Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
Cloudflare teams up with big browsers to help websites tell bots from people
Cloudflare on Monday said that it has joined with the three leading commercial browser makers to create a privacy-preserving protocol that websites can use to separate desirable web traffic from undesirable network requests. Cloudflare, along with Google Chrome, Microsoft Edge, and Mozilla Firefox, have committed to develop Private Access Control Tokens (PACTs), a way for websi
Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign
Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.
How dare you stop data loss – that's not your job!
WHO, ME? The world of work is weird, so The Register records the worst of it every Monday in a reader-contributed column we call "Who, Me?" in which you admit to mistakes, and reveal your escapes. This week, meet a reader we'll Regomize as "Terry" who told us of a summer job he worked in the 1980s. "It was at a municipal IT facility, and everyone had a specific job to do, and w
Bcachefs exits experimental status in new 'performance release'
bcachefs boss Kent Overstreet has announced version 1.38.6 of the Linux filesystem, dubbing it “the performance release” and declaring the project is no longer experimental. The new code is ostensibly a relatively modest point release, but is noteworthy as it’s only the second release this year that project leader Kent Overstreet has described on his Patreon blog. His latest po
Stressors, AI Forcing Changes to Cybersecurity Teams
As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.
Operation Escaneo Signals Shift in LatAm Threat Landscape
The threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two.
Novo Nordisk Breach Exposes Software Development Pipeline Risk
A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.
FIFA Bug Exposed World Cup Streams to Remote Takeover
A hacker could have "Rickrolled" the World Cup — or worse — thanks to FIFA's unenforced Entra access controls.
Salesforce Data Thefts Continue via Klue App Compromise
Klue's Battlecards is now the third integrated application that has been compromised to steal customers' Salesforce data, and victims include Huntress, the cybersecurity vendor.
Get Out of Security Debt by Tackling the Exposure Problem
Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way?
Oracle support timelines for Fusion Middleware tighter than expected
Oracle has shocked its customers by releasing new end-of-life conditions for its middleware products that thousands of large organizations rely on in their enterprise application deployments. In a missive published online earlier this month, Big Red warned that support for the widely used Oracle Fusion Middleware 12c Release 2 was approaching a “critical milestone.” Top-level P
EU Gets a Head Start in Developing 6G Network Security
"Shield-6G" will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow.
AIGit good with Epic Games' new open source VCS, Lore
Epic Games has open-sourced Lore, a centralized version control system originally developed as Unreal Revision Control for internal use and Fortnite development. Unlike Git and other VCS solutions, Lore treats binary files and text files as equals, making it purpose-built for game developers and other teams working with large binary assets alongside code. The system is released under the permissiv
AIINC Ransomware Thrives by Mastering the Basics
INC ransomware group has achieved success by focusing on fundamental attack strategies rather than sophisticated techniques. The group strategically targets sectors like healthcare where operational disruptions create urgent pressure to pay ransoms quickly, maximizing their likelihood of payment.
AISweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices
A large-scale credential-harvesting campaign has compromised over 30,000 Fortinet devices globally, with attackers successfully compiling working credentials across multiple sectors in nearly 200 countries. The active threat represents a significant security risk for enterprise organizations relying on Fortinet infrastructure for network security.
AIApple's WebKit performance tax leaves iOS browsers stuck in the slow lane, says Microsoft
Microsoft research reveals that Apple's requirement for iOS browsers to use the WebKit engine creates a 28.6% performance penalty compared to Chromium-based alternatives. While the EU's Digital Markets Act theoretically allows alternative browser engines on iOS, no browser maker has launched one due to technical barriers and onerous compliance requirements Apple has imposed. The findings add to gr
AIUK Social Media Ban for Minors Has Privacy Experts Worried
The UK government plans to implement a ban prohibiting users under 16 from accessing user-to-user social media platforms, a move that has raised significant concerns among privacy experts. The policy faces technical challenges around age verification mechanisms and potential privacy implications for both minors and adults who must prove their age.
AISecurity Community Slams US Ban on Exporting Mythos, Fable
Security experts have signed an open letter urging the US government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 AI models. The ban has drawn criticism from the security community, who argue against limiting access to these advanced language models.
AIFileless Phantom Stealer Targets Browser Credentials
A new fileless malware variant called Phantom Stealer has emerged targeting browser credentials through memory-only execution. The malware employs sophisticated anti-analysis techniques throughout its infection chain to evade detection by security tools, representing an evolution in credential theft tactics.