Security research news | The Register

REG AD

SECURITY > RESEARCH

Latest research by the infosec community

fake mustache

Kids say they can beat age checks by drawing on a fake mustache

46% say age checks are easy to bypass, and nearly a third admit getting around them

Geolocation glitch

Researchers move in the right direction, develop powerful GPS interference alarm

ORNL says portable detector kit can separate real GPS signals from fake ones even at equal strength

US Marshals perform rooftop surveillance (editorial Use Only.) Pic credit: Elliott Cowand Jr / Shutterstock

Governments on high alert after CISA snuffs out Firestarter backdoor on fed network

Latest in long-running pwning of Cisco kit found in mystery Fed agency

Radiation symbol on keyboard

Researchers find cyber-sabotage malware that may predate Stuxnet by five years

FAST16 could be the first cyberweapon, and its effects could be with us today

REG AD

Another npm supply chain worm is tearing through dev environments

Plus, the payload references 'TeamPCP/LiteLLM method'

macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up

Hear no evil, speak no evil, see no evil - three monkeys coding in the workplace

Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users

Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive

malware

CPUID site hijacked to serve malware instead of HWMonitor downloads

Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers

Apple Intelligence

Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse

Wash your mouth out with digital soap

whatsapp

Don't open that WhatsApp message, Microsoft warns

How to avoid social engineering attacks? Employee training tops the list

chain

Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more

robot

Folk are getting dangerously attached to AI that always tells them they're right

Sycophantic bots coach users into selfish, antisocial behavior, say researchers, and they love it

REG AD

Compromised credentials

Security boffins scoured the web and found hundreds of valid API keys

Global bank's devs have some cleaning up to do after cloud creds found in website code

Dunce cap

Telling an AI model that it’s an expert programmer makes it a worse programmer

Researchers say persona-based prompting can improve works for safety but not for facts

Puppet master

AI agents are 'gullible' and easy to turn into your minions

Zenity CTO demos 0-click AI agent exploits on stage at RSAC

State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns

Darksword is the second iOS exploit chain in a month

robot

Meatbags vs machines: DeepMind plans hackathon to draw line between human and AI brains

What exactly is AGI? Nobody knows, but Google's AI lab is asking for help trying to define it

Girl looking at a glass of water through a magnifying glass

Water company wasted $200k on bad answers from an AI model – so built its own slop filtering system

Rozum orchestrates multiple flaky models and drives them to reasonable conclusions

cluster of binary skulls

Rogue AI agents can work together to hack systems and steal secrets

Prompt like a hard-ass boss who won't tolerate failure and bots will find ways to breach policy

Three criminals in a row

Cybercrime isn't just a cover for Iran's government goons - it's a key part of their operations

Ransomware, malware-as-a-service, infostealers benefit MOIS, too

malware

Fake job applications pack malware that kills endpoint detection before stealing data

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses

Spyware on phone

Spyware disguised as emergency-alert app sent to Israeli smartphones

Steals SMS messages, location data, contacts … and delivers it to Hamas-linked crew

windows user. Pic: Alex Photo Stock / shutterstock

Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal

Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves

US vs Iran

Iran intelligence backdoored US bank, airport, software outfit networks

MOIS-linked MuddyWater crew has a new, custom implant

Injection

Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

AI browsing agent left local files open for the taking

scam

Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Crims hope for payday from malicious payloads rather than stealing access tokens

REG AD

Jake_Braun_DEF_CON_33

Denizens of DEF CON are 'fed up with government'

Jake Braun thinks hackers need to create a 'Digital arsenal of democracy' to defend us all

rat

Double whammy: Steaelite RAT bundles data theft, ransomware in one evil tool

Credential and cryptocurrency theft, live surveillance, ransomware - an attacker's Swiss Army knife

A silhouette walks through a keyhole leaking binary

Suspected Nork digital intruders caught breaking into US healthcare, education orgs

Who is knocking at the Dohdoor?

ransomware

Ransomware payments cratered in 2025, but attacks surged to record highs

Smaller crews piled in as old names splintered and rebranded

shutterstock robot math

AI models suck slightly less at math than they did last year

Latest ORCA test results out

claude

Claude collaboration tools left the door wide open to remote code execution

Anthropic fixed the flaws – but the AI-enabled attack surfaces remain

Illustration of an eye looking at you through binary numbers

LLMs killed the privacy star, we can't rewind, we've gone too far

You'll find these days that there's no hiding place

REG AD

Breaking chain maybe a blockchain

Threat intelligence supply chain is full of weak links, researchers find

And they're being stressed by geopolitical concerns that threaten to slow important data-sharing efforts

Digitized french flag

Attacker gets into France's database listing all bank accounts, makes off with 1.2 million records

PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more

scay_rat_glowing_eyes

Crims create fake remote management vendor that actually sells a RAT

$300 a month buys you a backdoor that looks like legit software

greenwashing and cloudwashing

Don't believe the hyperscalers! AI can't cure the climate crisis

From AI conflation to thin evidence, a new report calls many climate claims greenwashing

android

Android malware taps Gemini to navigate infected devices

For now, it might not function outside of a lab

Caricature

Posting AI-generated caricatures on social media is risky, infosec killjoys warn

The more you share online, the more you open yourself to social engineering

Illustration of a man running alongside binary numbers

Microsoft boffins figured out how to break LLM safety guardrails with one simple prompt

Chaos-inciting fake news right this way

boxing

AV vendor goes to war with security shop over update server scare

eScan lawyers up after Morphisec claimed 'critical supply-chain compromise'

Sulawesi Slender Root-Rat

Everybody is WinRAR phishing, dropping RATs as fast as lightning

Russians, Chinese spies, run-of-the-mill crims …

Cloud brain

Vibe coding may be hazardous to open source

Researchers argue AI coding tools disrupt community and hinder returns to maintainers

robot

AI conference's papers contaminated by AI hallucinations

100 vibe citations spotted in 51 NeurIPS papers show vetting efforts have room for improvement

machine typing

Remember VoidLink, the cloud-targeting Linux malware? An AI agent wrote it

AI + skilled malware developers = security threat

For the price of Netflix, crooks can now rent AI to run cybercrime

Group-IB says crims forking out for Dark LLMs, deepfakes, and more at subscription prices

Bluetooth bug

Fast Pair, loose security: Bluetooth accessories open to silent hijack

Sloppy implementation of Google spec leaves 'hundreds of millions' of devices vulnerable

REG AD

Nicolas Maduro

Chinese spies used Maduro's capture as a lure to phish US govt agencies

What's next for Venezuela? Click on the file and see

cloud

A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'

And it's 'not unique to AWS,' researcher tells The Reg

Hal

Teach an AI to write buggy code, and it starts fantasizing about enslaving humans

Research shows erroneous training in one domain affects performance in another, with concerning implications

Logotypevector http://www.shutterstock.com/gallery-2653510p1.html

New Linux malware targets the cloud, steals creds, and then vanishes

Cloud-native, 37 plugins … an attacker's dream

signs contract

'Imagination the limit': DeadLock ransomware gang using smart contracts to hide their work

New crooks on the block get crafty with blockchain to evade defenses

arrest

Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam

33-year-old was under surveillance for some time before returning home from the UAE

Rotterdam port

Court tosses appeal by hacker who opened port to coke smugglers with malware

Dutchman fails to convince judges his trial was unfair because cops read his encrypted chats

Bandaged man looks resigned

OpenAI putting bandaids on bandaids as prompt injection problems keep festering

Happy Groundhog Day!

Illustration of a cypher-punk robot with a mohawk and general hipster-hype vibe

Yes, criminals are using AI to vibe-code malware

They also hallucinate when writing ransomware code

Fake BSOD

Fake Windows BSODs check in at Europe's hotels to con staff into running malware

Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls

Donald Trump thumbs up photo via Shutterstock

Trump admin sends heart emoji to commercial spyware makers with lifted Predator sanctions

Also, Korean Air hacked, EmEditor installer hijacked, a perfect 10 router RCE vuln, and more

Bombed out ATM

ATM jackpotting gang accused of unleashing Ploutus malware across US

Latest charges join the mountain of indictments facing alleged Tren de Aragua members

car browser

Your car’s web browser may be on the road to cyber ruin

Study finds built-in browsers across gadgets often ship years out of date

stressed exec in server room. pic shutterstock

React2Shell exploitation spreads as Microsoft counts hundreds of hacked machines

Security boffins warn flaw is now being used for ransomware attacks against live networks

dragon

China's Ink Dragon hides out in European government networks

Misconfigured servers are in, 0-days out

Evil Santa

SantaStealer stuffs credentials, crypto wallets into a brand new bag

All I want for Christmas … is all of your data

Image of 5D memory crystal

The future of long-term data storage is clear and will last 14 billion years

SPhotoix moves its 5D Memory Crystal cold storage tech closer to deployment in data centers

10K Docker images spray live cloud creds across the internet

Flare warns devs are unwittingly publishing production-level secrets

Teens standing in a circle looking at their phones

US teens not only love AI, but also let it rot their brains

Yeah, not shocking, but with other studies linking AI to weaker learning and mental-health risks, it’s a worry

robot

As humanoid robots enter the mainstream, security pros flag the risk of botnets on legs

Have we learned nothing from sci-fi films and TV shows?

Man with umbrella shielding himself from binary digits

Novel clickjacking attack relies on CSS and SVG

Who needs JavaScript?

Video glitch

Sorry, but your glitchy connection might have cost you that job

Technical problems on video calls can cause uncanniness, which influences real-world decisions

ransomware

Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites

ReliaQuest finds fresh crop of phishing domains and toxic tickets