โŒ

Normal view

There are new articles available, click to refresh the page.
Today โ€” 6 December 2025Main stream

Death to one-time text codes: Passkeys are the new hotness in MFA

โœ‡The Register
By: Jessica Lyons
6 December 2025 at 04:11

Wanna know a secret?

Whether you're logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to enter a second or third proof of identity. However, not all forms of MFA are created equal, and the one-time passwords orgs send to your phone have holes so big you could drive a truck through them.โ€ฆ

Yesterday โ€” 5 December 2025Main stream

Cloudflare blames Friday outage on borked fix for React2shell vuln

โœ‡The Register
By: Jessica Lyons
5 December 2025 at 16:46

Security community needs to rally and share more info faster, one researcher says

Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a widespread outage early Friday, to patch React2Shell.โ€ฆ

Before yesterdayMain stream

Twins who hacked State Dept hired to work for gov again, now charged with deleting databases

โœ‡The Register
By: Jessica Lyons
4 December 2025 at 14:48

And then they asked an AI to help cover their tracks

Vetting staff who handle sensitive government systems is wise, and so is cutting off their access the moment they're fired. Prosecutors say a federal contractor learned this the hard way when twin brothers previously convicted of hacking-related offenses allegedly used lingering access to delete nearly 100 government databases, including systems tied to Homeland Security and other agencies, within minutes of being terminated.โ€ฆ

'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole

โœ‡The Register
By: Jessica Lyons
3 December 2025 at 16:55

Finish reading this, then patch

A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.โ€ฆ

Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spyware

โœ‡The Register
By: Jessica Lyons
1 December 2025 at 14:14

And some are still active in the Microsoft Edge store

A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, including backdoors and spyware sending people's data to servers in China. And, according to Koi researchers, five of the extensions with more than 4 million installs are still live in the Edge marketplace.โ€ฆ

Ex-CISA officials, CISOs dispel 'hacklore,' spread cybersecurity truths

โœ‡The Register
By: Jessica Lyons
24 November 2025 at 15:01

Don't believe everything you read

Afraid of connecting to public Wi-Fi? Terrified to turn your Bluetooth on? You may be falling for "hacklore," tall tales about cybersecurity that distract you from real dangers. Dozens of chief security officers and ex-CISA officials have launched an effort and website to dispel these myths and show you how not to get hacked for real.โ€ฆ

Years-old bugs in open source tool left every major cloud open to disruption

โœ‡The Register
By: Jessica Lyons
24 November 2025 at 10:23

Fluent Bit has 15B+ deployments โ€ฆ and 5 newly assigned CVEs

A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.โ€ฆ

โŒ
โŒ