The Register – Security

Staff data belonging to the regulator and judiciary’s governing body accessed The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days.…

Moving 40% of semiconductor production to America is ‘impossible’ says vice premier Taiwan’s vice-premier has ruled out relocating 40 percent of the country’s semiconductor production to the US, calling the Trump administration’s goal “impossible.”…

Security devs forced to hide Boolean logic from overeager optimizer FOSDEM 2026  The creators of security software have encountered an unlikely foe in their attempts to protect us: modern compilers.…

Average Swiss salaries dwarf those on offer across the rest of the continent European techies looking for the biggest payday are far better off in Switzerland than anywhere else, with average salaries eclipsing all other countries on the continent.…

Officials explore issue affecting infrastructure after CERT-EU detected suspicious activity Brussels is digging into a cyber break-in that targeted the European Commission’s mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff.…

PLUS: China broadens cryptocurrency crackdown; Australian facial recognition privacy revisited; Singapore debuts electric VTOL; and more! Asia In Brief  The Commissioner of Police in the Indian city of Hyderabad, population 11 million, has called for AI agents to be issued with identity cards – or at least their digital equivalent.…

PLUS: OpenClaw teams with VirusTotal; Crypto kidnappings in France; Critical vulns at SmarterMail; And more Infosec In Brief  So-hot-right-now AI assistant OpenClaw, which is very much not secure right now, has teamed up with security scanning service VirusTotal.…

Research shows productivity and judgment peak decades after graduation A growing body of research continues to show that older workers are generally more productive than younger employees.…

Attackers may have snapped user locations and activity information, message warns Legacy image-sharing website Flickr suffered a data breach, according to customer emails seen by The Register.…

UK leaps to sixth in global flood charts as mega-swarm unleashes 31.4 Tbps Yuletide pummeling Cloudflare says DDoS crews ended 2025 by pushing traffic floods to new extremes, while Britain made an unwelcome leap of 36 places to become the world’s sixth-most targeted location.…

The end isn’t nigh after all Chrome’s latest revision of its browser extension architecture, known as Manifest v3 (MV3), was widely expected to make content blocking and privacy extensions less effective than its predecessor, Manifest v2 (MV2).…

Skills marketplace is full of stuff – like API keys and credit card numbers – that crims will find tasty Another day, another vulnerability (or two, or 200) in the security nightmare that is OpenClaw.…

Contact details were accessed in an intrusion that went undetected for months, the blogging outfit says Newsletter platform Substack has admitted that an intruder swiped user contact details months before the company noticed, forcing it to warn writers and readers that their email addresses and other account metadata were accessed without permission.…

And their toolkit includes a new, Linux kernel rootkit A state-aligned cyber group in Asia compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, according to security researchers.…

Breach-tracking site flags dataset following impersonation-based intrusion Breach-tracking site Have I Been Pwned (HIBP) claims a cyberattack on Betterment affected roughly 1.4 million users – although the investment company has yet to publicly confirm how many customers were affected by January’s intrusion.…

Right on cue, petulant hacktivists attempt to disrupt yet another global sporting event Italy’s foreign minister says the country has already started swatting away cyberattacks from Russia targeting the Milano Cortina Winter Olympics.…

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes.…

Businesses still chase the cheapest option, but politics and licensing shocks are changing priorities, says OpenNebula Systems Interview  Sovereignty remains a hot topic in the tech industry, but interpretations of what it actually means – and how much it matters – vary widely between organizations and sectors. While public bodies are often driven by regulation and national policy, the private sector tends to take a more pragmatic, cost-focused view.…

It’s a threat straight out of sci-fi, and fiendishly hard to detect Sleeper agent-style backdoors in AI large language models pose a straight-out-of-sci-fi security threat.…

Picks chap who used to lead Redmond’s security, lures replacement from Google Microsoft CEO Satya Nadella has decided Microsoft needs an engineering quality czar, and shifted Charlie Bell, the company’s executive veep for security, into the new role.…

LLMs automated most phases of the attack UPDATED  A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.…

US agencies told to patch by Friday Attackers are exploiting a critical SolarWinds Web Help Desk bug – less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That’s according to America’s lead cyber-defense agency, which set a Friday deadline for federal agencies to patch the security flaw.…

Gang walks away with nothing, victims are left with irreparable hypervisors Cybersecurity experts usually advise victims against paying ransomware crooks, but that advice goes double for those who have been targeted by the Nitrogen group. There’s no way to get your data back from them!…

Affected police officers squeezed mental health services, relocated over safety fears Police Service of Northern Ireland (PSNI) employees who had their details exposed in a significant 2023 data breach will each receive £7,500 ($10,279) as part of a universal offer of compensation.…

As analyst house Gartner declares AI tool ‘comes with unacceptable cybersecurity risk’ and urges admins to snuff it out If you’re brave enough to want to run the demonstrably insecure AI assistant OpenClaw, several clouds have already started offering it as a service.…

Don’t relax: This is a ‘when, not if’ scenario AI agents and other systems can’t yet conduct cyberattacks fully on their own – but they can help criminals in many stages of the attack chain, according to the International AI Safety report.…

Too slow react-ion time Baddies are exploiting a critical bug in React Native’s Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven’t received the “broad public acknowledgement” that they should, according to security researchers.…

GreyNoise’s Glenn Thorpe counts the cost of missed opportunities On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that’s a problem.…

Algorithmic bias probe continues, CEO and former boss summoned to defend the platform’s corner French police raided Elon Musk’s X offices in Paris this morning as part of a criminal investigation into alleged algorithmic manipulation by foreign powers.…

Azure Storage now requires version 1.2 or newer for encrypted connections Today is the day Azure Storage stops supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). TLS 1.2 is the new minimum.…