Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online.

Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.

And the earlier React2Shell patch is vulnerable If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it should patch quickly.

Executive order sidesteps Congress and sets up Litigation Task Force President Trump and his patrons in big tech have long wanted to block states from implementing their own AI regulations. After failing twice to do so in Congress, the US president has issued an executive order that would attempt to punish states that try to restrain the bot business.

Protests force disclosure of costs totaling $16,000 per student over 7 year rollout replacing 80 legacy systems The total cost of a Workday implementation project at Washington University in St. Louis is set to hit almost $266 million, it was revealed after the project was the subject of protests from students.

It's getting crowded up there Earth's orbit is starting to look like an LA freeway, with m

Bank sketches four scenarios in which monetization falters or demand swamps supply by 2030 Goldman Sachs warns that datacenter investments may fail to pay off if the industry is unable to monetize AI models, but hedges its bets by saying that demand could also overwhelm available capacity by 2030.

Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.

Competition Appeal Tribunal to decide if multibillion-pound overcharging case can go to trial Stop us if you've heard this one before. Microsoft is in court regarding allegedly sharp software licensing practices.

Rights groups say digital-only record is leaking data and courting trouble Civil society groups are urging the UK's data watchdog to investigate whether the Home Office's digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and design failures that are exposing sensitive personal information while leaving migrants unable to prove their lawful status.

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state- linked crews Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain- basement cryptominers to state-linked intrusion tooling.

Analysts say the shift offers stability, but embedded usage caps ensure vendors keep control Salesforce CEO Marc Benioff last week came closer to answering a multibillion-dollar question when he said seat-based pricing with some caveats was becoming the norm for its AI agents after flirting with pricing based on consumption and per-conversation payments.

Replacement rollout plagued by bad data and missing features, says watchdog Despite completing its rollout of a new case management system, Home Office caseworkers are still referring back to data in a 25-year-old legacy system when processing asylum claims, according to a public spending watchdog.

Getting that confession took hours, during which L1 and L2 support gave up On Call Welcome once more to On Call, the Friday column in which we share stories of tech support incidents that went pear-shaped until cunning Reg readers stepped in to save the day.

Forum site says its potentially more harmful to users who dont log in Forum site Reddit has filed a case that seeks to exempt itself from Australias ban on children under 16 holding social media accounts.

Judge said his fraud was on 'epic, generational scale' Terraform Labs founder Do Kwon will spend 15 years in jail after pleading guilty to committing fraud.

Chips n code giant sitting on $50bn of custom AI accelerator orders, sees more to come Silicon photonics wont matter in the datacenter anytime soon, according to Broadcom CEO Hock Tan.

The dream of electric sheep gets a reality check from Moores Law You want artificial general intelligence (AGI)? Current-day processors aren't powerful enough to make it happen and our ability to scale up may soon be coming to an end, argues well-known researcher Tim Dettmers.

Broadcom told The Register that EMEA customers need to check with their local dealer to see if VVF remains on the menu Exclusive Broadcom has recently killed off VMware vSphere Foundation in parts of EMEA, the company told The Register , dealing a blow to smaller customers, one of whom told us they would likely switch to a rival hypervisor as a result.

Operators accidentally left a way for you to get your data back CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There's some bad news and some good news here.

Org argues that the approval process was flawed and regulators should have known better A trade group of European cloud providers has laid into the European Commissions decision to allow the VMware-Broadcom merger to go ahead, alleging that it failed to assess the infrastructure and semiconductor companys incentives to massively raise prices on customers.

So far, Overview Energy says it has only beamed power from a moving aircraft to standard solar panels You can't generate solar power at night unless your panels are in space. A startup that wants to beam orbital sunlight straight into existing solar farms has just emerged from stealth, claiming a world- first power-beaming demo, but with a lot of critical information left unreported.

No details, no CVE, update your browser now Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world's most popular browser's eighth zero-day bug of 2025.

UK data regulator says failures were unacceptable for a company managing the world's passwords The UK's Information Commissioner's Office (ICO) says LastPass must cough up 1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to 1.6 million UK users.

Preserving not just updates, but also lots of the now-deleted optional extras Legacy Update was already extremely useful if you chose to disembark from Microsoft's upgrade railroad. Now it's even more so.

Eight-hour EVA was also first outing for new spacesuits A pair of taikonauts ventured outside China's Tiangong space station this week to take a closer look at the cracked viewport window of the Shenzhou-20 vehicle.

Skills gained later fed Beijing's cyber operations, according to SentinelLabs expert A security researcher specializing in tracking China threats claims two of Salt Typhoon's members were former attendees of a training scheme run by Cisco.

DOE lays out $320M plan for science platform linking national labs, industry, and academia President Trump's "Genesis Mission" is taking shape with the award of more than $320 million from the Department of Energy (DOE) to advance AI in scientific research.

Copilot your cuddly companion for nighttime introspection Microsoft analyzed 37.5 million de-identified Copilot conversations from January to September 2025, excluding commercial and educational accounts. The findings reveal distinct usage patterns based on device, time, and day.

Flare warns devs are unwittingly publishing production-level secrets Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500 firm and a major bank.

Aerospace giant faces 'massive work' to move legacy ERP systems to S/4HANA as support deadline looms Exclusive Airbus is undertaking a major overhaul to migrate its sprawling SAP environment to S/4HANA and potentially to the cloud as the aerospace giant grapples with the same deadline pressures facing thousands of enterprise customers worldwide.

Workers frustrated with security-first changes to workflows and teething issues Exclusive Seven months after a landmark cyberattack, the UK's Legal Aid Agency (LAA) says it's returning to pre-breach operations, although law firms are still wrestling with bu

Proposes central body to collect royalties and dole out cash to creators The government of India wants AI companies to pay for accessing content they use to train models, but only once they start producing revenue.

Chute opened early and snagged on a stabilizer VIDEO An Australian parachuting club has been told to improve the software it uses to manage jumps, after an accident in which a jumpers chute hooked on an aircrafts tailplane.

Didnt phone home as expected on December 6th and nobody knows why Houston, we have a problem: NASA has lost contact with the Mars Atmosphere and Volatile EvolutioN (MAVEN) spacecraft.

Blame changed market conditions and attitudes, not the return of Nvidia's H200 to China Chinese tech giants Hygon and Sugon have called off their planned merger.

But if you assume cloud IOUs will be fulfilled, business is booming Oracle expects its FY 2026 capital expenditures will be $15 billion higher that previously predicted, as the cloudy database biz invests to accommodate AI workloads.

Publishers now have more comprehensive tools for managing automated content harvesting Most big AI providers scrape the open web, hoovering up content to improve their chatbots, which then compete with publishers for the attention of internet users. However, more AI orgs might have to pay up soon, because the Really Simple Licensing (RSL) spec has reached version 1.0, providing guidance on how to set machine-readable rules for crawlers.

Meet 'ShipOS' Palantir and the US Navy have signed a two-year deal to test whether its Foundry operational software can streamline the nations shipbuilding efforts and steer the Secretary of the Navy's top budget priority into port.

If you opt in to the paid service that is Nvidia is developing a new inventory management service that could be used by customers to verify the location of their existing GPU stockpiles.