The Register - Anti-Virus

ShinyHunters claims it accessed Snowflake metrics via third-party tool

ShinyHunters is back, this time pinning Rockstar Games to its leak site and claiming it didn't so much hack its way in as walk through a door someone else left wide open.…

Benchmarking contract lays groundwork for renegotiating £774M software agreement

NHS England is spending £46,000 on "benchmarking" as it gears up for what looks like the next round of negotiations behind one of the UK public sector's biggest software deals.…

PLUS: Toyota wheels out basketball bot; Arm scores AI server win with SK Telecom; India ponders payment pauses to foil fraudsters; And more!

Asia In Brief  China’s National Data Administration last Friday published its action plan for AI in education which calls for upskilling of the nation’s citizens to ensure they can put the technology to work.…

Or it's a bunch of pre-IPO hype. Either way, we're giving it the once-over on this week's episode

Kettle  Anthropic dropped a doozy on us this week with the launch of Mythos, an AI model it says is able to find and exploit zero-day vulnerabilities with a shocking level of ability. …

Time to start dropping SBOMs

FEATURE  Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from tens of thousands – if not more – organizations. We won't know the full blast radius for months.…

Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts

Hungary's government has discovered the hard way that the biggest threat to national security might just be its own password choices.…

Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers

Visitors to the CPUID website were briefly exposed to malware this week after attackers hijacked part of its backend, turning trusted download links into a delivery mechanism for something far less welcome.…

Just what FOSS developers need – a flood of AI-discovered vulnerabilities

Opinion  Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it, "an AI model that can generate zero-day vulnerabilities."…

Four-week call for evidence intended to help shape laws aimed at devices linked to crime

The UK government is seeking views on radiofrequency jammers as it prepares legislation to ban the controversial devices.…

Cut through the noise and understand the real risks, responsibilities, and responses shaping enterprise AI today.

Webinar Promo  2025 was the year of AI experimentation. In 2026, the bills are coming due. AI adoption has moved from isolated pilots to autonomous, enterprise wide deployment, bringing with it a sophisticated new generation of security challenges.…

Cops bust latest scam, return $12m to bilked victims

US, UK, and Canadian law enforcement Thursday said that they disrupted a $45 million global cryptocurrency scam, freezing $12 million in stolen funds and identifying more than 20,000 cryptocurrency wallet addresses linked to fraud victims across 30 countries.…

Possible link to Mr. Raccoon's claimed Adobe break-in

A new extortion crew has targeted “several dozen high-value” corporations through phishing and helpdesk social-engineering, according to Google.…

UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline

A cybersecurity incident has knocked FleetWave into a "major outage" across the UK and US after Chevin Fleet Solutions pulled parts of its SaaS platform offline and left customers scrambling for answers.…

Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload

Hackers have been quietly exploiting what appears to be a zero-day in Adobe Acrobat Reader for months, using booby-trapped PDFs to profile targets and decide who's worth fully compromising.…

No emails, no warnings, no humans – just bots, catch-22s, and a 60-day appeals queue

Microsoft says that it will work on how it communicates with developers after two leading open source figures were suddenly locked out of their accounts, leaving them unable to sign updates.…

Wash your mouth out with digital soap

Apple Intelligence, the personal AI system integrated into newer Macs, iPhones, and other iThings, can be hijacked using prompt injection, forcing the model into producing an attacker-controlled result and putting millions of users at risk, researchers have shown.…

Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash

UK-listed oil and gas outfit Zephyr Energy plc has admitted a cyber incident siphoned off roughly £700,000 after a single payment to a contractor was quietly redirected to an attacker-controlled account.…

Even fitness equipment is vulnerable to mischief makers these days

PWNED  Welcome back to Pwned, the column where we share war stories from IT soldiers who shot themselves – or watched someone else shoot themselves – in the foot. Today's tale shows that even when you're setting up something as simple as fitness gear, there's no excuse for leaving security credentials lying around.…

The time is maybe

Quantum computing exists in a sort of superposition with regard to cryptography – it's both a pending threat and a technology of no immediate consequence for decryption.…

If they don't know what they're doing, you might never get your data back

interview  It's the biggest threat today, but it took her a while to appreciate it. After spending two decades at the FBI and much of that time working to intercept and stop cyber threats from the likes of China and Russia, Halcyon Ransomware Research Center SVP Cynthia Kaiser says she was a "latercomer to really wanting to focus on ransomware."…