Author Archives: John Leyden

Years later, he read about his antagonist doing time for murder On Call  Welcome to another installment of On Call, The Register’s weekly reader-contributed column that tells your tech support tales.… Continue reading Enforcing piracy policy earned helpdesk worker death threats→

Are you a good bot or a bad bot? More than 30 malicious Chrome extensions installed by at least 260,000 users purport to be helpful AI assistants, but they steal users’ API keys, email messages, and other personal data. Even worse: many of these are st… Continue reading 30+ Chrome extensions disguised as AI chatbots steal users’ API keys, emails, other sensitive data→

As if snooping on your workers wasn’t bad enough Your supervisor may like using employee monitoring apps to keep tabs on you, but crims like the snooping software even more. Threat actors are now using legit bossware to blend into corporate networks an… Continue reading Who’s the bossware? Ransomware slingers like employee monitoring tools, too→

Flaw abused ‘in an extremely sophisticated attack against specific targeted individuals’ Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an “extremely sophisticated attack” against targeted i… Continue reading Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware→

Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle Cybercriminals are turning supply chain attacks into an industrial-scale operation, linking breaches, credential theft, and ransomware into a “self-rei… Continue reading Supply chain attacks now fuel a ‘self-reinforcing’ cybercrime economy→

Whoever gets it will steer UK department’s IT, AI strategy, and megabucks vendor deals The UK Ministry of Defence (MoD) is offering between £270,000 to £300,000 for a senior digital leader who will oversee more than £4.6 billion in spending and more th… Continue reading Feeling brave? Ministry of Defence seeks £300K digital boss to manage £4.6B spend→

Meanwhile, IP-stealing ‘distillation attacks’ on the rise A Chinese government hacking group that has been sanctioned for targeting America’s critical infrastructure used Google’s AI chatbot, Gemini, to auto-analyze vulnerabilities and plan cyberattack… Continue reading Google: China’s APT31 used Gemini to plan cyberattacks against US orgs→

Businesses are embedding prompts that produce content they want you to read, not the stuff AI makes if left to its own devices Amid its ongoing promotion of AI’s wonders, Microsoft has warned customers it has found many instances of a technique that ma… Continue reading Microsoft warns that poisoned AI buttons and links may betray your trust→

Add-ons with 37M installs leak visited URLs to 30+ recipients, researcher says They know where you’ve been and they’re going to share it. A security researcher has identified 287 Chrome extensions that allegedly exfiltrate browsing history data for an … Continue reading Devilish devs spawn 287 Chrome extensions to flog your browser history to data brokers→

The more you share online, the more you open yourself to social engineering If you’ve seen the viral AI work pic trend where people are asking ChatGPT to “create a caricature of me and my job based on everything you know about me” and sharing it to soc… Continue reading Posting AI-generated caricatures on social media is risky, infosec killjoys warn→