Cybersecurity
‘Gay furry hackers’ say they’ve disbanded after raiding Project 2025’s Heritage Foundation
Ultra-conservative org funnily enough not ready to turn the other cheek After claiming to break into a database belonging to The Heritage Foundation, and then leaking 2GB of files belonging to the ultra-conservative think tank, the hacktivist crew SiegedSec claims to have disbanded. …
Advance Auto Parts: 2.3M people’s data accessed when crims broke into our Snowflake account
Letters from CISO Ethan Steiger suggest the data related to job applications Advance Auto Parts' CISO just revealed for the first time the number of individuals affected when criminals broke into its Snowflake instance – a hefty 2.3 million.…
Privacy expert put away for 9 years after ‘grotesque’ cyberstalking campaign
Scumbag targeted many victims – and those who tried to help them A scumbag who used to work as a privacy consultant has been put behind bars for nine years for a "grotesque" cyberstalking campaign against more than a dozen victims.…
You had a year to patch this Veeam flaw and now it’s going to hurt
LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware Yet another new ransomware gang, this one dubbed EstateRansomware, is exploiting a Veeam vulnerability that was patched more than a year ago to drop file-encrypting malware, a LockBit variant, and…
Japanese space agency spotted zero-day attacks while cleaning up attack on M365
Multiple malware attack saw personal data acessed, but rocket science remained safe The Japanese Space Exploration Agency (JAXA) discovered it was under attack using zero-day exploits while working with Microsoft to probe a 2023 cyberattack on its systems.…
Snowflake lets admins make MFA mandatory across all user accounts
Company announces intent following Ticketmaster, Santander break-ins A month after incident response giant Mandiant suggested the litany of data thefts linked to Snowflake account intrusions had the common component of lacking multi-factor authentication (MFA) controls, the cloud storage and data analytics company is offering a mandatory MFA option…
Malware that is ‘not ransomware’ wormed its way through Fujitsu Japan’s systems
Company says data exfiltration was extremely difficult to detect Fujitsu Japan says an unspecified "advanced" malware strain was to blame for a March data theft, insisting the strain was "not ransomware", yet it hasn't revealed how many individuals are affected.…
Ransomware crews investing in custom data stealing malware
BlackByte, LockBit among the criminals using bespoke tools As ransomware crews increasingly shift beyond just encrypting victims' files and demanding a payment to unlock them, instead swiping sensitive info straight away, some of the more mature crime organizations are developing custom malware for their data theft.…
Big Tech’s eventual response to my LLM-crasher bug report was dire
Fixes have been made, it appears, but disclosure or discussion is invisible Column Found a bug? It turns out that reporting it with a story in The Register works remarkably well ... mostly. After publication of my "Kryptonite" article about a prompt that crashes many AI chatbots, I…
ViperSoftX variant spotted abusing .NET runtime to disguise data theft
Freeware AutoIt also used to hide entire PowerShell environments in scripts A rapidly-changing infostealer malware known as ViperSoftX has evolved to become more dangerous, according to security researchers at threat detection vendor Trellix.…