❌

Normal view

Received β€” 27 April 2026 ⏭ The Register – Security
Received β€” 26 April 2026 ⏭ The Register – Security

ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface

24 April 2026 at 17:35

Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records

Carnival Corporation, the world's largest cruise company, is dealing with choppy waters after Have I Been Pwned flagged what it claimed were 7.5 million unique email addresses all allegedly tied to one of its subsidiaries. …

It's a myth that you need Mythos to find bugs: Open source models can do it just as well

24 April 2026 at 13:41

OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs

Black Hat AsiaΒ  Open source models can find bugs as effectively as Anthropic's Mythos, according to Ari Herbert-Voss, CEO of AI-powered security startup RunSybil and OpenAI's first security hire.…

UK gov pays public Β£550 to discuss Digital ID – then bans journalists from the room

24 April 2026 at 10:30

Nothing says 'We want honest opinions' like a 36,000-letter mailshot with no awkward questions allowed

Members of the UK government’s People’s Panel on Digital ID will spend two weekends in Birmingham and three evenings on Zoom discussing how Britain should build a national digital identity system, earning Β£550 plus expenses for their trouble.…

Researchers find cyber-sabotage malware that may predate Stuxnet by five years

24 April 2026 at 08:56

FAST16 could be the first cyberweapon, and its effects could be with us today

Black Hat AsiaΒ  Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics simulation software and therefore represents an attempt at sabotage, and suggests it was created years before the Stuxnet worm that aimed to destroy Iran’s uranium enrichment centrifuges.…

Weak security means attackers could disable all of a city's public EV chargers

24 April 2026 at 06:10

Demonstrated in China, probably applicable elsewhere

Black Hat AsiaΒ  Developers of rented internet of things infrastructure – stuff like public EV chargers and shared e-bikes – are prioritizing user convenience over security, and leaving themselves exposed to wide-scale denial of service attacks on their services.…

Received β€” 23 April 2026 ⏭ The Register – Security

Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn

23 April 2026 at 21:25

All the Typhoons, everywhere, all at once

A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data, and disrupt victim organizations’ operations, according to a joint 10-country advisory.…

American farms have a new steward for their safety net, disaster programs... Palantir

23 April 2026 at 15:26

Wins $300M deal over Salesforce, IBM because of 'integration with existing USDA systems,' among other things

Palantir has won a $300 million contract from the US Department of Agriculture (USDA) to support the National Farm Security Action Plan (NFSAP) and modernize how USDA delivers services to America's farmers.…

Hybrid clouds have two attack surfaces and you’re not paying enough attention to either

23 April 2026 at 14:15

Windows Admin Center flaws mean on-prem can attack cloud, and vice-versa

Black Hat AsiaΒ  Israeli researchers found a series of flaws in Microsoft's Windows Admin Center (WAC) and suggest this shows hybrid cloud management tools are a two-way attack surface that users don't spend enough time worrying about.…

❌