Despite multiple arrests and talk of retirement, a crew now calling itself Scattered LAPSUS$ Hunters has reemerged with a data-leak site listing about 40 companiesβ Salesforce environments, and is demanding $989.45 to prevent what it claims is about 1B stolen records.
03.10.2025 21:52 β π 2 π 1 π¬ 0 π 0
Ret US Navy Rear Admiral Mark Montgomery said it best: "This policy seems more like theatrics and less like readiness."
03.10.2025 21:47 β π 5 π 0 π¬ 0 π 0
Pentagon relaxes military cybersecurity training
: Beards, body fat, and cyber refreshers now frowned upon
Cybersecurity training, beards, and body fat have something in common, according to the Pentagon. They're not helping the US military fight and win wars.
02.10.2025 23:11 β π 6 π 3 π¬ 3 π 1
Air Force admits SharePoint privacy issue; reports of breach
Exclusive: Uncle Sam can't quit Redmond
SCOOP: The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.
01.10.2025 18:10 β π 5 π 3 π¬ 1 π 0
Suspected Chinese spies broke into 'numerous' enterprises
: Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'
"As more companies scan their systems, we anticipate we'll be hearing about this campaign for the next one to two years," @mandiant.com CTO Charles Carmakal told me via @theregister.com.
24.09.2025 14:35 β π 10 π 6 π¬ 0 π 0
Vegas cops book teen allegedly involved in casino hacks
: Not old enough to drink, old enough to be accused of causing millions in damage
Las Vegas police arrested an unnamed teen accused of breaking into multiple Las Vegas casino networks in 2023, as part of a series of hacks attributed to Scattered Spider.
23.09.2025 19:11 β π 1 π 1 π¬ 0 π 0
SolarWinds patches critical RCE - for the third time
: Or maybe 3 strikes, you're out?
SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could allow a remote, unauthenticated attacker to run commands on a host machine.
23.09.2025 19:04 β π 9 π 3 π¬ 0 π 0
Doesn't sound like the Norks.
19.09.2025 15:46 β π 0 π 0 π¬ 0 π 0
Scattered Spider teen cuffed after crypto splurge on games
: Bad opsec
Perhaps the most incriminating: Somebody took cryptocurrency from a wallet on a server that also held ransom funds and bought gaming gift cards tied to an account in Jubair's name, as well as food-delivery gift cards, which were then used to order takeout to the apartment complex where he lived.
19.09.2025 13:54 β π 0 π 0 π¬ 0 π 0
Scattered Spider gang feigns retirement, breaks into bank
: You didn't really trust the crims to keep their word, did you?
Spiders don't change their stripes. Despite gang members' recent retirement claims, Scattered Spider hasn't exited the cybercrime business and instead has shifted focus to the financial sector, with a recent digital intrusion at a US bank.
17.09.2025 19:05 β π 4 π 2 π¬ 1 π 0
HybridPetya ransomware dodges UEFI Secure Boot
: Although it hasn't been seen in the wild yet
A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass UEFI Secure Boot on Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.
15.09.2025 18:36 β π 2 π 0 π¬ 0 π 0
"We have observed high-confidence account takeovers in multiple entities," as new phishing service makes it really easy for criminals to hijack Google and Microsoft accounts.
11.09.2025 20:42 β π 9 π 6 π¬ 0 π 0
AI-powered penetration tool downloaded 10K times
: Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit
"Like Cobalt Strike, it can be used for legitimate purposes but it is also ready to be used maliciously without expertise needed since it is fully automated," Dan Regalado, principal AI security researcher at Straiker, told me via @theregister.com
11.09.2025 17:24 β π 3 π 0 π¬ 0 π 0
Call audio from gym members, employees in open database
Exclusive: HelloGym's data security clearly skipped leg day
Sensitive info from hundreds of thousands of gym customers and staff β including names, financial details, and potentially biometric data in the form of audio recordings β was left sitting in an unencrypted, non-password protected database, according to a security researcher who shut it down.
09.09.2025 17:42 β π 2 π 0 π¬ 0 π 0
The crazy, true story behind the first AI-powered ransomware
interview: tldr; boffins did it
"This is literally, exactly the code that I wrote, and it's the same functions and the same prompts," NYU engineering student and doctoral candidate Md Raz told me via @theregister.com. "And they think it's a real attack."
08.09.2025 14:51 β π 5 π 4 π¬ 1 π 0
Crims boast of using HexStrike AI against Citrix bugs
: LLMs and 0-days - what could possibly go wrong?
"Like other security frameworks, it can be misused, but it does not include pre-built zero-day exploits," the developer of HexStrike AI told me amid reports of criminals using the red-teaming tool against Citrix NetScaler bugs within hours of disclosure.
03.09.2025 22:55 β π 2 π 1 π¬ 0 π 0
AWS nails Russia's Cozy Bear trying to nick Microsoft creds
: Look who's visiting the watering hole these days
Amazon today said it disrupted an intel-gathering attempt by Russia's APT29 to trick Microsoft users into unwittingly granting the Kremlin-backed cyberspies access to their accounts and data.
