Enough with the AI FOMO, go slow-mo, says Domo CDO
You're not the only one annoyed by the hype
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. [...]
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vu…
Classic 7 is Windows 10 LTSC cosplaying as Windows 7
Uncanny rebuild resurrects the 2009 desktop, complete with support, updates, and licensing questions
Wanted: Digital chief for England's schools. Must enjoy data, AI, and concrete problems
Are you ready to RAAC?
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our inv…
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, tell…
AI-generated code is 'pain waiting to happen'
The boom is piling up technical debt, warns Lightrun's Moshe Sambol
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into …
Cloud-managed earbuds sound strange - as a concept, and on a plane
The Register tests Dell’s first attempt at outplaying Apple’s AirPods
Russian hackers turn Kazuar backdoor into modular P2P botnet
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and da…
Europe built sovereign clouds to escape US control. Then forgot about the processors
Intel ME and AMD PSP: The silicon layer nobody certifies
PoC Code Published for Critical NGINX Vulnerability
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability ap…
One in seven Brits swapped their GP for ChatGPT, study finds
Patients are using chatbots for medical advice, while the NHS is still debating where AI belongs
Friday Squid Blogging: Bigfin Squid
Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Google reimburses Register sources who were victims of API fraud
But it's holding fast on auto-expanding customers' budgets
Datacenters slurping up so much juice they boosted prices 75% in largest US energy market
BYO power for AI bit barns may be the best way to ease the problem, says energy watchdog
Git is unprepared for the AI coding tsunami
An influx of agents is pushing GitHub to the brink
AI agents show they can create exploits, not just find vulns
Mythos and GPT-5.5 muscle out the competition
Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]
LocalSend puts your sneakernet out of business
Like AirDrop, minus the Apple lock-in
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Win…
Microsoft puts stability in the driver's seat with new initiative
User interface tweaks are nice, but reliable drivers matter more
HN827: When Buffers Attack: Understanding Buffers to Better Diagnose Network Weirdness
Today’s episode covers buffers, the space between ingress and egress where a packet might have to live for a fraction of a second if the egress port is tied up transmitting other p…
Popular node-ipc npm package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting n…
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for steal…
Google sidles up to unsuspecting users, asks for their number
You may only get 5GB of storage instead of 15GB if you don't share your digits with the Chocolate Factory
Avada Builder WordPress plugin flaws allow site credential theft
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive infor…
In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. The po…
Microsoft backpedals: Edge to stop loading passwords into memory
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was "by design." [.…