2026

Crook claims to leak ‘video surveillance footage’ of companies

Mexican IT services firm admits it was hacked, but says client operations weren't affected A Mexican IT infrastructure and digital transformation biz is on clean-up duty after a criminal posted screenshots of what they claimed was company video surveillance footage to a cybercrime forum.…

Scot becomes second Scattered Spider-linked crook to plead guilty in US

Tyler Buchanan admits role in scheme that stole at least $8 million in virtual currency A Scottish man linked to the Scattered Spider cybercrime crew has pleaded guilty in the US to a phishing and SIM-swap scheme that stole at least $8 million in cryptocurrency.…

Microsoft releases Windows Server update fix to fix its April update fixes

Out-of-band or out of control? Microsoft has pushed out an out-of-band update to address the restart loop that hit some Windows Server devices after its April update.…

Next.js developer Vercel warns of customer credential compromise

Blames outfit called Context.ai, which reckons an agentic OAuth tangle caused the incident Vercel, the company that created the open source Next.js web development framework, has a data leak that led to compromise of some customer credentials, and blamed an outfit called Context.ai for the mess.…

Just like phishing for gullible humans, prompt injecting AIs is here to stay

Aren't we all just prompting tokens of linguistic meaning and hoping the other person isn't bullshitting us? kettle  It's a week of the year, which means there's been the discovery of yet another prompt injection attack that will force supposedly well-guarded AI bots to spill secrets by asking…

I meant to do that! AI vendors shrug off responsibility for vulns

Passing the buck, and the blame, down the road shows lack of AI companies' maturity OPINION  AI vendors: "You need to use AI to fight AI threats (and do everything else in your corporate IT environment)." Also AI vendors: "That's not a security flaw; it's working as intended."…

CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack

Bug hiding in plain sight for over a decade lands on KEV list CISA is sounding the alarm on a newly-exploited Apache ActiveMQ bug, ordering federal agencies to patch within two weeks as attackers circle a flaw that's been quietly lurking for more than a decade.…

Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker

Or, how public information and a €5 tracker exposed an avoidable opsec lapse Militaries around the world spend countless hours training, developing policies, and implementing best operational security practices, so imagine the size of the egg on the face of the Dutch navy when journalists managed to track…

Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug

University student says he plans to move to Android, but concedes iOS engineers acting fast Apple is finally working on a fix for a bug that has locked some users out of their iPhones for months, The Register understands.…

Claude Opus wrote a Chrome exploit for $2,283

Pause your Mythos panic because mainstream models anyone can use already pick holes in popular software Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabilities before anyone could react.…

Copyright © 2026 Lugapel