Latest news as of 9/22/2025, 4:56:49 AM
The Register
Don't worry, there's a twist at the end Agatha Christie stuck a dagger in the notion that crime doesn't pay. With sales of between two and four billion books – fittingly, the exact number is a mystery – she built a career out of murder that out-bloodied Jack the Ripper. It's a fair bet that had she chosen to write about accountancy fraud instead, her sales would be between two and four billion fewer. Some crime is sexy. Some is not.… Opinion
Have I Been Pwned
In August 2025, over 1M unique email addresses appeared in a breach allegedly obtained from Italian fashion designer Giglio. The data also included names, phone numbers and physical addresses. Giglio did not respond to repeated attempts to disclose the incident.
The Register
Trust and believe – AI models trained to see 'legal' doc as super legit Researchers at security firm Pangea have discovered yet another way to trivially trick large language models (LLMs) into ignoring their guardrails. Stick your adversarial instructions somewhere in a legal document to give them an air of unearned legitimacy – a trick familiar to lawyers the world over.…
Graham Cluley
Spanish police have arrested a suspected hacker for accessing a government website in order to alter the high school and university entrance exam grades of not only himself, but also some of his closest classmates. Read more in my article on the Hot for Security blog.
The Hacker News
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT. The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures
The Register
Sites at yourcountry.gov may also not bother with HTTPs Internet traffic to government domains often flows across borders, relies on a worryingly small number of network connections, or does not require encryption, according to new research.…
The Register
PLUS: Microsoft ends no-MFA Azure access; WorkDay attack diverts payments; FreePBX warns of CVSS 10 flaw; and more A flaw in Meta's WhatsApp app “may have been exploited in a sophisticated attack against specific targeted users.”… Infosec In brief
Bleeping Computer
OpenAI is working on a new feature called the Thinking effort picker for ChatGPT. [...]
Bleeping Computer
Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. [...]
The Hacker News
Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes. "In this incident, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of creating a