29.08.2025 19:59 β π 7 π 3 π¬ 0 π 0
FBI cyber cop: Salt Typhoon pwned 'nearly every American'
: Plus millions of other people across 80+ countries
"There's a good chance this espionage campaign has stolen information from nearly every American," Michael Machtinger, deputy assistant director for the FBI's cyber division, told me via @theregister.com
29.08.2025 00:02 β π 8 π 4 π¬ 1 π 0
First AI-powered ransomware PoC spotted
: Oh, look, a use case for OpenAI's gpt-oss-20b model
ESET malware researchers Anton Cherepanov and Peter Strycek discovered what they describe as the "first known AI-powered ransomware," which they named PromptLock. The good news is that the malware doesn't appear to be fully functional β yet. www.theregister.com/2025/08/26/f...
26.08.2025 22:17 β π 6 π 6 π¬ 0 π 0
ZipLine cyber attack uses White House butler pic
: 'Many dozens' targeted in ongoing campaign, CheckPoint researcher tells The Reg
Cybercriminals are targeting critical US manufacturers and supply-chain companies, looking to steal sensitive IP and other data. Their attack involves a novel twist on phishing β and a photo of White House butlers.
26.08.2025 19:49 β π 2 π 0 π¬ 0 π 0
AWS patches Q Developer after prompt injection, RCE demo
: Move along, nothing to see here
Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.
20.08.2025 22:00 β π 2 π 2 π¬ 0 π 0
Ollama bug allows drive-by attacks - patch now
: Reconfigure local app settings via a 'simple' POST request
A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people's personal computers, spy on their local chats, and even control the models the victim's app talks to. HT to GitLab's Chris Moberly who found the bug.
19.08.2025 23:11 β π 2 π 0 π¬ 0 π 0
When working in a public place like a coffee shop with music playing, does anyone else find it impossible to not sing along?
15.08.2025 21:00 β π 1 π 0 π¬ 0 π 0
Ransomware crews don't care about your EDR
: Some custom malware, some legit software tools
At least a dozen ransomware gangs have incorporated kernel-level EDR killers into their malware arsenal, allowing them to bypass almost every major endpoint security tool on the market, escalate privileges, and ultimately steal and encrypt data before extorting victims into paying a ransom.
14.08.2025 22:53 β π 4 π 2 π¬ 0 π 0
Ex-White House cyber guru talks Microsoft security fails
Comment: Tells The Reg China's ability to p0wn Redmond's wares 'gives me a political aneurysm'
"The Chinese are so well prepared and positioned on Microsoft products that in the event of hostilities, we know for a fact Chinese actors will target our critical infrastructure through Microsoft products," ex-White House cyber and counter-terrorism guru Roger Cressey told me via @theregister.com
08.08.2025 13:43 β π 6 π 3 π¬ 0 π 0
Microsoft Exchange bug can allow 'total domain compromise'
: No reported in-the-wild exploitsβ¦yet
Microsoft and CISA sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange to the cloud.
07.08.2025 18:11 β π 1 π 1 π¬ 0 π 0
Vibe coding tool Cursor allows persistent code execution
: More evidence that AI expands the attack surface
Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a previously approved MCP configuration, silently swapping it for a malicious command without any user prompt.
06.08.2025 16:56 β π 16 π 5 π¬ 0 π 4
Foreign Affairs Journalist | ONEST, Founder
Global News Briefing (M-F)
https://onest.substack.com
LIVE News Recap (M-F, 5p ET) & CURATING CULTURE
https://youtube.com/@onestnetwork
Sun Edition - NO politics
www.onestnetwork.com/sunday
Demography nerd at Pew Research Center
Global religious change, sociology
Lifelong sky watcher β’ Publisher of The Evening Sky Map (PDF) each month since January 2000: skymaps.com/tesm/ β’ Interests: Astronomy outreach β’ Astro-imaging β’ Supernovae |Β Career scientist (retired)
Kym Thalassoudis PhD
Security research and breaking news straight from ESET Research Labs.
welivesecurity.com/research/
Let's find out what happens next
Cyber investigator just trying to protect the Internet. Opinions are my own. (he/him/his) #FinsUp #WetheNorth https://infosec.exchange/@alexfalatovich
https://x.com/afalat55 (but decreasing activity there)
Just a simple information security gnome trying to make his way through the universe. Part-time patch wrangler. Tweets are just my opinion and such. Got questions about patches or bug bounties? My DMs are open. Signal: DustinChilds.17
Identity product manager at AWS, Seattle resident, parent of teenagers
Mom, wife, daughter, and loving but distracted friend. U.S. Senator for Minnesota. Prefers window seats, donuts and MN beer (all together when possible) βοΈ π©πΊ
Dem Strategist. Dad to Cameron and Paxton. https://TheAltMedia.com
https://youtube.com/@adamparkhomenkoshow
MSNBC Senior Political and National Correspondent. Author of Firestorm (2026) and Separated (2020). Executive Producer of Separated, a film by Errol Morris.
A cross-sector partnership developing policy initiatives to drive better solutions for identity verification and authentication. More at betteridentity.org
Professional Dilettante β’ Arcane Artist β’ Fulbrighter β’ Uberskiver β’ βRetiredβ Medievalist β’ Tarotist β’ Owl-Blasted Surrealist | she/her |Dundee & Hudson *Visionary Fuel* https://linktr.ee/katelaity
Dad to two boys, production editor @theregister.com, metalhead, gamer, can't be bothered to post on social media anymore.
I like infosec (esp. threat intelligence), history and philosophy of science and technology, skepticism. Mastodon: http://infosec.exchange/@lippard
Writer, editor, cybersecurity nerd, #author of Self-Care for Cats, #gamer, #disability activist, wheelchair user, recovering journalist, passionate reader of #sff living in Maine.
