@www.theregister.com.security.research@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Biting the hand that feeds IT — Enterprise Technology News and Analysis
Site URL: www.theregister.com/security/research/
Feed URL: www.theregister.com/security/research/headlines.atom
Posts: 12
Followers: 1
Researchers find cyber-sabotage malware that may predate Stuxnet by five years
https://go.theregister.com/feed/www.theregister.com/2026/04/24/fast16_sabotage_malware/
Published: April 24, 2026 06:56
FAST16 could be the first cyberweapon, and its effects could be with us today Black Hat Asia Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics simulation software and therefore represents an attempt at…
Weak security means attackers could disable all of a city's public EV chargers
https://go.theregister.com/feed/www.theregister.com/2026/04/24/rentable_iot_security_flaws/
Published: April 24, 2026 04:43
Demonstrated in China, probably applicable elsewhere Black Hat Asia Developers of rented internet of things infrastructure – stuff like public EV chargers and shared e-bikes – are prioritizing user convenience over security, and leaving themselves exposed…
Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
https://go.theregister.com/feed/www.theregister.com/2026/04/20/lovable_denies_data_leak/
Published: April 21, 2026 02:50
A lesson in how not to respond to vulnerability reports UPDATED Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat…
Anthropic: All your zero-days are belong to Mythos
Published: April 7, 2026 23:50
Hasn't released it to the public, because it would break the internet - in a bad way For years, the infosec community’s biggest existential worry has been quantum computers blowing away all classical encryption and revealing the world’s secrets. Now they…
Don't open that WhatsApp message, Microsoft warns
https://go.theregister.com/feed/www.theregister.com/2026/03/31/whatsapp_message_bad_msi_packages/
Published: March 31, 2026 21:18
How to avoid social engineering attacks? Employee training tops the list Be careful what you click on. Miscreants are abusing WhatsApp messages in a multi-stage attack that delivers malicious Microsoft Installer (MSI) packages, allowing criminals to…
Security boffins scoured the web and found hundreds of valid API keys
https://go.theregister.com/feed/www.theregister.com/2026/03/27/security_boffins_harvest_bumper_crop/
Published: March 27, 2026 07:04
Global bank's devs have some cleaning up to do after cloud creds found in website code Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages.…
Scammers have virtual smartphones on speed dial for fraud
https://go.theregister.com/feed/www.theregister.com/2026/03/25/virtual_smartphones_fraud/
Published: March 25, 2026 20:25
They cleverly mimic most traits of a real phone Smartphones have fast become the basis of our digital identities, securing payment systems and bank accounts. Now virtual devices that pretend to be real handsets have become a key tool for financial…
1K+ cloud environments infected following Trivy supply chain attack
Published: March 24, 2026 20:31
Crims 'creating a snowball effect' across open source projects RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that…
Claude attacks were 'Rorschach test' for infosec community, scaring former NSA boss
Published: March 23, 2026 22:50
'It freakin' worked' says Rob Joyce - and shows how relentless AI agents can find holes humans miss RSAC 2026 The now-infamous Anthropic report about Chinese cyberspies abusing Claude AI to automate cyberattacks was a Rorschach test for the infosec…
Smooth criminals talking their way into cloud environments, Google says
https://go.theregister.com/feed/www.theregister.com/2026/03/23/voice_phishing_skyrockets_as_smooth/
Published: March 23, 2026 22:45
Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins RSAC 2026 Voice phishing surged last year to become the second most common method used by cybercriminals to gain initial access to their victims'…
Lightning-fast exploits make it essential to patch fast, ask questions later
Published: March 23, 2026 20:42
Here's where you ought to spend your security billable hours budget this year Strengthen your MFA policies, double-down on anti-phishing training, and for Jobs' sake, patch all your vulns right away. The past year of intelligence collected by Cisco's Talos…
State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns
https://go.theregister.com/feed/www.theregister.com/2026/03/18/darksword_exploit_kit_steals_iphone/
Published: March 18, 2026 21:39
Darksword is the second iOS exploit chain in a month A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by "multiple" spyware vendors and suspected nation-state goons, security researchers said on Wednesday.…