2025

Amazon security boss blames Russia’s GRU for years-long energy-sector hacks

'Sustained focus on Western critical infrastructure' Russia's Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin's snoops persistent access to sensitive networks, according to Amazon's security boss.…

China, Iran are having a field day with React2Shell, Google warns

Who hasn't exploited this max-severity flaw? At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking the React2Shell, a maximum-severity flaw in the widely used React JavaScript library, according to Google.…

Delay to European Central Bank messaging project cost the Bank of England £23M

Watchdog links schedule change to replanning of UK payments system overhaul The European Central Bank's (ECB) decision to delay its move to a new messaging standard in 2022 ended up costing the Bank of England £23 million as it was forced to adjust migration to a new settlement…

JLR: Payroll data stolen in cybercrime that shook UK economy

Automaker admits raid that crippled its factories in August led to the theft of sensitive info Jaguar Land Rover (JLR) has reportedly told staff the cyber raid that crippled its operations in August didn't just bring production to a screeching halt – it also walked off with the…

Apple, Google forced to issue emergency 0-day patches

Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse Apple and Google have both issued emergency patches after zero-day bugs were caught being actively exploited in what the companies describe as "sophisticated" real-world attacks.…

Denmark takes a Viking swing at VPN-enabled piracy

Minister insists 'modest' bill is not an assault on privacy-preserving tech The Danish government wants the public to weigh in on its proposed laws restricting use of VPNs to access certain corners of the internet.…

Microsoft RasMan DoS 0-day gets unofficial patch – and a working exploit

Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans…

New React vulns leak secrets, invite DoS attacks

And the earlier React2Shell patch is vulnerable If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support…

Microsoft promises more bug payouts, with or without a bounty program

Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.…

Uncle Sam sues ex-Accenture manager over Army cloud security claims

Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.…

Copyright © 2026 Lugapel