Here’s how not to get taken for a ride

Are you sure you know who has access to your systems? Feature  Jaguar Land Rover (JLR) is the latest UK household name to fall victim to a major cyberattack. IT systems across multiple sites have been offline for over a week after what the company described as a…

Defense Dept didn’t protect social media accounts, left stream keys out in public

'The practice… has since been fixed,' Pentagon official tells The Reg The US Department of Defense, up until this week, routinely left its social media accounts wide open to hijackers via stream keys - unique, confidential identifiers generated by streaming platforms for broadcasting content. If exposed, these keys…

No gains, just pains as 1.6M fitness phone call recordings exposed online

HelloGym's data security clearly skipped leg day Exclusive  Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially biometric data in the form of audio recordings – was left sitting in an unencrypted, non-password protected database, according to a security…

What the Plex? Streaming service suffers yet another password spill

For the third time in a decade Streaming platform Plex is warning some users to reset their passwords after suffering yet another breach.…

Nokia successor HMD spawns secure device biz with Euro-made smartphone

Ivalo XE handset targets governments and security critical sectors, though Qualcomm silicon keeps it tied to the US Finnish phone maker HMD Global is launching a business unit called HMD Secure to target governments and other security-critical customers, and has its first device ready to go.…

Anthropic’s Claude Code runs code to test if it is safe – which might be a big mistake

AI security reviews add new risks, say researchers App security outfit Checkmarx says automated reviews in Anthropic's Claude Code can catch some bugs but miss others – and sometimes create new risks by executing code while testing it.…

Salt Typhoon used dozens of domains, going back five years. Did you visit one?

Plus ties to the Chinese spies who hacked Barracuda email gateways Security researchers have uncovered dozens of domains used by Chinese espionage crew Salt Typhoon to gain stealthy, long-term access to victim organizations going back as far as 2020.…

PACER buckles under MFA rollout as courts warn of support delays

Busy lawyers on hold for five hours as staff handhold users into deploying the security measure US courts have warned of delays as PACER, the system for accessing court documents, struggles to support users enrolling in its mandatory MFA program.…

The crazy, true story behind the first AI-powered ransomware

tldr; boffins did it interview  It all started as an idea for a research paper. …

Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Pro tip, don't install PowerShell commands without approval A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique called ClickFix, which uses fake fixes and login…

Copyright © 2026 Lugapel